Jump to content

Search the Community

Showing results for tags 'malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. MB hit 25,000 comprised mainly with about 6 malware - including: stolen.data, PUP.Funshion, trojan.agent.ua, rougue.agent.sa. The malware names are valid enough. I'm not sure this is an actual malware detection or some sort of false positive. 25,000 hits is very unusual and I'm having adifficulty in finding a hit searching online. TIA Jeremy
  2. Hello~ I've been recently getting a random advertisement / music playing in the background coming from absolutely nothing. I've tried restarting numerous times, and even restored to an earlier point in time 3 times lol. It was proven no help and continued to make the random audio. I suspected it to be a virus/ malware so i ran numerous tests with spybot, malwarebytes, ccleaner and many more. I've also detected a babylon and managed to partially get rid of it. ( not quite sure if its fully removed because it is still in firefox about:config and some files continue to come back even after countless resets. And on IE i was able to disable babylon from search provider, but was unable to delete it). Im not quite sure if babylon has anything to do with this =/ , but if you could plz help me get to the bottom of this, itd rly help alot~ As you may already know, i dont know too much about computers =/ so a step by step direction would be greatly appreciated TY~ Also a system recovery is not responding and will not load for some reason =/
  3. My Microsoft Security Essentials wasn't working and I scanned m computer with MalwareBytes Anti-Malware and it detected several viruses. This is what it lists: Rootkit.0Access Trojan.Dropper.BCMiner Rootkit.0Access Trojan.Sirefef Everytime I removed them with Malwarebytes Anti-Malware only to find that every time I perform a nother scan they are still present. If anyone could help me that would be amazing.
  4. My Microsoft Security Essentials stopped working and Malwerebyte Anti-Malware detected several viruses, I removed them but ever time I boot back up and run a scan they don't seem to have been deleted and are back. I hope someone can help me with my problem as I don't know what to do.
  5. My wife downloaded some malware. I had Microsoft Security Essentials running in the background, but it did not catch it then or after scanning my computer. The malware typically would reroute a websearch at Google to a website called Newsfudge. After restarting my computer I cannot run in normal mode, it's too slow, and actually freezes up after 30 seconds after windows is all booted up. I can run safe mode just fine. I installed Malwarebytes and it found three files that needed to be removed. My computer still freezes after boot up. I read that you no longer use HiJackThis. So, I ran the MalwareBytes tool and these are my results: DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 Run by Chris at 21:28:48 on 2012-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.3185 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\NOTEPAD.EXE C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN mStart Page = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background uRun: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [dysiap] rundll32.exe "C:\Users\Chris\AppData\Roaming\dysiap.dll",FileCreate uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 TCP: Interfaces\{8B659D86-C6E6-4607-AC33-8014EC4846CD} : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E} : DhcpNameServer = 208.180.42.68 208.180.42.100 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E}\24F696E676F60284F6473707F647 : DhcpNameServer = 10.1.0.1 66.103.64.5 66.103.80.4 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E}\3747275676963786F6573747F6E6765756374727F6F6D6 : DhcpNameServer = 4.2.2.1 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E}\442716B65686F6D656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E}\841435D2743747 : DhcpNameServer = 4.2.2.2 4.2.2.1 10.28.54.45 10.28.55.20 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E}\84562726023557464656E6C496E6B6 : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{917ADF30-AF7E-4E4A-AE06-41E500A3685E}\D45646963616C602D496C6560275966696 : DhcpNameServer = 97.64.183.164 97.64.209.37 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll BHO-X64: EgisPBIE - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll mRun-x64: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] S1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] S1 EgisTecFF;EgisTecFF;C:\windows\system32\DRIVERS\EgisTecFF.sys --> C:\windows\system32\DRIVERS\EgisTecFF.sys [?] S1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?] S1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?] S1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024] S2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856] S2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\system32\Drivers\FPSensor.sys --> C:\windows\system32\Drivers\FPSensor.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944] S2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-7-27 134944] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-13 1153368] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S2 SSICloudService;SSICloudService;C:\Program Files (x86)\Software Secure, Inc\SSICloudService\SSICloudService.exe [2012-2-3 220160] S2 SSIRuntimeService;SSIRuntimeService;C:\Program Files (x86)\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe [2012-2-3 33792] S2 SsiSrpDiagnosticsService;SSI SRP Diagnostics Service;C:\Program Files (x86)\Software Secure, Inc\Software Secure, Inc\SsiDiagnosticsService.exe [2010-12-6 15360] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-4 2656280] S2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2007-5-18 229856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250056] S3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-3-20 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-3-20 8456] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?] S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?] S3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\system32\Drivers\vmuvcflt.sys --> C:\windows\system32\Drivers\vmuvcflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-14 02:14:46 -------- dc----w- C:\Users\Chris\AppData\Local\{DB61C036-6D9B-46E8-824F-96E682D2CC1E} 2012-07-14 02:14:31 -------- dc----w- C:\Users\Chris\AppData\Local\{FCF97C6A-F02C-40F1-BEA5-A8A67F045541} 2012-07-14 01:40:49 -------- dc----w- C:\ProgramData\Spybot - Search & Destroy 2012-07-14 01:40:49 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-07-13 03:15:34 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0ACB4D6-48CA-46C1-8164-EB1614896BE9}\offreg.dll 2012-07-13 02:07:37 -------- dc----w- C:\Users\Chris\AppData\Roaming\Malwarebytes 2012-07-13 02:07:15 -------- dc----w- C:\ProgramData\Malwarebytes 2012-07-13 02:07:11 24904 -c--a-w- C:\windows\System32\drivers\mbam.sys 2012-07-13 02:07:10 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-13 01:30:17 -------- dc----w- C:\Users\Chris\AppData\Local\{466B1C3D-CC8A-11E1-8270-B8AC6F996F26} 2012-07-13 01:30:13 377856 -c--a-w- C:\Users\Chris\AppData\Roaming\dysiap.dll 2012-07-12 23:54:28 -------- dc----w- C:\Users\Chris\AppData\Local\{570CB5D4-EBD4-4390-9C37-04D449D74FDF} 2012-07-12 14:02:19 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0ACB4D6-48CA-46C1-8164-EB1614896BE9}\mpengine.dll 2012-07-12 11:54:00 -------- dc----w- C:\Users\Chris\AppData\Local\{B3727647-22C6-4954-9E59-EEDCAC8EF799} 2012-07-12 11:53:47 -------- dc----w- C:\Users\Chris\AppData\Local\{25BAF4D9-1712-4155-A308-8F0DDCB9C77B} 2012-07-12 03:11:14 3148800 ----a-w- C:\windows\System32\win32k.sys 2012-07-11 20:36:37 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-07-11 20:30:52 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-07-11 20:30:52 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-07-11 20:30:52 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 20:30:52 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 20:30:51 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-07-11 20:30:51 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-11 20:30:51 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 20:30:51 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-07-11 20:30:51 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 20:30:51 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 20:30:51 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 20:30:51 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 20:30:51 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-07-11 18:12:46 -------- dc----w- C:\Users\Chris\AppData\Local\{E8512AEA-F566-46E6-AD1F-C0A81EC2E7BC} 2012-07-11 13:37:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 04:20:21 -------- dc----w- C:\Users\Chris\AppData\Local\{A1020FD3-5904-4424-875E-6A4ED46E726F} 2012-07-10 16:19:57 -------- dc----w- C:\Users\Chris\AppData\Local\{26C3EF90-1AA3-4CBE-9AEA-26F45F1ABC6B} 2012-07-10 16:19:46 -------- dc----w- C:\Users\Chris\AppData\Local\{090FE3BC-89B4-430D-9116-8591A1283E06} 2012-07-10 04:19:21 -------- dc----w- C:\Users\Chris\AppData\Local\{2E2FD7E8-6C3D-4F64-A6C6-EB6104485E89} 2012-07-09 14:37:21 -------- dc----w- C:\Users\Chris\AppData\Local\{D47F37C4-A3F6-4F5F-A79D-CB5C83474DBF} 2012-07-09 14:37:07 -------- dc----w- C:\Users\Chris\AppData\Local\{43A7FC58-A32E-43FF-9A92-048841C5AC43} 2012-07-08 16:05:12 -------- dc----w- C:\Users\Chris\AppData\Local\{B7067734-4A9F-4B6C-BE5B-3F7B14C76F50} 2012-07-08 16:04:58 -------- dc----w- C:\Users\Chris\AppData\Local\{27DCC5D2-B198-4A21-9450-BA6BB053A31D} 2012-07-07 16:21:52 -------- dc----w- C:\Users\Chris\AppData\Local\{C06882D4-6EBE-4219-AF72-ECE408FA5704} 2012-07-07 03:40:43 -------- dc----w- C:\Users\Chris\AppData\Local\{D9E3B73D-FE12-4D80-B74A-BBC8BFE2F453} 