savida Posted August 23, 2012 ID:589289 Share Posted August 23, 2012 Hello, I have been having issues with my laptop. My boyfriend told me about a site he visited before that help you get rid of malware on your computer and mentioned a program called Hijackthis. Googling HJT led me to this forum, so I'm hoping this is the same forum that he was helped on before.Issues with my laptop:- Unexpected shutdowns/restarts at random times- Notices from Microsoft about a "Missing RAID Controller"- desktop constantly freezes during usage and doesn't respond at all (leading me to force shutdown/restart)- Computer also doesn't recognize the dvd/cd player at times- generally slow and crashes-Occasionally when force restart, after the computer boots back up it will be fine, but eventually the blue screen pops up and pc restarts itselfI am not sure where exactly to begin getting help on this site, but I did download and run the Malwarebytes Anti-Malware Program and will post the log below. If I can get help as soon as possible I would greatly appriciate it and am waiting for a response. Thankyou.Log:Windows Vista Service Pack 2 x86 NTFSInternet Explorer 7.0.6002.18005Stef :: STEF-PC [administrator]Protection: Enabled8/22/2012 6:38:44 PMmbam-log-2012-08-22 (19-02-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 227173Time elapsed: 15 minute(s), 39 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 6HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> No action taken.(end) Link to post Share on other sites More sharing options...
Staff screen317 Posted August 24, 2012 Staff ID:589324 Share Posted August 24, 2012 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
savida Posted August 24, 2012 Author ID:589335 Share Posted August 24, 2012 Thankyou for your reply. I updated MBAM and ran the scan. The log for MBAM will be in this post, and the next post will have the DDS.txtMalwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.23.08Windows Vista Service Pack 2 x86 NTFSInternet Explorer 7.0.6002.18005Stef :: STEF-PC [administrator]Protection: Enabled8/23/2012 6:09:36 PMmbam-log-2012-08-23 (18-20-44).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 227233Time elapsed: 10 minute(s), 49 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 6HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> No action taken.(end) Link to post Share on other sites More sharing options...
savida Posted August 24, 2012 Author ID:589336 Share Posted August 24, 2012 .DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22Run by Stef at 18:24:55 on 2012-08-23Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1344 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\WTouch\WTouchService.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\PSIService.exec:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\Pen_Tablet.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeC:\ProgramData\TVersity\Media Server\MediaServer.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Windows\system32\Pen_Tablet.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Apple\Internet Services\ubd.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\igfxext.exeC:\Program Files\Toshiba\ConfigFree\CFSwMgr.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Real\RealPlayer\update\realsched.exeC:\Windows\system32\SearchProtocolHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBuDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBuInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_22\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dllTB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No FileuRun: [Google Update] "c:\users\stef\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exeuRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /trayuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEmRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exemRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exemRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exemRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [NDSTray.exe] NDSTray.exemRun: [cfFncEnabler.exe] cfFncEnabler.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [skytel] Skytel.exemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXEmRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentmPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{1A540B62-FC8A-4095-909A-4D42FC2125CB} : DhcpNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\stef\appdata\roaming\mozilla\firefox\profiles\ou3woiw0.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dllFF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dllFF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dllFF - component: c:\users\stef\appdata\roaming\mozilla\firefox\profiles\ou3woiw0.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dllFF - component: c:\users\stef\appdata\roaming\mozilla\firefox\profiles\ou3woiw0.default\extensions\avg@toolbar\components\toolbarhomewmp.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\picasa2\npPicasa3.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\program files\tabletplugins\npwacom.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\users\stef\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\users\stef\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\stef\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]R1 MpKsla4c5178d;MpKsla4c5178d;c:\programdata\microsoft\microsoft antimalware\definition updates\{1dbe755d-f280-4443-a235-f9abc4deeb5c}\MpKsla4c5178d.sys [2012-8-22 29904]R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-6-28 25896]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-22 655944]R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-4-5 4497704]R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-4-5 113448]R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-22 22344]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-23 40776]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-6-28 290304]R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-4-5 13480]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-26 250056]S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 29744]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-21 113120]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-5 16168]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-08-24 01:08:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-08-23 01:39:02 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1dbe755d-f280-4443-a235-f9abc4deeb5c}\MpKsla4c5178d.sys2012-08-23 01:37:02 -------- d-----w- c:\users\stef\appdata\roaming\Malwarebytes2012-08-23 01:36:20 -------- d-----w- c:\programdata\Malwarebytes2012-08-23 01:36:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-23 01:36:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-08-23 01:35:36 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1dbe755d-f280-4443-a235-f9abc4deeb5c}\offreg.dll2012-08-23 01:09:49 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1dbe755d-f280-4443-a235-f9abc4deeb5c}\mpengine.dll2012-08-21 06:57:58 7023536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-08-17 04:58:39 2047488 ----a-w- c:\windows\system32\win32k.sys2012-08-04 02:36:39 -------- d-----w- c:\users\stef\appdata\local\{D2F3F19C-50C3-4423-8147-AEBD97212C47}2012-08-04 02:36:26 -------- d-----w- c:\users\stef\appdata\local\{0E46BC5C-6822-4BC6-B4E2-8E3A3C1D8A6D}2012-08-04 02:18:06 -------- d-----w- c:\users\stef\appdata\local\Windows Live2012-08-02 00:06:49 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-08-02 00:06:48 683008 ----a-w- c:\windows\system32\d2d1.dll2012-08-02 00:06:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-08-02 00:06:48 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-08-02 00:06:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-08-01 05:14:02 -------- d-----w- c:\program files\Windows Portable Devices2012-08-01 05:11:13 92672 ----a-w- c:\windows\system32\UIAnimation.dll2012-08-01 05:11:11 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2012-08-01 05:11:10 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2012-08-01 05:09:38 81920 ----a-w- c:\windows\system32\wpdbusenum.dll2012-07-27 20:53:30 -------- d-----w- c:\programdata\Protexis2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2012-07-27 20:50:18 -------- d-----w- c:\program files\common files\Corel2012-07-27 20:47:40 -------- d-----w- c:\program files\common files\Protexis2012-07-27 20:47:28 -------- d-----w- c:\programdata\Corel2012-07-27 20:40:11 -------- d-----w- c:\program files\Corel2012-07-27 19:01:42 -------- d-----w- c:\windows\pss.==================== Find3M ====================.2012-08-15 18:59:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-15 18:59:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-23 19:27:42 952 --sha-w- c:\windows\system32\KGyGaAvL.sys2012-07-22 06:33:57 8 --sh--r- c:\windows\system32\7C08B6A493.sys2012-07-04 05:56:37 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-07-04 05:56:37 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-06-27 15:59:13 834048 ----a-w- c:\windows\system32\wininet.dll2012-06-27 14:15:21 389632 ----a-w- c:\windows\system32\html.iec2012-06-27 13:49:42 1383424 ----a-w- c:\windows\system32\mshtml.tlb2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll.============= FINISH: 18:26:19.24 =============== Link to post Share on other sites More sharing options...
