Jump to content

Please help me look at these logs.


Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Omega3Magic at 15:15:13 on 2011-12-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.127 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\hkcmd.exe

C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe

C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

c:\program files\teamviewer\version7\TeamViewer_Desktop.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN15I4C02H05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRunOnce: [spybotDeletingB3789] command.com /c del "c:\program files\mywebsearchwb\bar\cache\01622477.bin"

uRunOnce: [spybotDeletingD97] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\01622477.bin"

uRunOnce: [spybotDeletingB2792] command.com /c del "c:\program files\mywebsearchwb\bar\cache\01625373.bin"

uRunOnce: [spybotDeletingD9039] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\01625373.bin"

uRunOnce: [spybotDeletingB3349] command.com /c del "c:\program files\mywebsearchwb\bar\cache\016256DD.bin"

uRunOnce: [spybotDeletingD8455] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\016256DD.bin"

uRunOnce: [spybotDeletingB7482] command.com /c del "c:\program files\mywebsearchwb\bar\cache\0171A135.bin"

uRunOnce: [spybotDeletingD8841] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\0171A135.bin"

uRunOnce: [spybotDeletingB5589] command.com /c del "c:\program files\mywebsearchwb\bar\cache\019128FB"

uRunOnce: [spybotDeletingD7978] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\019128FB"

uRunOnce: [spybotDeletingB2054] command.com /c del "c:\program files\mywebsearchwb\bar\cache\019363F8.bin"

uRunOnce: [spybotDeletingD6574] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\019363F8.bin"

uRunOnce: [spybotDeletingB9315] command.com /c del "c:\program files\mywebsearchwb\bar\cache\01936687.bin"

uRunOnce: [spybotDeletingD2278] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\01936687.bin"

uRunOnce: [spybotDeletingB8738] command.com /c del "c:\program files\mywebsearchwb\bar\cache\0193769D.bin"

uRunOnce: [spybotDeletingD7305] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\0193769D.bin"

uRunOnce: [spybotDeletingB874] command.com /c del "c:\program files\mywebsearchwb\bar\cache\02AA389A.bin"

uRunOnce: [spybotDeletingD2244] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\02AA389A.bin"

uRunOnce: [spybotDeletingB5664] command.com /c del "c:\program files\mywebsearchwb\bar\cache\files.ini"

uRunOnce: [spybotDeletingD6219] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\files.ini"

uRunOnce: [spybotDeletingB4410] command.com /c del "c:\program files\mywebsearchwb\bar\history\search"

uRunOnce: [spybotDeletingD4240] cmd.exe /c del "c:\program files\mywebsearchwb\bar\history\search"

uRunOnce: [spybotDeletingB3132] command.com /c del "c:\program files\mywebsearchwb\bar\settings\prevcfg.htm"

uRunOnce: [spybotDeletingD8590] cmd.exe /c del "c:\program files\mywebsearchwb\bar\settings\prevcfg.htm"

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [spybotDeletingA6091] command.com /c del "c:\program files\mywebsearchwb\bar\cache\01622477.bin"

mRunOnce: [spybotDeletingC8760] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\01622477.bin"

mRunOnce: [spybotDeletingA7314] command.com /c del "c:\program files\mywebsearchwb\bar\cache\01625373.bin"

mRunOnce: [spybotDeletingC9344] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\01625373.bin"

mRunOnce: [spybotDeletingA5462] command.com /c del "c:\program files\mywebsearchwb\bar\cache\016256DD.bin"

mRunOnce: [spybotDeletingC3862] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\016256DD.bin"

mRunOnce: [spybotDeletingA8161] command.com /c del "c:\program files\mywebsearchwb\bar\cache\0171A135.bin"

mRunOnce: [spybotDeletingC4729] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\0171A135.bin"

mRunOnce: [spybotDeletingA2643] command.com /c del "c:\program files\mywebsearchwb\bar\cache\019128FB"

mRunOnce: [spybotDeletingC9359] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\019128FB"

mRunOnce: [spybotDeletingA3940] command.com /c del "c:\program files\mywebsearchwb\bar\cache\019363F8.bin"

mRunOnce: [spybotDeletingC7609] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\019363F8.bin"

mRunOnce: [spybotDeletingA8702] command.com /c del "c:\program files\mywebsearchwb\bar\cache\01936687.bin"

mRunOnce: [spybotDeletingC5612] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\01936687.bin"

mRunOnce: [spybotDeletingA4511] command.com /c del "c:\program files\mywebsearchwb\bar\cache\0193769D.bin"

mRunOnce: [spybotDeletingC7656] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\0193769D.bin"

mRunOnce: [spybotDeletingA1741] command.com /c del "c:\program files\mywebsearchwb\bar\cache\02AA389A.bin"

mRunOnce: [spybotDeletingC8417] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\02AA389A.bin"

mRunOnce: [spybotDeletingA6733] command.com /c del "c:\program files\mywebsearchwb\bar\cache\files.ini"

mRunOnce: [spybotDeletingC2033] cmd.exe /c del "c:\program files\mywebsearchwb\bar\cache\files.ini"

mRunOnce: [spybotDeletingA809] command.com /c del "c:\program files\mywebsearchwb\bar\history\search"

mRunOnce: [spybotDeletingC8997] cmd.exe /c del "c:\program files\mywebsearchwb\bar\history\search"

mRunOnce: [spybotDeletingA6225] command.com /c del "c:\program files\mywebsearchwb\bar\settings\prevcfg.htm"

mRunOnce: [spybotDeletingC7599] cmd.exe /c del "c:\program files\mywebsearchwb\bar\settings\prevcfg.htm"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: army.mil\webmail.us

Trusted Zone: army.mil\webmail2.us

Trusted Zone: army.mil\www.us

Trusted Zone: usacu.org\pcba

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BB812C54-F5D5-4635-B838-2E1DB5120660} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-12-24 20:56:13 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z.Z....Z..ZZ

2011-12-24 19:39:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-24 17:15:37 -------- d-----w- c:\users\omega3magic\appdata\roaming\TeamViewer

2011-12-16 18:19:39 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-16 18:19:23 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-16 18:05:57 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-16 18:05:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-16 18:05:54 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-16 18:05:51 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-16 18:05:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-11-19 13:58:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-18 20:09:29 255352 ----a-w- c:\windows\system32\awrdscdc.ax

2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

.

============= FINISH: 15:23:21.41 ===============

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.