2012-07-06 15:40:18 -------- dc----w- C:\Users\Chris\AppData\Local\{A358D6C1-CE24-43A2-B5D3-91D815140E1B} 2012-07-06 03:39:54 -------- dc----w- C:\Users\Chris\AppData\Local\{1A336D29-03BF-407A-9A1C-4B695EC361EB} 2012-07-05 15:39:30 -------- dc----w- C:\Users\Chris\AppData\Local\{CFA67504-011F-42C8-9AF4-75920C0B50EE} 2012-07-05 03:39:06 -------- dc----w- C:\Users\Chris\AppData\Local\{84F06CCF-6A0A-4357-867A-0E3B3A59640D} 2012-07-04 12:32:12 -------- dc----w- C:\Users\Chris\AppData\Local\{7C13DB0D-274C-4DFD-89B4-4A3C5E6FEADA} 2012-07-04 12:32:00 -------- dc----w- C:\Users\Chris\AppData\Local\{2E027742-59F9-4765-8C5C-E70938F658BA} 2012-07-04 00:31:34 -------- dc----w- C:\Users\Chris\AppData\Local\{F720AD1D-F796-4B97-8EB4-1347D2334F1A} 2012-07-03 21:18:16 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90504DF0-2127-42AD-A2F9-511AA75917AD}\gapaengine.dll 2012-07-03 12:31:10 -------- dc----w- C:\Users\Chris\AppData\Local\{57DE7C23-7513-4599-9F06-4D6A430C871E} 2012-07-02 18:06:26 -------- dc----w- C:\Users\Chris\AppData\Local\{9B8FFC94-50B8-4D57-9983-5A4338524D58} 2012-07-02 03:08:35 -------- dc----w- C:\Users\Chris\AppData\Local\{4AA1B356-15DE-4C70-83B3-92266EF748DF} 2012-06-30 22:58:50 -------- dc----w- C:\Users\Chris\AppData\Local\{FB7EA9AA-F34C-43AE-8EB4-597B795744F1} 2012-06-27 21:47:00 -------- dc----w- C:\Users\Chris\AppData\Local\{C7EF70AD-A7C8-48B1-AEE3-825977808AF6} 2012-06-27 03:57:53 -------- dc----w- C:\Users\Chris\AppData\Local\{859821BC-1CAC-4B98-9311-5735EEA295F5} 2012-06-26 12:43:47 -------- dc----w- C:\Users\Chris\AppData\Local\{8C0CE7F1-B765-440D-B3F3-248033817097} 2012-06-25 12:59:25 -------- dc----w- C:\Users\Chris\AppData\Local\{11D3FD59-D01F-43D8-8371-A14856F56A8B} 2012-06-25 00:28:43 -------- dc----w- C:\Users\Chris\AppData\Local\{80C479DD-F1D1-4B3A-BC21-A945646147D5} 2012-06-25 00:28:30 -------- dc----w- C:\Users\Chris\AppData\Local\{030C6BE1-E8E2-41C4-9A38-06247B64F634} 2012-06-19 16:34:05 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-19 16:33:46 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-19 16:33:14 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-19 16:33:14 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-19 14:47:36 -------- dc----w- C:\Users\Chris\AppData\Local\{0F4CB182-767B-46C2-A423-DA8142882239} 2012-06-19 14:47:24 -------- dc----w- C:\Users\Chris\AppData\Local\{E2B13B73-A41A-4BBC-909E-A1DD28C5AE9B} 2012-06-19 02:46:57 -------- dc----w- C:\Users\Chris\AppData\Local\{EBC7F20E-2DF2-46CA-8A29-2B5FC291C510} 2012-06-19 02:46:45 -------- dc----w- C:\Users\Chris\AppData\Local\{0A1176DE-E556-4456-87B9-01A29826AF88} 2012-06-17 17:15:50 -------- dc----w- C:\Users\Chris\AppData\Local\{7A6768B1-00E1-49C5-857E-3FC797A67AD6} 2012-06-17 17:15:35 -------- dc----w- C:\Users\Chris\AppData\Local\{0E11B8F3-03FE-412F-B524-2D5EF888E5D8} 2012-06-15 20:50:18 -------- dc----w- C:\Users\Chris\AppData\Local\{735E2C68-8953-4990-8D0A-509DA0B78BD3} 2012-06-15 20:50:07 -------- dc----w- C:\Users\Chris\AppData\Local\{8673A41E-CB9E-44A5-9493-75A495C21F39} 2012-06-15 02:59:00 514560 ----a-w- C:\windows\SysWow64\qdvd.dll 2012-06-15 02:59:00 366592 ----a-w- C:\windows\System32\qdvd.dll 2012-06-15 02:28:58 -------- dc----w- C:\Users\Chris\AppData\Local\{DAA8BFC6-929F-4C55-8BC8-B03E39B25DA2} 2012-06-14 14:28:33 -------- dc----w- C:\Users\Chris\AppData\Local\{59FCD77E-0828-482E-8724-6BC0572C1B11} . ==================== Find3M ==================== . 2012-07-12 11:54:30 426184 -c--a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 11:54:29 70344 -c--a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 03:10:15 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll 2012-07-12 03:10:15 2048 ----a-w- C:\windows\System32\msxml3r.dll 2012-07-12 03:10:15 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-07-12 03:10:15 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-07-12 03:10:15 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-07-12 03:09:08 340992 ----a-w- C:\windows\System32\schannel.dll 2012-07-12 03:09:08 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-07-12 03:09:08 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-07-12 03:09:08 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-07-12 03:09:07 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-07-12 03:09:07 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-07-12 03:09:07 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-07-12 03:09:07 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-07-12 03:09:07 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-07-12 03:05:09 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-07-12 03:05:09 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-07-12 03:05:09 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-07-12 03:05:09 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-07-12 03:05:09 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-07-12 03:05:09 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-07-12 03:05:09 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-07-12 03:05:09 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-07-12 03:05:09 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-07-12 03:05:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-19 04:12:46 209920 ----a-w- C:\windows\System32\profsvc.dll 2012-06-17 17:23:32 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-06-17 17:23:32 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-06-17 17:23:32 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-06-17 17:18:52 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-06-17 17:18:52 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-06-17 17:18:52 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-06-17 17:18:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-06-17 17:18:10 3216384 ----a-w- C:\windows\System32\msi.dll 2012-06-17 17:18:10 2342400 ----a-w- C:\windows\SysWow64\msi.dll 2012-06-17 17:17:57 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2012-06-17 17:17:57 1462272 ----a-w- C:\windows\System32\crypt32.dll 2012-06-17 17:17:57 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-06-17 17:17:57 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-06-17 17:17:57 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-06-17 17:17:56 140288 ----a-w- C:\windows\System32\cryptnet.dll 2012-05-18 23:16:19 1544704 ----a-w- C:\windows\System32\DWrite.dll 2012-05-18 23:16:19 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-05-18 23:05:16 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys 2012-05-18 23:02:39 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-05-07 14:41:34 50546 -c--a-w- C:\windows\SysWow64\wuwuninst.exe 2009-08-14 19:31:00 1370112 -c--a-w- C:\Program Files (x86)\bsgui.dll 2009-08-14 19:26:50 3101184 -c--a-w- C:\Program Files (x86)\bsapi.dll . ============= FINISH: 21:30:06.89 =============== What are your suggestions?
  6. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you were being helped. Please be patient, someone will assist you as soon as possible. The past few days I've noticed that any time I'm connected to wireless audio from ads plays. It's a bunch of audio from all kinds of ads and movie previews playing all at the same time. Often the same audio playing slightly off from each other. I downloaded malwarebyres and hijackthis because I researched the topic on google a little bit. I noticed each case like mine had their own solutions so I thought I'd play it safe and try to get my own solution. Here is the log from Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Malicsi :: MALICSI-HP [administrator] Protection: Enabled 7/13/2012 4:06:46 AM mbam-log-2012-07-13 (03-50-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218351 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3672 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end) I tried to run hijackthis but it says that my system denied write access to the host files. It gave me instructions but I'm not exactly sure what to do with them. Also malwarebytes keeps notifying me that it has blocked access to svchost.exe. I'm not sure what that is either. correction: anytime I'm connected to "wifi/internet," audio from ads plays.
  7. Hi, I've been looking everywhere, and I couldn't figure out how to get rid of this virus. I was hoping you guys could help me. I was on a website I accidentally clicked the wrong link and downloaded a vGrabber toolbar, because I thought it was going to be the LoL replay grabber. Needless to say, it wasn't. I uninstalled it using "Change/Remove Programs", but now every time I open one of my browsers up I'm taken to this Conduit/Bing homepage. No matter what I have tried, I can't get rid of it. So far, I tried (using Chrome): 1. Changing the homepage manually. 2. Going to "Manage Search Engines" and deleting everything except Google. 3. Using the Malwarebytes program (obviously) to do a: - Quick Scan: 4 items detected, all removed. I restarted and it was still there. - Full Scan: 10 items detected, 1 removed (the rest were my own local host files I recognized). It was still there when I restarted. - Flash Scan: Nothing. So what is my next step? I attached the DDS.txt file, and I have the Attach too, if you need it. DDS.txt
  8. Hello all, I have recently tried to download the new version of adobe flashplayer 11.3 off of adobe.com and I have sometype of malware that when I search on google.com and I click the search result it takes me to a popup not of what I want. Also it will randomly put up these pop ups by Itself. This comes after I had to update adobe as my youtube videos stopped play, well some play and some dont but it seems to be an issue with youtube in all browsers as per the latest help techincian from google.com/youtube. I have done a malwarebytes scan and it found 2 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9 windows 7.