savida Posted August 25, 2012 Author ID:589970 Share Posted August 25, 2012 Bumping thread Link to post Share on other sites More sharing options...
Staff screen317 Posted August 26, 2012 Staff ID:590093 Share Posted August 26, 2012 Hi,Please visit this webpage for instructions for running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.-screen317 Link to post Share on other sites More sharing options...
savida Posted August 27, 2012 Author ID:590323 Share Posted August 27, 2012 Thanks here is the combofix log:ComboFix 12-08-25.04 - Stef 08/26/2012 16:50:23.1.1 - x86Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1632 [GMT -7:00]Running from: c:\users\Stef\Desktop\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Stef\wordsc:\users\Stef\words\abrasive.txtc:\users\Stef\words\AdobeCS5 keys.txtc:\users\Stef\words\CIGARETTE BOXER.txtc:\users\Stef\words\desktop.inic:\users\Stef\words\happy faces.txtc:\users\Stef\words\INTERNETPSSWRDhome.txtc:\users\Stef\words\LEMON BARS.txtc:\users\Stef\words\love me.txtc:\users\Stef\words\Overly sentimental caffinated rhino..txtc:\users\Stef\words\promise thomas.txtc:\users\Stef\words\stef.txtc:\users\Stef\words\TOM.txtc:\users\Stef\words\unfinished_ypao.txtc:\users\Stef\words\winyouover.txtc:\windows\system32\ptc:\windows\system32\pt\toscdspd.cpl.mui..((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))..2012-08-27 00:05 . 2012-08-27 00:05 -------- d-----w- c:\users\TestAdmin\AppData\Local\temp2012-08-27 00:05 . 2012-08-27 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-26 23:42 . 2012-08-26 23:42 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2089D7E-2E05-45B0-8421-FD4EDCA22E9D}\offreg.dll2012-08-26 20:26 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2089D7E-2E05-45B0-8421-FD4EDCA22E9D}\mpengine.dll2012-08-25 19:58 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-23 01:37 . 2012-08-23 01:37 -------- d-----w- c:\users\Stef\AppData\Roaming\Malwarebytes2012-08-23 01:36 . 2012-08-23 01:36 -------- d-----w- c:\programdata\Malwarebytes2012-08-23 01:36 . 2012-08-23 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-08-23 01:36 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-17 04:58 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys2012-08-04 02:18 . 2012-08-04 02:37 -------- d-----w- c:\users\Stef\AppData\Local\Windows Live2012-08-02 00:06 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-08-02 00:06 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-08-02 00:06 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll2012-08-02 00:06 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-08-02 00:06 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-08-01 05:14 . 2012-08-01 05:14 -------- d-----w- c:\program files\Windows Portable Devices2012-08-01 05:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll2012-08-01 05:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2012-08-01 05:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2012-08-01 05:09 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe2012-08-01 03:11 . 2012-08-04 02:07 -------- d-----w- c:\users\TestAdmin\Tracing2012-07-31 22:38 . 2012-07-31 22:38 -------- d-----w- c:\users\TestAdmin\AppData\Local\Apple2012-07-29 02:30 . 2012-07-29 02:30 -------- d-----w- c:\users\TestAdmin\AppData\Roaming\OpenOffice.org2012-07-28 23:34 . 2012-08-01 18:18 -------- d-----w- c:\users\TestAdmin\AppData\Local\Adobe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-15 18:59 . 2012-05-26 11:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-15 18:59 . 2011-05-31 11:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-04 02:23 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-07-04 05:56 . 2003-08-27 20:43 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-07-04 05:56 . 2003-02-22 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX2012-06-05 16:47 . 2012-07-11 22:22 1401856 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 16:47 . 2012-07-11 22:22 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 15:26 . 2012-07-11 22:22 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 22:19 . 2012-06-23 22:24 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 22:19 . 2012-06-23 22:25 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-23 22:25 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-23 22:24 35864 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-23 22:24 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:19 . 2012-06-23 22:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:12 . 2012-06-23 22:25 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:12 . 2012-06-23 22:24 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 22:12 . 2012-06-23 22:24 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 00:04 . 2012-07-11 22:22 278528 ----a-w- c:\windows\system32\schannel.dll2012-06-02 00:03 . 2012-07-11 22:22 204288 ----a-w- c:\windows\system32\ncrypt.dll2012-07-22 05:27 . 2012-07-22 05:27 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]"NDSTray.exe"="NDSTray.exe" [bU]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-30 29744]"Skytel"="Skytel.exe" [2007-11-21 1826816]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-07-04 296096]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].c:\users\TestAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvcHPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 18:59].2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000Core.job- c:\users\Stef\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 00:23].2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000UA.job- c:\users\Stef\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 00:23]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\ou3woiw0.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exeHKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exeHKLM-Run-cfFncEnabler.exe - cfFncEnabler.exeHKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-08-26 17:07Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2012-08-26 17:13:34ComboFix-quarantined-files.txt 2012-08-27 00:13.Pre-Run: 54,446,006,272 bytes freePost-Run: 54,919,643,136 bytes free.- - End Of File - - 4927A7EA5E16E6003D78EB1AF6E5E5E7 Link to post Share on other sites More sharing options...
