kandie1023 Posted January 24, 2013 ID:638755 Share Posted January 24, 2013 Hi I fell for the Ammyy scam but I caught on before giving any personal info. I just want to make sure my laptop is safe and no one can access it or hajack it. Could someone please help me. Thank you in advance. CandaceP.S. I have the logs it asked me to get. Link to post Share on other sites More sharing options...
Maniac Posted January 24, 2013 ID:638787 Share Posted January 24, 2013 Hello kandie1023 and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please post them. Link to post Share on other sites More sharing options...
kandie1023 Posted January 24, 2013 Author ID:638832 Share Posted January 24, 2013 this was from ddsDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16457Run by Candace at 10:19:00 on 2013-01-24Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1442 [GMT -5:00].AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files (x86)\Ask.com\Updater\Updater.exeC:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\windows\servicing\TrustedInstaller.exeC:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exeC:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXEC:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\windows\System32\svchost.exe -k swprvC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://start.toshiba.com/uDefault_Page_URL = hxxp://start.toshiba.commStart Page = hxxp://www.yahoo.com/?ilc=8mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8uProxyOverride = <local>;*.localmWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dllTB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimizeduRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietmRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDmRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabTCP: NameServer = 192.168.2.1TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3}\76462757D6D6F6E6460313 : DHCPNameServer = 209.18.47.61 209.18.47.62 0.0.0.0Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Candace\AppData\Roaming\Mozilla\Firefox\Profiles\zw5bw0qb.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dllFF - ExtSQL: 2012-12-16 18:16; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgnFF - ExtSQL: 2013-01-11 10:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1300000.080\SymDS64.sys [2012-12-16 451192]R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1300000.080\SymEFA64.sys [2012-12-16 1083512]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130116.013_ea4\BHDrvx64.sys [2013-1-16 1388120]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1300000.080\ccSetx64.sys [2012-12-16 165512]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130123.001\IDSviA64.sys [2013-1-23 513184]R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1300000.080\Ironx64.sys [2012-12-16 189560]R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1300000.080\symnets.sys [2012-12-16 396408]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-12-16 138760]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-12-16 123320]R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-12-16 126392]R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-29 3677000]R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2012-10-24 82872]R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-29 175496]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-16 2656280]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-18 138912]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-12-16 9216]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-24 24176]R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-12-16 38096]R3 sbwtis;sbwtis;C:\windows\System32\drivers\sbwtis.sys [2012-10-24 86816]R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-12-16 57216]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2012-12-16 42096]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-1-23 38096]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-12-16 243712]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-18 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-01-24 14:38:14 -------- d-----w- C:\Users\Candace\AppData\Roaming\Malwarebytes2013-01-24 