  9. Hi everyone, My computer was recently infected with a virus, which, when I scanned it with MalwareBytes Free, brought up about 10 infections. I quarantined and removed them using MBAM, but "BCMiner" and "Sirefef" still remain. The biggest problem that is visible to me is random browser redirects, but there are probably other things going on beneath the surface. Attach.txt DDS.txt
  10. Hi, last saturday, a pop up box appeared, wanting me to open something called windows command processor, i clicked no, then it instantly popped up again, and continued to do so, after a quick search i realised it was a virus, i followed some online instructions, doing things like downloading rkill and malwarebytes, and using both in safe mode to remove the virus, yet it has not removed it, the pop up keeps appearing when i boot in normal mode. so i came here for help. also take note that i have not accepted the pop up box once, i exit it everytime untill it goes down into the toolbar. i ran the log things on the DDS program as well, here are the two logs. any help would be greatly appreciated, as this is a major inconvience to me. thanks . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_29 Run by USER at 22:23:36 on 2012-07-05 . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Windows\regedit.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\USER\Downloads\dds.scr C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.facebook.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\user\appdata\roaming\complitly\Complitly.dll BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\users\user\appdata\roaming\complitly\Complitly.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [TOSCDSPD] TOSCDSPD.EXE uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [HbxTfbyd] c:\users\user\appdata\local\cujhubpm\hbxtfbyd.exe uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [NDSTray.exe] NDSTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe" mRun: [usbMonitor] "c:\program files\truesuite access manager\usbnotify.exe" mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe" mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run mRunOnce: [GrpConv] grpconv -o mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.88.1 TCP: Interfaces\{67546975-2D87-494D-AB3C-65D4D5547D83} : DhcpNameServer = 192.168.88.1 TCP: Interfaces\{9B623AC4-5DD2-4064-99A8-EBC993945FAC} : DhcpNameServer = 192.168.88.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\1qolu3le.default\ FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\1qolu3le.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\1qolu3le.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll . ============= SERVICES / DRIVERS =============== . R? Authentec memory manager;Authentec memory manager service R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? ConfigFree Service;ConfigFree Service R? EraserUtilRebootDrv;EraserUtilRebootDrv R? FontCache;Windows Font Cache Service R? IDSvix86;Symantec Intrusion Prevention Driver R? massfilter;ZTE Mass Storage Filter Driver R? MozillaMaintenance;Mozilla Maintenance Service R? SBSDWSCService;SBSD Security Center Service R? Symantec Core LC;Symantec Core LC R? SYMNDISV;SYMNDISV R? TOSHIBA SMART Log Service;TOSHIBA SMART Log Service R? TrojanKillerDriver;GridinSoft Trojan Killer Driver R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? ZTEusbnet;ZTE USB-NDIS miniport S? AlfaFF;AlfaFF mini-filter driver S? FwLnk;FwLnk Driver S? NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit . =============== Created Last 30 ================ . 2012-07-04 12:45:59 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys 2012-07-04 05:22:09 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7bdeaaa-f8e4-4513-a34e-69a86815d46a}\mpengine.dll 2012-06-30 10:46:38 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-06-30 05:00:24 93708 --s---w- c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\hbxtfbyd.exe 2012-06-22 01:25:24 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 01:24:37 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 01:24:25 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 01:24:25 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-20 08:09:42 -------- d-----w- c:\program files\Microsoft XNA 2012-06-20 08:09:25 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-06-20 08:09:25 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-06-20 08:09:24 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2012-06-20 08:09:24 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-06-20 08:09:22 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2012-06-20 08:09:22 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2012-06-20 08:09:20 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2012-06-20 08:07:57 -------- d-----w- c:\program files\Superfighters Deluxe 2012-06-19 10:09:04 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-19 10:09:04 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-14 07:58:07 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 07:58:06 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 07:58:06 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 07:24:12 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 07:24:10 2045440 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec 2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-24 11:50:49 737280 ----a-w- c:\windows\iun6002.exe . ============= FINISH: 22:24:52.84 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/09/2011 10:17:24 AM System Uptime: 5/07/2012 10:05:16 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | CPU | 2120/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 179 GiB total, 13.358 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . ==== System Restore Points =================== . . ==== Installed Programs ====================== . . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.0 Adobe Shockwave Player 11.6 AppCore Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar ATI Catalyst Install Manager µTorrent Audacity 2.0 AV AviSynth 2.5 Battlefield Heroes Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon MP Navigator EX 3.0 Canon MP270 series MP Drivers Canon Utilities Digital Photo Professional 3.10 Canon Utilities Easy-PhotoPrint EX Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities Movie Uploader for YouTube Canon Utilities My Printer Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities Solution Menu Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Dutch Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Dutch CCC Help English CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Swedish ccCommon CD/DVD Drive Acoustic Silencer CDisplay 1.8 Celtx (2.9.1) Comical 0.8 ComicRack v0.9.153 Complitly DVD MovieFactory for TOSHIBA Facebook Video Calling 1.2.0.159 FM Tuner Utility Freecorder 2.3 (with Skype Call Recording) Freecorder 5 Freecorder Toolbar Google Chrome HandBrake 0.9.6 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Matrix Storage Manager iTunes Java Auto Updater Java™ 6 Update 29 Java™ 6 Update 3 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Standard Edition 2003 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft XML Parser Microsoft XNA Framework Redistributable 3.1 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSRedist MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton AntiVirus Norton Confidential Browser Component Norton Confidential Web Protection Component Norton Internet Security Norton Internet Security (Symantec Corporation) Norton Protection Center Pando Media Booster PunkBuster Services QuickTime Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Windows Media Encoder (KB2447961) Skins SPBBC 32bit Spybot - Search & Destroy Superfighters Deluxe Pre-Alpha swMSM Symantec Real Time Storage Protection Component SymNet Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator TOSHIBA SD Memory Utilities TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Trojan Killer TrueSuite Access Manager Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) uTorrentBar Toolbar VLC media player 2.0.1 Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5) Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5) Windows Media Encoder 9 Series . ==== Event Viewer Messages From Past Week ======== . 5/07/2012 10:07:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 5/07/2012 10:07:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SPBBCDrv spldr SRTSPX SYMTDI Wanarpv6 5/07/2012 10:07:18 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 5/07/2012 10:07:18 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/07/2012 10:06:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/07/2012 10:06:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/07/2012 10:06:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 5/07/2012 10:06:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/07/2012 10:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/07/2012 10:05:57 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode . 5/07/2012 10:05:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 4/07/2012 3:50:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} . ==== End Of File ===========================
  11. Hello, so last Saturday i got a pop-up asking to open Windows Command Processor, but i clicked no, it instantly popped up again, and kept doing so, after doing i quick search i have realised this is a virus, but after following many online instructions on how to remove it, i have been unsuccessful from removing it from my computer. i have downloaded things like rkill and malwarebytes and scanned the machine many times, but whenever i boot the machine normally (instead of safe mode) the pop-up still occurs. this is a giant inconvience to me and any help would be great thanks!