savida Posted August 27, 2012 Author ID:590325 Share Posted August 27, 2012 .DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22Run by Stef at 17:23:21 on 2012-08-26Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1545 [GMT -7:00].AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\WTouch\WTouchService.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\PSIService.exec:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\Pen_Tablet.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\WTouch\WTouchUser.exeC:\Windows\system32\Pen_Tablet.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Common Files\Apple\Internet Services\ubd.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\igfxext.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\ProgramData\TVersity\Media Server\MediaServer.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\system32\notepad.exeC:\Windows\explorer.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_22\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dlluRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEmRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exemRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exemRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exemRun: [NDSTray.exe] NDSTray.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [skytel] Skytel.exemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXEmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{1A540B62-FC8A-4095-909A-4D42FC2125CB} : DhcpNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\stef\appdata\roaming\mozilla\firefox\profiles\ou3woiw0.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\picasa2\npPicasa3.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\program files\tabletplugins\npwacom.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\users\stef\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\users\stef\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\stef\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-6-28 25896]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-22 655944]R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-4-5 4497704]R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-4-5 113448]R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-22 22344]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-6-28 290304]R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-4-5 13480]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-26 250056]S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 29744]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-21 113120]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-5 16168]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-08-27 00:13:55 -------- d-sh--w- C:\$RECYCLE.BIN2012-08-27 00:13:37 -------- d-----w- c:\users\stef\appdata\local\temp2012-08-26 23:46:32 98816 ----a-w- c:\windows\sed.exe2012-08-26 23:46:32 518144 ----a-w- c:\windows\SWREG.exe2012-08-26 23:46:32 256000 ----a-w- c:\windows\PEV.exe2012-08-26 23:46:32 208896 ----a-w- c:\windows\MBR.exe2012-08-26 23:42:37 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2089d7e-2e05-45b0-8421-fd4edca22e9d}\offreg.dll2012-08-26 20:26:48 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2089d7e-2e05-45b0-8421-fd4edca22e9d}\mpengine.dll2012-08-25 19:58:25 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-08-23 01:37:02 -------- d-----w- c:\users\stef\appdata\roaming\Malwarebytes2012-08-23 01:36:20 -------- d-----w- c:\programdata\Malwarebytes2012-08-23 01:36:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-23 01:36:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-08-17 04:58:39 2047488 ----a-w- c:\windows\system32\win32k.sys2012-08-04 02:36:39 -------- d-----w- c:\users\stef\appdata\local\{D2F3F19C-50C3-4423-8147-AEBD97212C47}2012-08-04 02:36:26 -------- d-----w- c:\users\stef\appdata\local\{0E46BC5C-6822-4BC6-B4E2-8E3A3C1D8A6D}2012-08-04 02:18:06 -------- d-----w- c:\users\stef\appdata\local\Windows Live2012-08-02 00:06:49 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-08-02 00:06:48 683008 ----a-w- c:\windows\system32\d2d1.dll2012-08-02 00:06:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-08-02 00:06:48 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-08-02 00:06:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-08-01 05:14:02 -------- d-----w- c:\program files\Windows Portable Devices2012-08-01 05:11:13 92672 ----a-w- c:\windows\system32\UIAnimation.dll2012-08-01 05:11:11 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2012-08-01 05:11:10 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2012-08-01 05:09:38 81920 ----a-w- c:\windows\system32\wpdbusenum.dll.==================== Find3M ====================.2012-08-15 18:59:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-15 18:59:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-23 19:27:42 952 --sha-w- c:\windows\system32\KGyGaAvL.sys2012-07-22 06:33:57 8 --sh--r- c:\windows\system32\7C08B6A493.sys2012-07-04 05:56:37 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-07-04 05:56:37 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-06-27 15:59:13 834048 ----a-w- c:\windows\system32\wininet.dll2012-06-27 14:15:21 389632 ----a-w- c:\windows\system32\html.iec2012-06-27 13:49:42 1383424 ----a-w- c:\windows\system32\mshtml.tlb2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll.============= FINISH: 17:24:02.94 =============== Link to post Share on other sites More sharing options...
savida Posted August 28, 2012 Author ID:590940 Share Posted August 28, 2012 Bumping thread Link to post Share on other sites More sharing options...
Staff screen317 Posted August 30, 2012 Staff ID:591500 Share Posted August 30, 2012 Hi,Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishExport the threats found (if any), and post them here.Next, please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
savida Posted August 30, 2012 Author ID:591821 Share Posted August 30, 2012 Hi and thank you for the reply.I was able to download TFC, ran it, and rebooted my computer.I came to a roadblock in the second instruction. I downloaded the tdsskiller.zip and saved it to a folder on my desktop. I then double clicked it and ran it. It ran the scan, but there was no "disinfection" process that I see and also it doesn't prompt me to restart my computer. I am not sure what to do now, and I also don't know where to find the log that you are talking about. Here is a link to the screencap of what the tdskiller shows me after a scan, nothing else:http://imgur.com/KIzurIf you can reply ASAP with how to continue, it would be greatly appriceiated. Thanks. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 30, 2012 Staff ID:591839 Share Posted August 30, 2012 There were no threats found, so please continue with the rest of the steps. Link to post Share on other sites More sharing options...