14:38:08 -------- d-----w- C:\ProgramData\Malwarebytes2013-01-24 14:38:05 24176 ----a-w- C:\windows\System32\drivers\mbam.sys2013-01-24 14:38:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-01-24 14:37:48 -------- d-----w- C:\Users\Candace\AppData\Local\Programs2013-01-24 00:38:19 750592 ----a-w- C:\windows\System32\win32spl.dll2013-01-24 00:36:34 424448 ----a-w- C:\windows\System32\KernelBase.dll2013-01-24 00:34:21 38096 ----a-w- C:\windows\System32\drivers\gfiark.sys2013-01-24 00:32:56 -------- d-----w- C:\ProgramData\GFI Software2013-01-24 00:32:48 68608 ----a-w- C:\windows\System32\taskhost.exe2013-01-24 00:32:47 3149824 ----a-w- C:\windows\System32\win32k.sys2013-01-24 00:31:56 47496 ----a-w- C:\windows\System32\sbbd.exe2013-01-24 00:31:14 -------- d-----w- C:\ProgramData\Downloaded Installations2013-01-24 00:30:28 -------- d-----w- C:\Program Files (x86)\GFI Software2013-01-24 00:30:17 -------- d-----w- C:\Users\Candace\AppData\Roaming\GFI Software2013-01-23 22:55:27 -------- d-----w- C:\Users\Candace\AppData\Local\LogMeIn Rescue Applet2013-01-23 22:52:43 -------- d-----w- C:\ProgramData\AMMYY2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Deployment2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Apps2013-01-16 02:53:35 -------- d-----w- C:\Users\Candace\AppData\Local\Macromedia2013-01-13 02:41:31 -------- d-----w- C:\Users\Candace\AppData\Roaming\WildTangent2013-01-12 13:54:58 -------- d-----w- C:\Users\Candace\AppData\Local\Diagnostics2013-01-11 16:44:31 -------- d-----w- C:\Program Files (x86)\Yahoo!2013-01-11 15:43:03 -------- d-----w- C:\Users\Candace\AppData\Local\Adobe2013-01-09 13:34:08 492032 ----a-w- C:\windows\SysWow64\win32spl.dll2013-01-09 13:33:55 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll2013-01-09 13:33:39 55296 ----a-w- C:\windows\SysWow64\cero.rs2013-01-09 13:33:39 51712 ----a-w- C:\windows\SysWow64\esrb.rs2013-01-09 13:33:39 23552 ----a-w- C:\windows\System32\oflc.rs2013-01-09 13:33:00 3072 ---ha-w- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll2013-01-09 13:33:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll2013-01-08 17:48:17 -------- d-----w- C:\ProgramData\VirtualizedApplications2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Roaming\SoftGrid Client2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Local\SoftGrid Client2013-01-08 15:36:45 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client2013-01-08 15:36:23 -------- d-----w- C:\Users\Candace\AppData\Roaming\TP2013-01-06 22:17:15 -------- d-----w- C:\f4d7b4a507489b0c85813f58fb2013-01-04 00:45:29 -------- d-----w- C:\Program Files (x86)\Tango2013-01-04 00:45:26 -------- d-----w- C:\Users\Candace\AppData\Local\tango2013-01-03 14:46:22 -------- d-----w- C:\Users\Candace\AppData\Local\CrashDumps2012-12-26 01:25:25 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A60723F8-CCE6-4DA8-8830-CA2D730D7947}\mpengine.dll.==================== Find3M ====================.2013-01-10 13:27:33 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-10 13:27:33 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2012-12-17 00:58:48 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs2012-12-07 10:46:42 43520 ----a-w- C:\windows\SysWow64\csrr.rs2012-12-07 10:46:42 30720 ----a-w- C:\windows\SysWow64\usk.rs2012-12-07 10:46:41 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs2012-12-07 10:46:41 44544 ----a-w- C:\windows\SysWow64\pegibbfc.rs2012-12-07 10:46:41 23552 ----a-w- C:\windows\SysWow64\oflc.rs2012-12-07 10:46:41 20480 ----a-w- C:\windows\SysWow64\pegi-pt.rs2012-12-07 10:46:40 20480 ----a-w- C:\windows\SysWow64\pegi-fi.rs2012-12-07 10:46:39 46592 ----a-w- C:\windows\SysWow64\fpb.rs2012-12-07 10:46:39 20480 ----a-w- C:\windows\SysWow64\pegi.rs2012-12-07 10:46:38 21504 ----a-w- C:\windows\SysWow64\grb.rs2012-12-07 10:46:37 40960 ----a-w- C:\windows\SysWow64\cob-au.rs2012-12-07 10:46:37 15360 ----a-w- C:\windows\SysWow64\djctq.rs2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll2012-10-30 03:33:16 47496 ----a-w- C:\windows\SysWow64\sbbd.exe.============= FINISH: 10:19:26.00 =============== Link to post Share on other sites More sharing options...