  12. Merged 2 post XP.SP3-Home desktop PC. While using Chrome, the initial issues appeared during a download(unexpected bundled product, seems to be Babylon toolbar). Impacted Chrome, where initially the icon changed. While attempting to 'fix', each effort seemed to spawn additional problems. At first I only noticed browser redirects to the Babylon search. Then things got worse. Ran Avast and MB. PC hung up/stalled, then logged me out and required a "User" login. I do not have a Guest account setup so it appeared the malware was intercepting my privledges and password. It also forced an Admin password to access the secure wireless network. After running above, the PC seemed to retract more & more Admin privledges from me. Sys32 or Temp files "not accessible", etc. When I run GMER in normal mode, the full scan runs. But when I click Save, the computer reboots. Running GMER again in safe mode(not complete as of this post) I have MB, OT, DDS, aswMBR outputs. If you prefer another scan type, please advise and I wil post here. My 2nd device, Win7 laptop, is in SafeMode as it seems to have inherited this issue through the wireless network. As I need the laptop to access internet, let's fix the XP first. Thanks in advance for your expert guidance here. 070512|Midnight: Updating ticket w DDS details. Of note, I tried GMER in Safe Mode; it ran to completion but when I hit Copy or Save, the #*$&*$ gave errors indicating insufficient space, no access to blah blah blah. Although I have backups of data & some programs, I am certain it is incomplete. I hesitate to put the NAS back on the network in case it gets hit with this problem. Your early assistance is welcomed!! ~chaosmastered __________________________________________________ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27 Run by user at 9:51:25 on 2012-07-04 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1099 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe C:\Program Files\FarStone\DriveClone\Client\Efb\FBPAgent.exe C:\Program Files\FarStone\DriveClone\Client\cbp\DCSchdler.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe C:\Program Files\FarStone\DriveClone\Client\DCNTranProc.exe C:\Program Files\iTivity\bin\rfbd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Business-in-a-Box\BIBLauncher.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\ePad995\ePad995.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\D-Link\SharePort Utility\Connect.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\taskmgr.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://todoist.com/app?v=6#start uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: {D5233FCD-D258-4903-89B8-FB1568E7413D} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe -startup uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [bIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [GoogleChromeAutoLaunch_CC3BFD97C321DE64D73DD83160F90AC3] "c:\documents and settings\user\local settings\application data\google\chrome\application\chrome.exe" --no-startup-window mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\user\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epad995.lnk - c:\program files\epad995\ePad995.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: chartlinks.com\portal DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxp://content.ilinc.com/clientdownload/download/ilinci86.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://portal.chartlinks.com/NELX.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2E0B085B-3882-415B-81E2-F908D4FC844F} : DhcpNameServer = 192.168.1.1 Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\q721body.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npoff.dll FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npwbe.dll FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2011-9-16 86168] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-24 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-4 353688] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-29 98392] R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-1-5 87064] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-4 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 44808] R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2011-9-16 40960] R2 FBAgent;File Backup Agent;c:\program files\farstone\driveclone\client\efb\FBPAgent.exe [2011-9-16 86016] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-28 54760] R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-6 227352] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-9-16 246920] R2 Tran_Process_Proc;DCNTranProc;c:\program files\farstone\driveclone\client\DCNTranProc.exe [2009-11-26 77824] R2 tridiavnc;Tridia Screen Server;c:\program files\itivity\bin\rfbd.exe [2008-9-3 434176] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-4-24 1714176] R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-2-4 20504] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 DCDisk;DCDisk; [x] S1 efbDisk;efbDisk; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DCScheduler;DCScheduler;c:\program files\farstone\driveclone\client\cbp\DCSchdlerSRVC.exe [2011-9-16 104976] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [2011-9-16 13184] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-27 129976] S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] S3 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736] S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856] S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016] S3 TridiaFTPServer;TridiaFTP Server;c:\program files\itivity\bin\ftpd.exe [2008-9-3 536640] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688] . =============== File Associations =============== . .txt=UltraEdit.txt . =============== Created Last 30 ================ . 2012-06-28 04:02:25 -------- d-----w- c:\documents and settings\user\local settings\application data\Microsoft_Corporation 2012-06-27 21:09:18 359744 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll 2012-06-27 21:09:00 359744 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll 2012-06-27 16:04:55 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-06-27 16:04:49 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-06-27 16:04:49 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-06-13 22:57:03 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-06 23:13:41 -------- d-----w- c:\documents and settings\all users\application data\VS . ==================== Find3M ==================== . 2012-06-28 12:52:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-06-28 12:52:20 41224 ----a-w- c:\windows\avastSS.scr 2012-06-27 18:59:51 59 ----a-w- c:\windows\wpd99.drv 2012-06-25 12:55:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 12:55:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:12:30 2192640 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2007-06-28 20:40:59 33272460 -c--a-w- c:\program files\pcAnywhere_12_1_MarketingTrialware.exe . ============= FINISH: 9:53:14.06 =============== attach_070412V.zip
  13. Hello, Thank you for taking the time to read this. My computer has recently been infected with some sort of malware on my business computer. I have windows 7 ultimate and all my word, docs, and pdf files have had an .crypt extension added. I cannot open any of these files and my anti-virus cannot help me. Please help, I would greatly appreciate this! A WARNING.txt file was placed on my desktop stating the following: WARNING! YOU WCAP ID: 5291 If you see this screen or read warning.txt. It means you IP address: 67.164.131.123 was included in WCAP Black List. From your PC was infringement one or more of the following items: 1. Viewing, listening, downloading or distributing audio or video files protected Copyright Law. 2. Spam or Ddos attack. 3. Downloading or distributing illegal content (child porno, phishing, etc.) 4. Downloading or distributing Software protected Copyright Law. The result of these infringement you PC and file was blocked. The decision was made about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment 1272 of 06/10/2011 You can remove you IP from black list and unblock PC and files paying money penalty 100$. STEP 1: Buy a MoneyPak in amount of $100 at the nearest store. STEP 2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide MoneyPak number. STEP 3: Check your e-mail. We will send you Unblock code once payment is verified. Your computer will roll back to the ordinary state. Q: Where can I purchase MoneyPak? A: MonekPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Click here to find a store near. Q: How do I buy a MoneyPak at the store? A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak. Q: How I can make sure that you can really decipher my files? A: You can send ONE any ciphered file on email WCAPLLC@yahoo.com (Indicate your IS and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file. WARNING!!!: If you don't pay money penalty 100$ within 72 HOURS, all your computer data will be deleted. WARNING!!! Dont remove this screen this may complicate or make impossible the decryption. Even after removing the screen, files will remain encrypted. You can confirm this moving crypt file to another PC. MONEYPAK _______________ EMAIL _______________ [Make Payment] Please contact us if you have any questions wcapllc@yahoo.com. I don't know what to do and really need these files. Is there anything I can do to save my files? Thank you so much in advance.
  14. I was using ms word last night typing something and all of a sudden my email and password started to appear in the text, then the mouse moved by itself. someone was using my computer remotely and i dont know how did this happen, i scanned with malwarebytes, spybot and avg, updated windows and office and didnt find anything that would strike me like a trojan horse that would do that only tracking cookies and a toolbar that i dont know how i got it. any one can help me figure out if i'm still infected?
  15. Hi, My parents called me the other day and said their computer was playing a random ad in the background. I didn't believe them so I waited until yesterday to go look at their computer. I turned it on and for ten minutes the computer seemed to be ok and then the ad started playing. They have Norton Internet Security on their computer and it doesn't pick up the virus. I put malwarebytes on the computer and scanned and it found a trojan so I chose to fix the problem. I restarted the computer and thought that would have done it but to my surprise its still on the computer. I saw another forum where they used RSIT which generated some logs so I decided I would try that. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random) Run by Steve Petruso at 2012-06-25 07:52:22 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 546 GB (92%) free of 594 GB Total RAM: 6092 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:52:38 AM, on 6/25/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\trend micro\Steve Petruso.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12056 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch winlogon.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe 27346720 C:\windows\System32\spoolsv.exe \??\C:\windows\system32\conhost.exe "1620387087-589614863142652796174828742013758048691802004493-1513016729-578510830 C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2024 "C:\Program Files\TOSHIBA\TECO\TecoService.exe" C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -netsvcs \??\C:\windows\system32\conhost.exe "-740113850-1041399657113861242410953134321287194221-18998899641235486413-2094937580 "taskhost.exe" "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession "C:\windows\system32\Dwm.exe" C:\windows\Explorer.EXE C:\windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Toshiba\Power Saver\TPwrMain.exe" "C:\Program Files\Toshiba\FlashCards\TCrdMain.exe" "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Toshiba\TECO\Teco.exe" /r "C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe" "C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe" "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Program Files (x86)\CarMD\CarMD.exe" "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" C:\windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe" "C:\windows\system32\wuauclt.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:203009 "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe" C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -Embedding C:\windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:137478 taskeng.exe {429EF3F5-AE0F-4079-8C22-9DB2A6E31222} "C:\Users\Steve Petruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IUMSYAF\RSITx64.exe" C:\windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\windows\tasks\Adobe Flash Player Updater.