savida Posted August 31, 2012 Author ID:591954 Share Posted August 31, 2012 The log for the AdwCleaner:# AdwCleaner v2.000 - Logfile created 08/30/2012 at 22:47:07# Updated 30/08/2012 by Xplode# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)# User : Stef - STEF-PC# Boot Mode : Normal# Running from : C:\Users\Stef\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Found : C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\ou3woiw0.default\searchplugins\Conduit.xmlFolder Found : C:\Program Files\ConduitFolder Found : C:\Users\Stef\AppData\Local\ConduitFolder Found : C:\Users\Stef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Found : C:\Users\Stef\AppData\LocalLow\Conduit***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure SearchKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\SoftonicKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\SoftwareKey Found : HKU\S-1-5-21-3272625273-3966993124-275648158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKU\S-1-5-21-3272625273-3966993124-275648158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]***** [internet Browsers] *****-\\ Internet Explorer v7.0.6002.18005[OK] Registry is clean.-\\ Mozilla Firefox v15.0 (en-US)Profile name : defaultFile : C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\ou3woiw0.default\prefs.jsFound : user_pref("browser.search.defaultenginename", "AVG Secure Search");Found : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]Profile name : defaultFile : C:\Users\TestAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\0acl9vz3.default\prefs.js[OK] File is clean.-\\ Google Chrome v21.0.1180.83File : C:\Users\Stef\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [3698 octets] - [30/08/2012 22:47:07]########## EOF - C:\AdwCleaner[R1].txt - [3758 octets] ########## Link to post Share on other sites More sharing options...
savida Posted August 31, 2012 Author ID:591960 Share Posted August 31, 2012 Security Check Log: Results of screen317's Security Check version 0.99.49 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 7 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 CCleaner Java 6 Update 22 Java version out of Date! Adobe Flash Player 11.3.300.271 Adobe Reader X (10.1.4) Mozilla Firefox (15.0) Google Chrome 21.0.1180.79 Google Chrome 21.0.1180.83 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````During the ESET Online Scanner scan, my computer suddenly showed a blue screen which said something about shutting down to prevent corrupted files and then proceeded to restart itself. This happens occasionally even after rebooting my computer and having done nothing on it yet. The computer is still facing the same issues as stated in my first post; General slowness, occasional freezing, unexpected shut downs and a message after rebooting saying "Windows has detected unexpected shutdown" and the solution is to download and install a RAID controller. I am not sure what the message means.Thank you for the help so far, I will be awaiting your response. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 3, 2012 Staff ID:593207 Share Posted September 3, 2012 Hi,Please close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order numberRun TFC by OldTimer to clear temporary files:Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):Java™ 6 Update 22Adobe Flash Player 11.3.300.271 Restart your computer.Get the latest version of Java and Adobe Flash Player.Reboot.Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan-- do not download any programs; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.Click Start and type in cmd.exe; right-click cmd.exe and click Run as Admin...In the black box that appears, enter this command exactly as shown:chkdsk>"%userprofile%\desktop\chkdsk.txt"Press Enter. When prompted, type Y and press Enter. Upon restart, a disk check will commence. Allow it to finish and post chkdsk.txt from your Desktop when it finishes.-screen317 Link to post Share on other sites More sharing options...
savida Posted September 5, 2012 Author ID:593688 Share Posted September 5, 2012 ADWCLEANER.EXE:# AdwCleaner v2.000 - Logfile created 09/04/2012 at 21:55:53# Updated 30/08/2012 by Xplode# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)# User : Stef - STEF-PC# Boot Mode : Normal# Running from : C:\Users\Stef\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Deleted : C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\ou3woiw0.default\searchplugins\Conduit.xmlFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Users\Stef\AppData\Local\ConduitFolder Deleted : C:\Users\Stef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Deleted : C:\Users\Stef\AppData\LocalLow\Conduit***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure SearchKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLM\SOFTWARE\SoftwareValue Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]***** [internet Browsers] *****-\\ Internet Explorer v7.0.6002.18005Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]-\\ Mozilla Firefox v15.0 (en-US)Profile name : defaultFile : C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\ou3woiw0.default\prefs.jsDeleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]Profile name : defaultFile : C:\Users\TestAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\0acl9vz3.default\prefs.js[OK] File is clean.-\\ Google Chrome v21.0.1180.89File : C:\Users\Stef\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [3827 octets] - [30/08/2012 22:47:07]AdwCleaner[s1].txt - [3935 octets] - [04/09/2012 21:55:53]########## EOF - C:\AdwCleaner[s1].txt - [3995 octets] ##########PCPITSTOP.COM:http://www.pcpitstop.com/betapit/sec.asp?conid=25049311CHKDSK:The type of the file system is NTFS.Volume label is SQ004981V02.WARNING! F parameter not specified.Running CHKDSK in read-only mode.CHKDSK is verifying files (stage 1 of 3)... 0 percent complete. (0 of 226176 file records processed) 1 percent complete. (22618 of 226176 file records processed) 2 percent complete. (45236 of 226176 file records processed) 2 percent complete. (54621 of 226176 file records processed) 2 percent complete. (58794 of 226176 file records processed) 3 percent complete. (67853 of 226176 file records processed) 3 percent complete. (87770 of 226176 file records processed) 4 percent complete. (90471 of 226176 file records processed) 5 percent complete. (113088 of 226176 file records processed) 5 percent complete. (133340 of 226176 file records processed) 6 percent complete. (135706 of 226176 file records processed) 7 percent complete. (158324 of 226176 file records processed) 8 percent complete. (180941 of 226176 file records processed) 9 percent complete. (203559 of 226176 file records processed) 226176 file records processed. File verification completed. 739 large file records processed. 0 bad file records processed. 0 EA records processed. 74 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)...11 percent complete. (7322 of 292948 index entries processed) 12 percent complete. (14914 of 292948 index entries processed) 13 percent complete. (22506 of 292948 index entries processed) 14 percent complete. (30099 of 292948 index entries processed) 15 percent complete. (37691 of 292948 index entries processed) 16 percent complete. (45283 of 292948 index entries processed) 17 percent complete. (52876 of 292948 index entries processed) 17 percent complete. (56512 of 292948 index entries processed) 18 percent complete. (60468 of 292948 index entries processed) 19 percent complete. (68060 of 292948 index entries processed) 20 percent complete. (75652 of 292948 index entries processed) 21 percent complete. (83245 of 292948 index entries processed) 22 percent complete. (90837 of 292948 index entries processed) 23 percent complete. (98429 of 292948 index entries processed) 24 percent complete. (106022 of 292948 index entries processed) 25 percent complete. (113614 of 292948 index entries processed) 26 percent complete. (121206 of 292948 index entries processed) 27 percent complete. (128798 of 292948 index entries processed) 28 percent complete. (136391 of 292948 index entries processed) 29 percent complete. (143983 of 292948 index entries processed) 30 percent complete. (151575 of 292948 index entries processed) 31 percent complete. (159168 of 292948 index entries processed) 32 percent complete. (166760 of 292948 index entries processed) 33 percent complete. (174352 of 292948 index entries processed) 34 percent complete. (181944 of 292948 index entries processed) 35 percent complete. (189537 of 292948 index entries processed) 36 percent complete. (197129 of 292948 index entries processed) 37 percent complete. (204721 of 292948 index entries processed) 38 percent complete. (212314 of 292948 index entries processed) 39 percent complete. (219906 of 292948 index entries processed) 39 percent complete. (226179 of 292948 index entries processed) 39 percent complete. (226187 of 292948 index entries processed) 39 percent complete. (226259 of 292948 index entries processed) 39 percent complete. (226412 of 292948 index entries processed) 39 percent complete. (226545 of 292948 index entries processed) 39 percent complete. (226621 of 292948 index entries processed) 39 percent complete. (226879 of 292948 index entries processed) 39 percent complete. (226955 of 292948 index entries processed) 39 percent complete. (227005 of 292948 index entries processed) 39 percent complete. (227090 of 292948 index entries processed) 39 percent complete. (227174 of 292948 index entries processed) 39 percent complete. (227274 of 292948 index entries processed) 39 percent complete. (227381 of 292948 index entries processed) 39 percent complete. (227495 of 292948 index entries processed) 40 percent complete. (227498 of 292948 index entries processed) 40 percent complete. (227590 of 292948 index entries processed) 40 percent complete. (227669 of 292948 index entries processed) 40 percent complete. (227748 of 292948 index entries processed) 40 percent complete. (227993 of 292948 index entries processed) 40 percent complete. (228109 of 292948 index entries processed) 40 percent complete. (228263 of 292948 index entries processed) 40 percent complete. (228341 of 292948 index entries processed) 40 percent complete. (228456 of 292948 index entries processed) 40 percent complete. (228563 of 292948 index entries processed) 40 percent complete. (228745 of 292948 index entries processed) 40 percent complete. (229521 of 292948 index entries processed) 40 percent complete. (229578 of 292948 index entries processed) 40 percent complete. (229936 of 292948 index entries processed) 40 percent complete. (230163 of 292948 index entries processed) 40 percent complete. (230325 of 292948 index entries processed) 40 percent complete. (230425 of 292948 index entries processed) 40 percent complete. (230479 of 292948 index entries processed) 40 percent complete. (230568 of 292948 index entries processed) 40 percent complete. (230850 of 292948 index entries processed) 40 percent complete. (230900 of 292948 index entries processed) 40 percent complete. (230958 of 292948 index entries processed) 40 percent complete. (231182 of 292948 index entries processed) 40 percent complete. (231401 of 292948 index entries processed) 40 percent complete. (231442 of 292948 index entries processed) 40 percent complete. (231448 of 292948 index entries processed) 40 percent complete. (231728 of 292948 index entries processed) 40 percent complete. (231872 of 292948 index entries processed) 40 percent complete. (232247 of 292948 index entries processed) 40 percent complete. (232949 of 292948 index entries processed) 40 percent complete. (233235 of 292948 index entries processed) 40 percent complete. (233910 of 292948 index entries processed) 40 percent complete. (234284 of 292948 index entries processed) 40 percent complete. (234787 of 292948 index entries processed) 40 percent complete. (234821 of 292948 index entries processed) 40 percent complete. (234909 of 292948 index entries processed) 41 percent complete. (235090 of 292948 index entries processed) 41 percent complete. (235493 of 292948 index entries processed) 41 percent complete. (235928 of 292948 index entries processed) 41 percent complete. (236298 of 292948 index entries processed) 41 percent complete. (236764 of 292948 index entries processed) 41 percent complete. (236858 of 292948 index entries processed) 41 percent complete. (237179 of 292948 index entries processed) 41 percent complete. (237441 of 292948 index entries processed) 41 percent complete. (237660 of 292948 index entries processed) 41 percent complete. (237809 of 292948 index entries processed) 41 percent complete. (238004 of 292948 index entries processed) 41 percent complete. (238156 of 292948 index entries processed) 41 percent complete. (238372 of 292948 index entries processed) 41 percent complete. (238507 of 292948 index entries processed) 41 percent complete. (238625 of 292948 index entries processed) 41 percent complete. (238766 of 292948 index entries processed) 41 percent complete. (238913 of 292948 index entries processed) 41 percent complete. (239011 of 292948 index entries processed) 41 percent complete. (239172 of 292948 index entries processed) 41 percent complete. (239371 of 292948 index entries processed) 41 percent complete. (239483 of 292948 index entries processed) 41 percent complete. (239748 of 292948 index entries processed) 41 percent complete. (239877 of 292948 index entries processed) 41 percent complete. (239922 of 292948 index entries processed) 41 percent complete. (239962 of 292948 index entries processed) 41 percent complete. (240035 of 292948 index entries processed) 41 percent complete. (240154 of 292948 index entries processed) 41 percent complete. (240231 of 292948 index entries processed) 41 percent complete. (240324 of 292948 index entries processed) 41 percent complete. (240418 of 292948 index entries processed) 41 percent complete. (240569 of 292948 index entries processed) 41 