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job C:\windows\tasks\GoogleUpdateTaskMachineCore.job C:\windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-01 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-07 167256] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-07 391000] "Persistence"=C:\windows\system32\igfxpers.exe [2011-04-07 418136] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824] "TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672] "SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912] "cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624] "TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-10 710560] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-07-27 597936] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408] "CarMD"=C:\Program Files (x86)\CarMD\CarMD.exe [2010-04-07 796672] "Facebook Update"=C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 137536] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-06-05 17345712] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816] "NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864] "ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2011-04-04 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-06-25 07:52:22 ----D---- C:\rsit 2012-06-25 07:52:22 ----D---- C:\Program Files\trend micro 2012-06-25 07:36:29 ----N---- C:\windows\svchost.exe 2012-06-24 21:48:37 ----D---- C:\Program Files\CCleaner 2012-06-24 19:21:24 ----D---- C:\Program Files (x86)\Trend Micro 2012-06-24 16:32:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Malwarebytes 2012-06-24 16:32:42 ----D---- C:\ProgramData\Malwarebytes 2012-06-24 16:32:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-24 16:32:41 ----A---- C:\windows\system32\drivers\mbam.sys 2012-06-24 16:30:00 ----D---- C:\Program Files (x86)\1ClickDownload 2012-06-24 16:22:12 ----D---- C:\ProgramData\Conexant 2012-06-24 16:21:34 ----A---- C:\Program Files (x86)\64res.dll 2012-06-24 15:47:25 ----A---- C:\windows\SYSWOW64\qdvd.dll 2012-06-24 15:47:25 ----A---- C:\windows\system32\qdvd.dll 2012-06-23 06:43:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller 2012-06-22 06:01:10 ----A---- C:\windows\system32\wups2.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wucltux.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuaueng.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuauclt.exe 2012-06-22 06:00:48 ----A---- C:\windows\system32\wups.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wudriver.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wuapi.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuwebv.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuapp.exe 2012-06-14 14:38:16 ----A---- C:\windows\SYSWOW64\mshtmled.dll 2012-06-14 14:38:16 ----A---- C:\windows\system32\mshtmled.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\ieui.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\system32\ieui.dll 2012-06-14 14:38:13 ----A---- C:\windows\SYSWOW64\ieUnatt.exe 2012-06-14 14:38:13 ----A---- C:\windows\system32\ieUnatt.exe 2012-06-14 14:38:12 ----A---- C:\windows\SYSWOW64\wininet.dll 2012-06-14 14:38:12 ----A---- C:\windows\system32\wininet.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript.dll 2012-06-14 14:38:10 ----A---- C:\windows\SYSWOW64\mshtml.dll 2012-06-14 14:38:09 ----A---- C:\windows\system32\mshtml.dll 2012-06-14 14:38:08 ----A---- C:\windows\system32\ieframe.dll 2012-06-14 14:38:06 ----A---- C:\windows\SYSWOW64\ieframe.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdrmemptylst.exe 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpwsx.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpcorekmts.dll 2012-06-14 06:34:32 ----A---- C:\windows\system32\profsvc.dll 2012-06-14 06:34:26 ----A---- C:\windows\system32\win32k.sys 2012-06-14 06:34:20 ----A---- C:\windows\system32\drivers\rdpwd.sys 2012-06-14 06:34:19 ----A---- C:\windows\SYSWOW64\msi.dll 2012-06-14 06:34:19 ----A---- C:\windows\system32\msi.dll 2012-06-14 06:34:07 ----A---- C:\windows\system32\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptnet.dll ======List of files/folders modified in the last 1 month====== 2012-06-25 07:52:37 ----D---- C:\windows\Temp 2012-06-25 07:52:22 ----RD---- C:\Program Files 2012-06-25 07:41:46 ----AD---- C:\windows\System32 2012-06-25 07:41:45 ----D---- C:\windows\inf 2012-06-25 07:41:45 ----A---- C:\windows\system32\PerfStringBackup.INI 2012-06-25 07:39:29 ----D---- C:\windows\system32\config 2012-06-25 07:38:47 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Skype 2012-06-25 07:38:17 ----A---- C:\windows\SYSWOW64\log.txt 2012-06-25 07:37:32 ----SHD---- C:\System Volume Information 2012-06-25 07:36:29 ----AD---- C:\Windows 2012-06-25 05:30:17 ----D---- C:\windows\Panther 2012-06-25 05:30:16 ----D---- C:\windows\Minidump 2012-06-25 05:30:16 ----D---- C:\windows\Logs 2012-06-25 05:30:16 ----D---- C:\windows\debug 2012-06-24 19:21:24 ----RD---- C:\Program Files (x86) 2012-06-24 16:32:42 ----HD---- C:\ProgramData 2012-06-24 16:32:41 ----D---- C:\windows\system32\drivers 2012-06-24 16:19:19 ----SHD---- C:\windows\Installer 2012-06-24 16:19:18 ----D---- C:\Program Files (x86)\Microsoft 2012-06-24 16:18:55 ----SD---- C:\ProgramData\Microsoft 2012-06-24 16:17:25 ----D---- C:\windows\SoftwareDistribution 2012-06-24 16:15:51 ----D---- C:\windows\SysWOW64 2012-06-24 16:15:51 ----D---- C:\windows\Downloaded Program Files 2012-06-24 15:48:01 ----D---- C:\windows\winsxs 2012-06-24 15:46:37 ----D---- C:\windows\system32\catroot 2012-06-24 15:30:30 ----D---- C:\windows\Microsoft.NET 2012-06-24 15:30:29 ----RSD---- C:\windows\assembly 2012-06-24 15:13:41 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe 2012-06-23 06:43:49 ----D---- C:\windows\system32\Tasks 2012-06-22 14:56:16 ----D---- C:\windows\system32\en-US 2012-06-22 06:01:01 ----D---- C:\windows\system32\catroot2 2012-06-14 14:46:51 ----D---- C:\windows\SYSWOW64\en-US 2012-06-14 14:46:50 ----D---- C:\windows\SYSWOW64\migration 2012-06-14 14:46:50 ----D---- C:\Program Files (x86)\Internet Explorer 2012-06-14 14:46:49 ----D---- C:\windows\system32\migration 2012-06-14 14:46:49 ----D---- C:\Program Files\Internet Explorer 2012-06-14 06:43:38 ----A---- C:\windows\system32\MRT.INI 2012-06-14 06:39:53 ----A---- C:\windows\system32\MRT.exe 2012-06-08 05:53:23 ----D---- C:\ProgramData\Skype 2012-06-04 05:48:38 ----D---- C:\windows\Prefetch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320] R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192] R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-18 1161376] R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-18 509088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496] R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-04 12262624] R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\ENG64.SYS [2012-06-24 120440] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\EX64.SYS [2012-06-24 2068600] R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096] R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912] R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-13 12288] R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2011-07-08 307304] S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys [] S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384] S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656] R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608] R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-24 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-06-25 07:52:41 ======Uninstall list====== -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe" -->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16 -->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16 -->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio -->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16 -->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801 -->C:\Program Files\TOSHIBA\TVAP\setup.exe Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0} Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader X (10.1.3) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932} Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409 Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R CarMD-->MsiExec.exe /I{251C65C0-15FF-4603-98BB-E4A61C7DA424} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe" Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.inf Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DriverTuner 3.0.1.0-->"C:\Program Files\DriverTuner\unins000.exe" Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E} FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe" Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe HP Photosmart Plus B210 series Basic Device Software-->MsiExec.exe /I{F4330A8B-3610-4483-975E-69789B70A764} HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40} HP Photosmart Plus B210 series Product Improvement Study-->MsiExec.exe /I{7C1C9924-3755-483C-87B1-8371B7454B1A} HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE} Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0} Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF} Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A} Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARP OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021} Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe" Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe" PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe" QuickTime-->C:\windows\unvise32qt.exe C:\windows\system32\QuickTime\Uninstall.log Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe" Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly Toshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F} TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3} TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F} TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033 TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38} Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /X TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C} TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033 TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591} TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe" Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe" WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe" WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B} Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760} Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe" ======System event log====== Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91597 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310183531.403135-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91417 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.044669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91416 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.042669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91238 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.796027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91237 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.786027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1323 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.884006-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1322 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.868406-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 448) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 1318 Source Name: Microsoft-Windows-RPC-Events Time Written: 20111105124522.250798-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: StevePetruso-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1305 Source Name: Microsoft-Windows-Search Time Written: 20111105124435.000000-000 Event Type: Warning User: Computer Name: StevePetruso-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1300 Source Name: Microsoft-Windows-WMI Time Written: 20111105114043.000000-000 Event Type: Error User: =====Security event log===== Computer Name: StevePetruso-PC Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 3478 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126150204.059620-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 1100 Message: The event logging service has shut down. Record Number: 3477 Source Name: Microsoft-Windows-Eventlog Time Written: 20111126005701.128832-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 3476 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: STEVEPETRUSO-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 3475 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4647 Message: User initiated logoff: Subject: Security ID: S-1-5-21-2726610858-437048973-2726063162-1000 Account Name: Steve Petruso Account Domain: StevePetruso-PC Logon ID: 0x43ed5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Record Number: 3474 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.366029-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF----------------- I work second shift so I won't respond right away until tomorrow morning but I would appreciate the help Ive tried eveything I could think of to get it off.