percent complete. (240679 of 292948 index entries processed) 41 percent complete. (240778 of 292948 index entries processed) 41 percent complete. (240944 of 292948 index entries processed) 41 percent complete. (241115 of 292948 index entries processed) 41 percent complete. (241190 of 292948 index entries processed) 41 percent complete. (241449 of 292948 index entries processed) 41 percent complete. (241679 of 292948 index entries processed) 41 percent complete. (241917 of 292948 index entries processed) 41 percent complete. (242302 of 292948 index entries processed) 41 percent complete. (242547 of 292948 index entries processed) 42 percent complete. (242683 of 292948 index entries processed) 42 percent complete. (242979 of 292948 index entries processed) 42 percent complete. (243256 of 292948 index entries processed) 42 percent complete. (243452 of 292948 index entries processed) 42 percent complete. (243786 of 292948 index entries processed) 42 percent complete. (244013 of 292948 index entries processed) 42 percent complete. (244739 of 292948 index entries processed) 42 percent complete. (245282 of 292948 index entries processed) 42 percent complete. (245670 of 292948 index entries processed) 42 percent complete. (245956 of 292948 index entries processed) 42 percent complete. (246125 of 292948 index entries processed) 42 percent complete. (246390 of 292948 index entries processed) 42 percent complete. (246585 of 292948 index entries processed) 42 percent complete. (246738 of 292948 index entries processed) 42 percent complete. (246868 of 292948 index entries processed) 42 percent complete. (247224 of 292948 index entries processed) 42 percent complete. (247302 of 292948 index entries processed) 42 percent complete. (247414 of 292948 index entries processed) 42 percent complete. (247518 of 292948 index entries processed) 42 percent complete. (247644 of 292948 index entries processed) 42 percent complete. (247888 of 292948 index entries processed) 42 percent complete. (248140 of 292948 index entries processed) 42 percent complete. (248443 of 292948 index entries processed) 42 percent complete. (249078 of 292948 index entries processed) 42 percent complete. (249518 of 292948 index entries processed) 42 percent complete. (249896 of 292948 index entries processed) 42 percent complete. (250122 of 292948 index entries processed) 43 percent complete. (250275 of 292948 index entries processed) 43 percent complete. (250593 of 292948 index entries processed) 43 percent complete. (250821 of 292948 index entries processed) 43 percent complete. (250941 of 292948 index entries processed) 43 percent complete. (251166 of 292948 index entries processed) 43 percent complete. (251328 of 292948 index entries processed) 43 percent complete. (251464 of 292948 index entries processed) 43 percent complete. (251817 of 292948 index entries processed) 43 percent complete. (252158 of 292948 index entries processed) 43 percent complete. (252375 of 292948 index entries processed) 43 percent complete. (252590 of 292948 index entries processed) 43 percent complete. (252833 of 292948 index entries processed) 43 percent complete. (253125 of 292948 index entries processed) 43 percent complete. (253368 of 292948 index entries processed) 43 percent complete. (253534 of 292948 index entries processed) 43 percent complete. (253889 of 292948 index entries processed) 43 percent complete. (254276 of 292948 index entries processed) 43 percent complete. (254519 of 292948 index entries processed) 43 percent complete. (254677 of 292948 index entries processed) 43 percent complete. (254878 of 292948 index entries processed) 43 percent complete. (255053 of 292948 index entries processed) 43 percent complete. (255168 of 292948 index entries processed) 43 percent complete. (255378 of 292948 index entries processed) 43 percent complete. (255764 of 292948 index entries processed) 43 percent complete. (256399 of 292948 index entries processed) 43 percent complete. (257701 of 292948 index entries processed) 44 percent complete. (257867 of 292948 index entries processed) 44 percent complete. (258143 of 292948 index entries processed) 44 percent complete. (258525 of 292948 index entries processed) 44 percent complete. (258846 of 292948 index entries processed) 44 percent complete. (259023 of 292948 index entries processed) 44 percent complete. (259450 of 292948 index entries processed) 292948 index entries processed. Index verification completed.48 percent complete. (1 of 0 unindexed files processed) 0 unindexed files processed. CHKDSK is verifying security descriptors (stage 3 of 3)...48 percent complete. (0 of 226176 descriptors processed) 49 percent complete. (8641 of 226176 descriptors processed) 50 percent complete. (31418 of 226176 descriptors processed) 51 percent complete. (54195 of 226176 descriptors processed) 51 percent complete. (74206 of 226176 descriptors processed) 52 percent complete. (76972 of 226176 descriptors processed) 53 percent complete. (99749 of 226176 descriptors processed) 54 percent complete. (122526 of 226176 descriptors processed) 54 percent complete. (144315 of 226176 descriptors processed) 55 percent complete. (145302 of 226176 descriptors processed) 55 percent complete. (166693 of 226176 descriptors processed) 56 percent complete. (168079 of 226176 descriptors processed) 57 percent complete. (190856 of 226176 descriptors processed) 58 percent complete. (213633 of 226176 descriptors processed) 226176 security descriptors processed. Security descriptor verification completed. 33387 data files processed. CHKDSK is verifying Usn Journal...99 percent complete. (0 of 34430944 USN bytes processed) 99 percent complete. (9191424 of 34430944 USN bytes processed) 99 percent complete. (18255872 of 34430944 USN bytes processed) 99 percent complete. (27734016 of 34430944 USN bytes processed) 100 percent complete. (34422784 of 34430944 USN bytes processed) 34430944 USN bytes processed. Usn Journal verification completed.The Volume Bitmap is incorrect.Windows found problems with the file system.Run CHKDSK with the /F (fix) option to correct these. 147186687 KB total disk space. 91807776 KB in 183893 files. 109496 KB in 33388 indexes. 0 KB in bad sectors. 400103 KB in use by the system. 65536 KB occupied by the log file. 54869312 KB available on disk. 4096 bytes in each allocation unit. 36796671 total allocation units on disk. 13717328 allocation units available on disk. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 7, 2012 Staff ID:594556 Share Posted September 7, 2012 Hi,Click Start and type in cmd.exe; right-click cmd.exe and click Run as Admin...In the black box that appears, enter this command exactly as shown:chkdsk /rPress Enter. When prompted, type Y and press Enter. Upon restart, a disk check will commence. Allow it to finish and note any messages it gives.Reboot.Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.Reboot. How are things running now? Link to post Share on other sites More sharing options...
savida Posted September 8, 2012 Author ID:594687 Share Posted September 8, 2012 Thank you for your help so far.During the disk check, I didn't catch any messages given.My laptop is generally running much better. It hasn't restarted on it's own, nor has the desktop frozen. Restarting doesn't take as long as it did before and also the response time for loading programs is better. Also, my dvd/cd drive is now showing up and functioning!Thank you so much for all your help, is there anything else I need to do? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 12, 2012 Staff ID:596167 Share Posted September 12, 2012 Great!Please double click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with Yes.Reboot.Anything else I can help you with? Link to post Share on other sites More sharing options...
savida Posted September 13, 2012 Author ID:596646 Share Posted September 13, 2012 Thank you!Actually, yes. So it's been a few days since the last steps you advised me to do were done and my laptop was running great. I haven't been doing anythin different, but then I think it was a day after my cd/dvd drive-which I have been missing on and off for the last few months- stopped appearing as a drive. All I see in the Computer folder is just "C:". Usually after I shutdown or restart the dvd drive will show, after putting the laptop on Sleep mode and "waking" from it, the dvd drive won't be there.Is there anything you can help me do with this problem?Other than that, just a few desktop freezes and one unexpected resart, my laptop is doing good. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 14, 2012 Staff ID:597190 Share Posted September 14, 2012 Hi savida,Let's see if we can find the cause.Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.Navigate to File --> Save As..., and save the file as RegExport.bat (make sure the Save As Type is set to All Files).Save it to your Desktop.@echo offREGEDIT.exe /E "%userprofile%\DESKTOP\CDcheck.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}"EXITNow navigate to your Desktop, and double click RegExport.batA black window will open and close quickly. This is normal.Now, open Notepad, navigate to your Desktop, and open CDcheck.reg. Post its contents. Link to post Share on other sites More sharing options...
savida Posted September 24, 2012 Author ID:600795 Share Posted September 24, 2012 Thank you for your response. I also attempted to fix this problem myself with some information and instructions online. Did you need that information as well? Please, let me know if you do.-------------------------------------------Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]"Class"="CDROM""ClassDesc"="@%SystemRoot%\\System32\\StorProp.dll,-17001"@="DVD/CD-ROM drives""IconPath"=hex(7):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\ 00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\ 2d,00,33,00,30,00,00,00,00,00"Installer32"="storprop.dll,DvdClassInstaller""EnumPropPages32"="storprop.dll,DvdPropPageProvider""SilentInstall"="1""NoInstallClass"="1""UpperFilters"=hex(7):47,00,45,00,41,00,52,00,41,00,73,00,70,00,69,00,57,00,44,\ 00,4d,00,00,00,00,00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]"InfPath"="cdrom.inf""InfSection"="cdrom_install""ProviderName"="Microsoft""DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01"DriverDate"="6-21-2006""DriverVersion"="6.0.6002.18005""MatchingDeviceId"="gencdrom""DriverDesc"="CD-ROM Drive"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]"InfPath"="cdrom.inf""InfSection"="cdrom_install""ProviderName"="Microsoft""DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01"DriverDate"="6-21-2006""DriverVersion"="6.0.6002.18005""MatchingDeviceId"="gencdrom""DriverDesc"="CD-ROM Drive" Link to post Share on other sites More sharing options...
Staff screen317 Posted September 25, 2012 Staff ID:601183 Share Posted September 25, 2012 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:Registry::[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]"UpperFilters"=-KILLALL::Save this as CFScriptThen drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
savida Posted September 28, 2012 Author ID:602324 Share Posted September 28, 2012 COMBOFIX.TXT:ComboFix 12-09-27.03 - Stef 09/28/2012 15:40:32.2.1 - x86Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1413 [GMT -7:00]Running from: c:\users\Stef\Desktop\ComboFix.exeCommand switches used :: c:\users\Stef\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Stef\AppData\Roaming\WTouchc:\users\Stef\AppData\Roaming\WTouch\WTouch.xmlc:\users\TestAdmin\AppData\Roaming\WTouchc:\users\TestAdmin\AppData\Roaming\WTouch\WTouch.xml..((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))..2012-09-28 22:59 . 2012-09-28 23:00 -------- d-----w- c:\users\Stef\AppData\Roaming\WTouch2012-09-28 22:54 . 2012-09-28 23:00 -------- d-----w- c:\users\Stef\AppData\Local\temp2012-09-28 22:54 . 2012-09-28 22:54 -------- d-----w- c:\users\TestAdmin\AppData\Local\temp2012-09-28 22:54 . 2012-09-28 22:54 -------- d-----w- c:\users\Public\AppData\Local\temp2012-09-28 22:54 . 2012-09-28 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp2012-09-28 22:35 . 2012-09-28 22:35 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{306CB6B7-B93F-4983-9B07-95914EDA3AA0}\MpKslb358be9e.sys2012-09-26 17:40 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{306CB6B7-B93F-4983-9B07-95914EDA3AA0}\mpengine.dll2012-09-25 08:04 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-09-22 12:30 . 2012-08-24 15:53 834048 ----a-w- c:\windows\system32\wininet.dll2012-09-22 12:30 . 2012-08-24 14:07 389632 ----a-w- c:\windows\system32\html.iec2012-09-22 12:29 . 2012-08-24 15:53 129024 ----a-w- c:\program files\Internet Explorer\sqmapi.dll2012-09-22 12:29 . 2012-08-24 13:41 1383424 ----a-w- c:\windows\system32\mshtml.tlb2012-09-08 01:31 . 2012-09-08 01:31 -------- d-----w- c:\program files\Defraggler2012-09-05 05:38 . 2012-09-05 05:38 -------- d-----w- c:\program files\Common Files\Java2012-09-05 05:38 . 2012-09-05 05:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll2012-09-05 05:38 . 2012-09-05 05:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-09-05 05:34 . 2012-09-05 05:34 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-05 05:34 . 2012-09-05 05:34 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-09-05 05:37 . 2010-05-11 15:15 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-08-04 02:23 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-07-04 14:02 . 2012-08-17 04:58 2047488 ----a-w- c:\windows\system32\win32k.sys2012-07-04 05:56 . 2003-08-27 20:43 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-07-04 05:56 . 2003-02-22 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll2012-09-10 21:22 . 2012-09-10 21:20 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]"NDSTray.exe"="NDSTray.exe" [bU]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-30 29744]"Skytel"="Skytel.exe" [2007-11-21 1826816]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-07-04 296096]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848].c:\users\TestAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvcHPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 05:34].2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000Core.job- c:\users\Stef\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 00:23].2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272625273-3966993124-275648158-1000UA.job- c:\users\Stef\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 00:23]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\ou3woiw0.