  16. Hi, My parents called me the other day and said their computer was playing a random ad in the background. I didn't believe them so I waited until yesterday to go look at their computer. I turned it on and for ten minutes the computer seemed to be ok and then the ad started playing. They have Norton Internet Security on their computer and it doesn't pick up the virus. I put malwarebytes on the computer and scanned and it found a trojan so I chose to fix the problem. I restarted the computer and thought that would have done it but to my surprise its still on the computer. I saw another forum where they used RSIT which generated some logs so I decided I would try that. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random) Run by Steve Petruso at 2012-06-25 07:52:22 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 546 GB (92%) free of 594 GB Total RAM: 6092 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:52:38 AM, on 6/25/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\trend micro\Steve Petruso.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12056 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch winlogon.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe 27346720 C:\windows\System32\spoolsv.exe \??\C:\windows\system32\conhost.exe "1620387087-589614863142652796174828742013758048691802004493-1513016729-578510830 C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2024 "C:\Program Files\TOSHIBA\TECO\TecoService.exe" C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -netsvcs \??\C:\windows\system32\conhost.exe "-740113850-1041399657113861242410953134321287194221-18998899641235486413-2094937580 "taskhost.exe" "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession "C:\windows\system32\Dwm.exe" C:\windows\Explorer.EXE C:\windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Toshiba\Power Saver\TPwrMain.exe" "C:\Program Files\Toshiba\FlashCards\TCrdMain.exe" "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Toshiba\TECO\Teco.exe" /r "C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe" "C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe" "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Program Files (x86)\CarMD\CarMD.exe" "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" C:\windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe" "C:\windows\system32\wuauclt.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:203009 "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe" C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -Embedding C:\windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:137478 taskeng.exe {429EF3F5-AE0F-4079-8C22-9DB2A6E31222} "C:\Users\Steve Petruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IUMSYAF\RSITx64.exe" C:\windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\windows\tasks\Adobe Flash Player Updater.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job C:\windows\tasks\GoogleUpdateTaskMachineCore.job C:\windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-01 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-07 167256] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-07 391000] "Persistence"=C:\windows\system32\igfxpers.exe [2011-04-07 418136] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824] "TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672] "SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912] "cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624] "TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-10 710560] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-07-27 597936] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408] "CarMD"=C:\Program Files (x86)\CarMD\CarMD.exe [2010-04-07 796672] "Facebook Update"=C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 137536] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-06-05 17345712] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816] "NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864] "ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2011-04-04 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-06-25 07:52:22 ----D---- C:\rsit 2012-06-25 07:52:22 ----D---- C:\Program Files\trend micro 2012-06-25 07:36:29 ----N---- C:\windows\svchost.exe 2012-06-24 21:48:37 ----D---- C:\Program Files\CCleaner 2012-06-24 19:21:24 ----D---- C:\Program Files (x86)\Trend Micro 2012-06-24 16:32:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Malwarebytes 2012-06-24 16:32:42 ----D---- C:\ProgramData\Malwarebytes 2012-06-24 16:32:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-24 16:32:41 ----A---- C:\windows\system32\drivers\mbam.sys 2012-06-24 16:30:00 ----D---- C:\Program Files (x86)\1ClickDownload 2012-06-24 16:22:12 ----D---- C:\ProgramData\Conexant 2012-06-24 16:21:34 ----A---- C:\Program Files (x86)\64res.dll 2012-06-24 15:47:25 ----A---- C:\windows\SYSWOW64\qdvd.dll 2012-06-24 15:47:25 ----A---- C:\windows\system32\qdvd.dll 2012-06-23 06:43:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller 2012-06-22 06:01:10 ----A---- C:\windows\system32\wups2.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wucltux.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuaueng.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuauclt.exe 2012-06-22 06:00:48 ----A---- C:\windows\system32\wups.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wudriver.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wuapi.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuwebv.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuapp.exe 2012-06-14 14:38:16 ----A---- C:\windows\SYSWOW64\mshtmled.dll 2012-06-14 14:38:16 ----A---- C:\windows\system32\mshtmled.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\ieui.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\system32\ieui.dll 2012-06-14 14:38:13 ----A---- C:\windows\SYSWOW64\ieUnatt.exe 2012-06-14 14:38:13 ----A---- C:\windows\system32\ieUnatt.exe 2012-06-14 14:38:12 ----A---- C:\windows\SYSWOW64\wininet.dll 2012-06-14 14:38:12 ----A---- C:\windows\system32\wininet.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript.dll 2012-06-14 14:38:10 ----A---- C:\windows\SYSWOW64\mshtml.dll 2012-06-14 14:38:09 ----A---- C:\windows\system32\mshtml.dll 2012-06-14 14:38:08 ----A---- C:\windows\system32\ieframe.dll 2012-06-14 14:38:06 ----A---- C:\windows\SYSWOW64\ieframe.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdrmemptylst.exe 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpwsx.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpcorekmts.dll 2012-06-14 06:34:32 ----A---- C:\windows\system32\profsvc.dll 2012-06-14 06:34:26 ----A---- C:\windows\system32\win32k.sys 2012-06-14 06:34:20 ----A---- C:\windows\system32\drivers\rdpwd.sys 2012-06-14 06:34:19 ----A---- C:\windows\SYSWOW64\msi.dll 2012-06-14 06:34:19 ----A---- C:\windows\system32\msi.dll 2012-06-14 06:34:07 ----A---- C:\windows\system32\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptnet.dll ======List of files/folders modified in the last 1 month====== 2012-06-25 07:52:37 ----D---- C:\windows\Temp 2012-06-25 07:52:22 ----RD---- C:\Program Files 2012-06-25 07:41:46 ----AD---- C:\windows\System32 2012-06-25 07:41:45 ----D---- C:\windows\inf 2012-06-25 07:41:45 ----A---- C:\windows\system32\PerfStringBackup.INI 2012-06-25 07:39:29 ----D---- C:\windows\system32\config 2012-06-25 07:38:47 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Skype 2012-06-25 07:38:17 ----A---- C:\windows\SYSWOW64\log.txt 2012-06-25 07:37:32 ----SHD---- C:\System Volume Information 2012-06-25 07:36:29 ----AD---- C:\Windows 2012-06-25 05:30:17 ----D---- C:\windows\Panther 2012-06-25 05:30:16 ----D---- C:\windows\Minidump 2012-06-25 05:30:16 ----D---- C:\windows\Logs 2012-06-25 05:30:16 ----D---- C:\windows\debug 2012-06-24 19:21:24 ----RD---- C:\Program Files (x86) 2012-06-24 16:32:42 ----HD---- C:\ProgramData 2012-06-24 16:32:41 ----D---- C:\windows\system32\drivers 2012-06-24 16:19:19 ----SHD---- C:\windows\Installer 2012-06-24 16:19:18 ----D---- C:\Program Files (x86)\Microsoft 2012-06-24 16:18:55 ----SD---- C:\ProgramData\Microsoft 2012-06-24 16:17:25 ----D---- C:\windows\SoftwareDistribution 2012-06-24 16:15:51 ----D---- C:\windows\SysWOW64 2012-06-24 16:15:51 ----D---- C:\windows\Downloaded Program Files 2012-06-24 15:48:01 ----D---- C:\windows\winsxs 2012-06-24 15:46:37 ----D---- C:\windows\system32\catroot 2012-06-24 15:30:30 ----D---- C:\windows\Microsoft.NET 2012-06-24 15:30:29 ----RSD---- C:\windows\assembly 2012-06-24 15:13:41 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe 2012-06-23 06:43:49 ----D---- C:\windows\system32\Tasks 2012-06-22 14:56:16 ----D---- C:\windows\system32\en-US 2012-06-22 06:01:01 ----D---- C:\windows\system32\catroot2 2012-06-14 14:46:51 ----D---- C:\windows\SYSWOW64\en-US 2012-06-14 14:46:50 ----D---- C:\windows\SYSWOW64\migration 2012-06-14 14:46:50 ----D---- C:\Program Files (x86)\Internet Explorer 2012-06-14 14:46:49 ----D---- C:\windows\system32\migration 2012-06-14 14:46:49 ----D---- C:\Program Files\Internet Explorer 2012-06-14 06:43:38 ----A---- C:\windows\system32\MRT.INI 2012-06-14 06:39:53 ----A---- C:\windows\system32\MRT.exe 2012-06-08 05:53:23 ----D---- C:\ProgramData\Skype 2012-06-04 05:48:38 ----D---- C:\windows\Prefetch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320] R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192] R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-18 1161376] R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-18 509088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496] R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-04 12262624] R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\ENG64.SYS [2012-06-24 120440] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\EX64.SYS [2012-06-24 2068600] R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096] R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912] R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-13 12288] R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2011-07-08 307304] S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys [] S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384] S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656] R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608] R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-24 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-06-25 07:52:41 ======Uninstall list====== -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe" -->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16 -->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16 -->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio -->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16 -->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801 -->C:\Program Files\TOSHIBA\TVAP\setup.exe Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0} Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader X (10.1.3) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932} Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409 Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R CarMD-->MsiExec.exe /I{251C65C0-15FF-4603-98BB-E4A61C7DA424} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe" Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.inf Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DriverTuner 3.0.1.0-->"C:\Program Files\DriverTuner\unins000.exe" Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E} FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe" Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe HP Photosmart Plus B210 series Basic Device Software-->MsiExec.exe /I{F4330A8B-3610-4483-975E-69789B70A764} HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40} HP Photosmart Plus B210 series Product Improvement Study-->MsiExec.exe /I{7C1C9924-3755-483C-87B1-8371B7454B1A} HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE} Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0} Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF} Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A} Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARP OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021} Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe" Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe" PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe" QuickTime-->C:\windows\unvise32qt.exe C:\windows\system32\QuickTime\Uninstall.log Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe" Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly Toshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F} TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3} TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F} TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033 TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38} Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /X TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C} TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033 TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591} TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe" Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe" WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe" WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B} Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760} Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe" ======System event log====== Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91597 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310183531.403135-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91417 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.044669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91416 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.042669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91238 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.796027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91237 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.786027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1323 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.884006-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1322 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.868406-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 448) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 1318 Source Name: Microsoft-Windows-RPC-Events Time Written: 20111105124522.250798-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: StevePetruso-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1305 Source Name: Microsoft-Windows-Search Time Written: 20111105124435.000000-000 Event Type: Warning User: Computer Name: StevePetruso-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1300 Source Name: Microsoft-Windows-WMI Time Written: 20111105114043.000000-000 Event Type: Error User: =====Security event log===== Computer Name: StevePetruso-PC Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 3478 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126150204.059620-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 1100 Message: The event logging service has shut down. Record Number: 3477 Source Name: Microsoft-Windows-Eventlog Time Written: 20111126005701.128832-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 3476 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: STEVEPETRUSO-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 3475 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4647 Message: User initiated logoff: Subject: Security ID: S-1-5-21-2726610858-437048973-2726063162-1000 Account Name: Steve Petruso Account Domain: StevePetruso-PC Logon ID: 0x43ed5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Record Number: 3474 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.366029-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF----------------- I work second shift so I won't respond right away until tomorrow morning but I would appreciate the help Ive tried eveything I could think of to get it off.
  17. Merged post I started a post on another MB forum and was told to open a new one here so someone could help me fix my problem. Here is a link to the other post I had, as well as the DDS & Attach files. Thanks in advance for your help! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by User at 23:31:00 on 2012-06-19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1889 [GMT -4:00] . AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: Norton Internet Security *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\stsystra.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 108.166.95.58:8080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [adblock pro] c:\program files\adblock pro\abpmain.exe -m mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} - hxxp://surfcam.castleinthesand.com/iqeye.ocx.gz DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309922957656 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{845F1E14-703E-43C9-8E95-FC74DABB12FA} : DhcpNameServer = 75.75.76.76 75.75.75.75 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\et9ohpua.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.ftp - 203.42.246.231 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.http - 203.42.246.231 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 203.42.246.231 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 203.42.246.231 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-6-17 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-6-17 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120531.001\BHDrvx86.sys [2012-5-31 821880] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-6-17 132744] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-6-17 149624] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-15 654408] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-6-17 138232] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-16 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120613.007\IDSXpx86.sys [2012-6-13 356792] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-15 22344] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVENG.SYS [2012-6-19 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVEX15.SYS [2012-6-19 1589752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 257696] S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-9 17976] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176] . =============== Created Last 30 ================ . 2012-06-20 02:04:25 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9ca2fbe-8354-4478-8ce9-773ed43f048f}\mpengine.dll 2012-06-18 18:53:05 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-06-18 06:36:37 -------- d-----w- c:\program files\Trend Micro 2012-06-18 02:16:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-18 02:16:08 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-06-18 01:36:25 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2012-06-17 17:37:25 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys 2012-06-17 17:37:25 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys 2012-06-17 17:37:25 388216 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdi.sys 2012-06-17 17:37:25 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys 2012-06-17 17:37:25 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys 2012-06-17 17:37:25 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys 2012-06-17 17:37:25 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys 2012-06-17 17:37:25 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys 2012-06-17 17:37:25 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys 2012-06-17 17:37:07 4782 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symvtcer.dat 2012-06-17 17:37:06 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005 2012-06-17 03:34:13 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-17 03:34:13 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-17 03:34:13 -------- d-----w- c:\program files\Symantec 2012-06-17 03:34:13 -------- d-----w- c:\program files\common files\Symantec Shared 2012-06-17 03:33:49 -------- d-----w- c:\windows\system32\drivers\NIS 2012-06-17 03:33:47 -------- d-----w- c:\program files\Norton Internet Security 2012-06-17 03:33:27 -------- d-----w- c:\program files\NortonInstaller 2012-06-17 03:33:27 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2012-06-17 02:53:36 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage 2012-06-17 02:21:46 -------- d-----w- c:\program files\Advanced Fix 2012 2012-06-17 00:41:00 -------- d-----w- c:\documents and settings\user\local settings\application data\ID Vault 2012-06-17 00:40:13 -------- d-----w- c:\documents and settings\user\application data\ID Vault 2012-06-16 23:25:17 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun 2012-06-16 23:09:10 -------- d-----w- c:\program files\Oracle 2012-06-16 23:09:04 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 23:09:04 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-16 23:09:04 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-16 22:09:26 -------- d-----w- c:\documents and settings\user\local settings\application data\PCHealth 2012-06-16 18:20:37 -------- d-----w- c:\program files\Constant Guard Protection Suite 2012-06-16 18:20:16 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc 2012-06-16 18:08:15 -------- d-----w- c:\windows\system32\appmgmt 2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\user\local settings\application data\NPE 2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\all users\application data\Norton 2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\Repository 2012-06-14 05:43:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 09:05:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 09:05:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 23:31:31.60 =============== I guess pasting the link before posting would help. http://forums.malwarebytes.org/index.php?showtopic=111347 attach.txt dds.txt
  18. I can't seem to get rid of this item, apparently along with some other people. Here are my logs from Malwarebytes and DDS. Will post Attach.txt if need be. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 California Raisin :: GAMEPC [administrator] Protection: Enabled 6/18/2012 1:31:53 AM mbam-log-2012-06-18 (01-31-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214095 Time elapsed: 2 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by California Raisin at 1:29:55 on 2012-06-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2024 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Motorola Media Link\NServiceEntry.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Razer\Naga\RazerNagaSysTray.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\SupportSoft\bin\bcont.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\explorer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.xfinity.com/?cid=insDate03062012 uInternet Connection Wizard,ShellNext = hxxp://www.logitech.com/gamepanel uInternet Settings,ProxyOverride = 192.168.*.*;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\california raisin\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe" mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe" mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe" mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE mRun: [soundMan] SOUNDMAN.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [zLoader] c:\documents and settings\california raisin\my documents\downloads\zLoader mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray uPolicies-system: DisableTaskMgr = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A23E82BC-680E-4814-8F9F-A74BCB0A0CF0} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll . ============= SERVICES / DRIVERS =============== . R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-11-5 81920] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-30 654408] R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-5-1 816672] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-12-28 14856] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-30 22344] R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-2-20 103424] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-12-24 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-12-24 20480] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-12-24 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-12-24 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-12-24 11008] S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-18 05:37:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-18 05:31:17 -------- d-----w- c:\program files\Anti-Virus_RootKit 2012-05-24 23:28:53 -------- d-----w- c:\documents and settings\california raisin\application data\LolClient2 . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 1:30:12.75 ===============
  19. Hi malware professionals, I need help removing this trojan/virus.... found by "Windows Defender Offline" Here is the file location.... file \users\work\AppData\LocalLow\sun\java\deployment\cache\6.0\1\3d2bacc1-1200ba32 Any help offerred would be greatly appreciated. Kyle
  20. Help. I am using Microsoft Windows 7 Home Premium and can not open any browsers or access and download any anti-virus or anti-malware software. (I use AVG Free). It's like my whole computer has been taken over by malware. Can't even "Start Task Manager". I could not download Malware Bytes software or do a Panda Scan. I was able to access Internet Explorer using another user that I created in Windows to and ran the DSS software. Below is the DSS result. Any assistance would be appreciated. Michael in Houston. ******************************************************* . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by new test at 21:34:55 on 2012-06-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6115 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\Explorer.EXE C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\spoolsv.exe C:\Users\Michael\AppData\Roaming\Protector-rnhj.exe C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun: [TaskTray] mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 172.16.0.1 TCP: Interfaces\{F8EDE858-F1FE-4FCB-ACC1-5AB33A0377CF} : DhcpNameServer = 172.16.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL IFEO: a.exe - svchost.exe IFEO: aAvgApi.exe - svchost.exe IFEO: AAWTray.exe - svchost.exe IFEO: About.exe - svchost.exe IFEO: ackwin32.exe - svchost.exe BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNowToolbarHelper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll BHO-X64: WindowShopper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun-x64: [TaskTray] mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL IFEO-X64: a.exe - svchost.exe IFEO-X64: aAvgApi.exe - svchost.exe IFEO-X64: AAWTray.exe - svchost.exe IFEO-X64: About.exe - svchost.exe IFEO-X64: ackwin32.exe - svchost.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-5-29 401920] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-20 13336] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-20 635416] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-20 2320920] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-4-20 265952] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-3-21 245760] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/08/20 19:23:26;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-8-20 245232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-17 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 257696] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-6 1025352] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-17 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416] . =============== Created Last 30 ================ . 2012-06-12 02:29:10 -------- d-----w- C:\Users\new test\AppData\Roaming\PictureMover 2012-06-12 02:29:10 -------- d-----w- C:\Users\new test\AppData\Local\ATI 2012-06-12 02:28:22 -------- d-----w- C:\Users\new test\AppData\Local\Google 2012-06-12 02:28:10 -------- d-----w- C:\Users\new test\AppData\Local\PDFC 2012-06-12 02:28:10 -------- d-----w- C:\Users\new test\AppData\Local\Apple Computer 2012-06-12 02:28:10 -------- d-----w- C:\Users\new test\AppData\Local\Adobe 2012-06-12 02:28:01 -------- d-----r- C:\Users\new test\Podcasts 2012-05-31 00:05:00 -------- d-sh--w- C:\found.003 . ==================== Find3M ==================== . 2012-05-10 00:13:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-10 00:13:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-10 00:13:15 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ============= FINISH: 21:35:12.21 ===============