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-09-28 16:01Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.------------------------ Other Running Processes ------------------------.c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\program files\Microsoft Security Client\MsMpEng.exec:\program files\WTouch\WTouchService.exec:\windows\SYSTEM32\WISPTIS.EXEc:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\TOSHIBA\ConfigFree\CFSvcs.exec:\program files\Super_DVD_Creator_9.8\NMSAccessU.exec:\windows\system32\PSIService.exec:\program files\Common Files\Protexis\License Service\PsiService_2.exec:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exec:\windows\system32\Pen_Tablet.exec:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exec:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exec:\windows\system32\TODDSrv.exec:\program files\Toshiba\Power Saver\TosCoSrv.exec:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exec:\programdata\TVersity\Media Server\MediaServer.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\SYSTEM32\WISPTIS.EXEc:\program files\WTouch\WTouchUser.exec:\windows\system32\WTablet\Pen_TabletUser.exec:\windows\system32\Pen_Tablet.exec:\windows\RtHDVCpl.exec:\program files\Toshiba\ConfigFree\NDSTray.exec:\windows\system32\igfxsrvc.exec:\windows\system32\wbem\unsecapp.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\igfxext.exec:\program files\Common Files\Apple\Apple Application Support\distnoted.exec:\program files\Toshiba\ConfigFree\CFSwMgr.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2012-09-28 16:08:15 - machine was rebootedComboFix-quarantined-files.txt 2012-09-28 23:08ComboFix2.txt 2012-08-27 00:13.Pre-Run: 65,418,792,960 bytes freePost-Run: 65,395,376,128 bytes free.- - End Of File - - 38A323E937C8CE27CF6B57F1FD28D340DDS LOG:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.7.2Run by Stef at 16:11:24 on 2012-09-28Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1642 [GMT -7:00].AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\WTouch\WTouchService.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\PSIService.exec:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\Pen_Tablet.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeC:\ProgramData\TVersity\Media Server\MediaServer.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\Dwm.exeC:\Program Files\WTouch\WTouchUser.exeC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Windows\system32\Pen_Tablet.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Apple\Internet Services\ubd.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\igfxext.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Toshiba\ConfigFree\CFSwMgr.exeC:\Windows\system32\wuauclt.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\Explorer.exeC:\Windows\system32\notepad.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchProtocolHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\wuauclt.exeC:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.137.519.0.exeC:\Windows\system32\MpSigStub.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHBuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dlluRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEmRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exemRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exemRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exemRun: [NDSTray.exe] NDSTray.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [skytel] Skytel.exemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CABDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{1A540B62-FC8A-4095-909A-4D42FC2125CB} : DhcpNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\stef\appdata\roaming\mozilla\firefox\profiles\ou3woiw0.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\picasa2\npPicasa3.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\program files\tabletplugins\npwacom.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\users\stef\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\users\stef\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\stef\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]R1 MpKslb358be9e;MpKslb358be9e;c:\programdata\microsoft\microsoft antimalware\definition updates\{306cb6b7-b93f-4983-9b07-95914eda3aa0}\MpKslb358be9e.sys [2012-9-28 29904]R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-6-28 25896]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-4-5 4497704]R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-4-5 113448]R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-6-28 290304]R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-4-5 13480]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-4 250568]S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 29744]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-21 114144]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-5 16168]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-09-28 23:11:16 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f6070d2-8c42-427b-9c6c-0f01a926e3fc}\mpengine.dll2012-09-28 23:08:18 -------- d-----w- c:\users\stef\appdata\local\temp2012-09-28 23:00:02 -------- d-sh--w- C:\$RECYCLE.BIN2012-09-28 22:59:36 -------- d-----w- c:\users\stef\appdata\roaming\WTouch2012-09-28 22:36:31 98816 ----a-w- c:\windows\sed.exe2012-09-28 22:36:31 518144 ----a-w- c:\windows\SWREG.exe2012-09-28 22:36:31 256000 ----a-w- c:\windows\PEV.exe2012-09-28 22:36:31 208896 ----a-w- c:\windows\MBR.exe2012-09-28 22:35:13 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{306cb6b7-b93f-4983-9b07-95914eda3aa0}\MpKslb358be9e.sys2012-09-26 17:40:06 6980552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{306cb6b7-b93f-4983-9b07-95914eda3aa0}\mpengine.dll2012-09-25 08:04:43 6980552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-09-22 12:30:05 834048 ----a-w- c:\windows\system32\wininet.dll2012-09-22 12:30:04 389632 ----a-w- c:\windows\system32\html.iec2012-09-22 12:29:57 129024 ----a-w- c:\program files\internet explorer\sqmapi.dll2012-09-22 12:29:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb2012-09-10 21:20:12 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe2012-09-08 01:31:38 -------- d-----w- c:\program files\Defraggler2012-09-05 05:38:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll2012-09-05 05:38:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-09-05 05:34:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-05 05:34:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe.==================== Find3M ====================.2012-09-05 05:37:31 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-07-23 19:27:42 952 --sha-w- c:\windows\system32\KGyGaAvL.sys2012-07-22 06:33:57 8 --sh--r- c:\windows\system32\7C08B6A493.sys2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys2012-07-04 05:56:37 499712 ----a-w- c:\windows\system32\msvcp71.dll2012-07-04 05:56:37 348160 ----a-w- c:\windows\system32\msvcr71.dll.============= FINISH: 16:12:06.34 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 1, 2012 Staff ID:603035 Share Posted October 1, 2012 Hi,Are you still experiencing CD drive issues?? Link to post Share on other sites More sharing options...
Recommended Posts