  21. Hi, I'm new here and hope I'm following the right directions - it seems that I posted in the wrong forum, and the instructions seem to be for everyone new. The directions said I should post the logs in my next reply to the topic, but since it was in the wrong forum, I'm repeating my query here and attaching the logs. If that's not right, please let me know how to get help through this forum. The DDS.txt and ATTACH.txt files are attached to this message. Below is the query I posted in the wrong forum: I update and run Malwarebytes Anit-Malware pretty regularly, and periodically it finds a file in the C:\Users directory, quarantines, and deletes it. On reviewing the logs I see they all have different file names always followed by (Exploit.Drop.3P). Is there any way to tell where I'm getting this? Or is there something bad on my computer that keeps recreating it? Here's my most recent log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.07.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Hbecker :: HBDESKTOP [administrator] Protection: Enabled 6/7/2012 11:42:04 AM mbam-log-2012-06-07 (11-42-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 329023 Time elapsed: 6 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Administrator\AppData\Local\Temp\J7GB6246170131222981045.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully. (end) Attach.txt DDS.txt
  22. I have a Win 7, 64-bit HP Pavilion dv8t 1000 machine, running IE 8. I use Symantec NORTON 360 as my AV. I ran MalwareBytes as a precaution after I got roped into trying to win something online by answering a survey. (DUH!!!!) (I work on an IT Help Desk so I should've known better!!!). Malware logs has 100 detected files, including registry settings, etc. etc. HELP!!!! I want to make CERTAIN that I clean my PC the right way, as I am going to Seminary 100% ONLINE and need my computer to work. Attached, you will find my DDS.txt and Attach.txt files. I did not find a Send Email immediately option so I am including my email address on this post. RitaJP rjpresser@comcast.net DDS.txt Attach.txt
  23. Hello, I've been looking over the forms for a solution. My wife somehow got the whitesmoke toolbar/malware on the computer and it keeps hijacking the internet browsing. I've tried a scan with Malwarebytes' Anti-Malware but to no avail. Anyway I've been looking for a way to get it off and any help you could give would really be appreciated. Below are my DDS.txt Attach.txt and I have ran Combofix: DDS.txt ----------------------------------------------------------------------------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Susannah at 21:34:02 on 2012-05-30 . ============== Running Processes =============== . C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Users\Susannah\Desktop\Virus\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun mRun: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3428694F-CAF6-4D53-AC0A-6444815FB9E6} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FAD664F1-E5D1-4CB3-B368-EDED782DFBDD} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun-x64: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun mRun-x64: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R? AVGIDSAgent;AVGIDSAgent R? BrYNSvc;BrYNSvc R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service R? MozillaMaintenance;Mozilla Maintenance Service R? osppsvc;Office Software Protection Platform R? PerfHost;Performance Counter DLL Host R? SBRE;SBRE R? VST64_DPV;VST64_DPV R? VST64HWBS2;VST64HWBS2 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? AdobeARMservice;Adobe Acrobat Update Service S? AVGIDSDriver;AVGIDSDriver S? AVGIDSFilter;AVGIDSFilter S? AVGIDSHA;AVGIDSHA S? Avgldx64;AVG AVI Loader Driver S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx64;AVG Anti-Rootkit Driver S? Avgtdia;AVG TDI Driver S? avgwd;AVG WatchDog S? CAXHWBS2;CAXHWBS2 S? FontCache;Windows Font Cache Service S? NAUpdate;Nero Update S? netr28x;Ralink 802.11n Wireless Driver for Windows Vista S? PDFProFiltSrvPP;PDFProFiltSrvPP . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-05-30 14:08:25 -------- d-----w- C:\Users\Susannah\AppData\Local\temp 2012-05-30 13:13:35 98816 ----a-w- C:\Windows\sed.exe 2012-05-30 13:13:35 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-30 13:13:35 256000 ----a-w- C:\Windows\PEV.exe 2012-05-30 13:13:35 208896 ----a-w- C:\Windows\MBR.exe 2012-05-29 13:48:09 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19:32 -------- d-----w- C:\Users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-28 01:19:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-28 01:19:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:06:17 -------- d-----w- C:\ProgramData\GFI Software 2012-05-26 22:08:37 -------- d-----w- C:\Users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01:23 -------- d--h--w- C:\ProgramData\Common Files 2012-05-26 22:00:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-05-26 22:00:23 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-05-26 22:00:23 -------- d-----w- C:\ProgramData\AVG2012 2012-05-26 22:00:23 -------- d-----w- C:\$AVG 2012-05-26 21:58:13 -------- d-----w- C:\Program Files (x86)\AVG 2012-05-26 21:54:20 -------- d-----w- C:\Users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54:20 -------- d-----w- C:\Program Files (x86)\Conduit 2012-05-26 21:54:19 -------- d-----w- C:\ProgramData\MFAData 2012-05-26 21:54:15 -------- d-----w- C:\Users\Susannah\AppData\Local\Conduit 2012-05-26 21:47:00 -------- d-----w- C:\Users\Susannah\AppData\Local\adaware 2012-05-26 21:46:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-05-13 16:10:25 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54:59 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-12 15:54:45 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-12 15:54:44 2766848 ----a-w- C:\Windows\System32\win32k.sys 2012-05-05 20:30:49 -------- d-----w- C:\ProgramData\MumboJumbo 2012-05-05 20:24:39 -------- d-----w- C:\Program Files (x86)\MumboJumbo 2012-05-04 19:03:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-04 19:03:50 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03:50 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-13 16:10:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-19 11:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys . ============= FINISH: 21:34:38.49 =============== Attach.txt ----------------------------------------------------------------------------------------------------------------------------------------- . ==== Installed Programs ====================== . µTorrent Ad-Aware Browsing Protection Adobe AIR Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 ASPCA Reminder by We-Care.com v5.0.5.1 Auslogics Registry Cleaner AVCutty 3.2 Brother MFL-Pro Suite DCP-7065DN Compatibility Pack for the 2007 Office system Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition erLT Google SketchUp 8 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater Java™ 6 Update 26 JetMP3 Logitech SetPoint LUXOR LUXOR - Amun Rising LUXOR - Mah Jong LUXOR 2 Luxor: Amun Rising Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Web Publishing Wizard 1.52 MozBackup 1.4.10 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 en-US) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA PhysX Oblivion Photo Explosion Deluxe 3.0 Realtek High Definition Audio Driver Scansoft PDF Professional Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Snood for Windows version 3.52-W swMSM Unreal Tournament 2004 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Visual Studio 2008 x64 Redistributables Windows Media Player Firefox Plugin . ==== End Of File =========================== Combofix log ----------------------------------------------------------------------------------------------------------------------------------------- ComboFix 12-05-30.03 - Susannah 05/30/2012 7:48.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6466 [GMT -6:00] Running from: c:\users\Susannah\Desktop\Virus\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 ))))))))))))))))))))))))))))))) . . 2012-05-30 13:58 . 2012-05-30 14:02 -------- d-----w- c:\users\Susannah\AppData\Local\temp 2012-05-30 13:58 . 2012-05-30 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 13:48 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\programdata\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:19 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-28 01:06 . 2012-05-28 01:06 -------- d-----w- c:\programdata\GFI Software 2012-05-26 22:08 . 2012-05-26 22:08 -------- d-----w- c:\users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01 . 2012-05-26 22:01 -------- d--h--w- c:\programdata\Common Files 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-05-26 22:00 . 2012-05-29 23:22 -------- d-----w- c:\windows\system32\drivers\AVG 2012-05-26 22:00 . 2012-05-26 22:09 -------- d-----w- c:\programdata\AVG2012 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- C:\$AVG 2012-05-26 21:58 . 2012-05-26 21:58 -------- d-----w- c:\program files (x86)\AVG 2012-05-26 21:54 . 2012-05-30 13:40 -------- d-----w- c:\users\AppData 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\program files (x86)\Conduit 2012-05-26 21:54 . 2012-05-29 23:22 -------- d-----w- c:\programdata\MFAData 2012-05-26 21:54 . 2012-05-27 13:41 -------- d-----w- c:\users\Susannah\AppData\Local\Conduit 2012-05-26 21:47 . 2012-05-26 21:47 -------- d-----w- c:\users\Susannah\AppData\Local\adaware 2012-05-26 21:46 . 2012-05-26 21:46 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-13 16:10 . 2012-05-13 16:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-12 15:54 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-12 15:54 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys 2012-05-05 20:30 . 2012-05-05 20:30 -------- d-----w- c:\programdata\MumboJumbo 2012-05-05 20:24 . 2012-05-05 20:24 -------- d-----w- c:\program files (x86)\MumboJumbo 2012-05-04 19:03 . 2012-05-04 19:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-04 19:03 . 2012-05-04 19:03 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03 . 2012-05-04 19:03 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-13 16:10 . 2011-05-29 17:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50 . 2012-04-19 10:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-03-19 11:17 . 2012-03-19 11:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-03-06 23:15 . 2011-01-17 17:41 258520 ----a-w- c:\windows\system32\aswBoot.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-30_13.32.05 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-05-30 14:01 39212 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-05-30 14:02 72398 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-12-18 21:22 . 2012-05-30 14:02 12012 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2477298372-428459766-202237345-1000_UserData.bin - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-30 13:59 . 2012-05-30 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-30 13:59 . 2012-05-30 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 12:46 . 2012-05-30 13:38 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 104202 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2012-05-30 13:38 104202 c:\windows\system32\perfc009.dat - 2011-02-10 14:56 . 2012-05-30 13:29 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-10 14:56 . 2012-05-30 13:58 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-30 13:29 . 2012-05-30 13:58 1507292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat - 2012-05-30 13:29 . 2012-05-30 13:29 1507292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-25 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe c:\program files (x86)\Nero\Update\NASvc.exe c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe c:\program files (x86)\AVG\AVG2012\avgidsagent.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe . ************************************************************************** . Completion time: 2012-05-30 08:08:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-30 14:08 ComboFix2.txt 2012-05-30 13:40 . Pre-Run: 183,526,543,360 bytes free Post-Run: 183,918,620,672 bytes free . - - End Of File - - A247374F71FD391B3C4C47964372761C
  24. Hello! Never tried the forum bit but here goes, I've read several posts of users having similar issues to what I'm seeing with my machine, as all of them were delighted with the results I'm highly inclined to seek your assistance. It seems whenever I plug my computer into its internet connection the CPU usage goes full on, upon opening the WTM to find the culprit I see that PING.EXE begins with a nominal percentage before (in seconds) exponentially rocketing up to 100% causing the machine to freeze absolutely. However, no sooner than the cable has been disconnected, all returns to a stable operating state. Manually stopping ping.exe and the searchindexer.exe tree works temporarily but they soon revitalize and the issue resumes, svchost.exe also has a high CPU and memory usage but I've not tried stopping any of those. The few times I ventured online google.com would not work, where other sites would. I thought myself a fairly proficient a user when it comes to macro software processes but am bewildered by the Windows components and really don't want to deadline my machine. I defer to the knowledge and experience of this forums admins, moderators, experts, and trusted advisors, Please Help! Thankyou Attach.txt DDS.txt
  25. Hello, I think my desktop has been infrected with the annoying recommendations pop-up malware. I have attached the requested files. thanks, Steve Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.