kandie1023 Posted January 24, 2013 Author ID:638833 Share Posted January 24, 2013 this was from attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 12/16/2012 6:13:11 PMSystem Uptime: 1/24/2013 8:49:33 AM (2 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU | 2100/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 238.727 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP14: 1/14/2013 10:09:20 AM - Windows Modules InstallerRP15: 1/14/2013 10:58:29 AM - Windows Modules InstallerRP16: 1/24/2013 7:51:04 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X MUIApple Mobile Device SupportApple Software UpdateAsk ToolbarAtheros Bluetooth Filter Driver PackageAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAtheros Driver Installation ProgramBejeweled 3Bluetooth Stack for Windows by ToshibaBonjourChuzzle DeluxeConexant HD AudioD3DX10FATE - The Traitor SoulFishdom 2Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyJava Auto UpdaterJava 6 Update 25Junk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 18.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Norton Internet SecurityooVooooVoo toolbar, powered by Ask.com UpdaterPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Polar BowlerQuickTimeRealtek USB 2.0 Card ReaderSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Skype Click to CallSkype LauncherSkype™ 6.0Synaptics Pointing Device DriverTangoTom Clancy's Splinter CellToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inToshiba Online BackupTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTOSHIBA Wireless LAN IndicatorTOSHIBARegistrationUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update Installer for WildTangent Games AppVIPRE AntivirusVirtual Villagers 5 - New BelieversWildTangent GamesWildTangent Games App (Toshiba Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesYahoo! MessengerYahoo! Software UpdateYahoo! ToolbarZuma's Revenge.==== Event Viewer Messages From Past Week ========.1/24/2013 8:50:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.1/24/2013 8:50:35 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/24/2013 8:44:50 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.1/24/2013 8:35:27 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.1/24/2013 8:35:20 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\athihvs.dll Error Code: 211/24/2013 8:35:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/24/2013 8:35:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/24/2013 8:35:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/24/2013 8:35:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/24/2013 8:35:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv61/24/2013 8:35:01 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.1/23/2013 7:24:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx641/20/2013 12:27:14 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.5 with the system having network hardware address 74-E1-B6-AA-B7-2C. Network operations on this system may be disrupted as a result..==== End Of File =========================== Link to post Share on other sites More sharing options...
kandie1023 Posted January 24, 2013 Author ID:638834 Share Posted January 24, 2013 this was from mabam-log-2013-01-24 (09-51-15)Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.24.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Candace :: CANDACE-PC [administrator]Protection: Enabled1/24/2013 9:51:15 AMmbam-log-2013-01-24 (09-51-15).txtScan type: Full scan (C:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 395020Time elapsed: 2 hour(s), 14 minute(s), 27 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kandie1023 Posted January 24, 2013 Author ID:638837 Share Posted January 24, 2013 Hopefully that was what you were asking me for. Link to post Share on other sites More sharing options...
Maniac Posted January 25, 2013 ID:639101 Share Posted January 25, 2013 Step 1Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall VIPRE Antivirus and to keep Norton Internet Security, but only if you have license for it, if not uninstall it.Also, please uninstall:Ask ToolbarooVoo toolbar, powered by Ask.com UpdaterFinally, restart your computer.Step 2Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 4Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topicIn your next reply, post the following log files:Junkware Removal Tool logMalwarebytes' Anti-Malware logESET Online Scanner loga new fresh DDS log Link to post Share on other sites More sharing options...
kandie1023 Posted January 25, 2013 Author ID:639227 Share Posted January 25, 2013 this is /this is from jrt~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.5.0 (01.23.2013:2)OS: Windows 7 Home Premium x64Ran by Candace on Fri 01/25/2013 at 12:31:15.52~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}~~~ Files~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 01/25/2013 at 12:41:32.40End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\\\\\\ Link to post Share on other sites More sharing options...
kandie1023 Posted January 25, 2013 Author ID:639233 Share Posted January 25, 2013 this is mbam-log-2-013-01-25 (12-52-39)Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.25.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Candace :: CANDACE-PC [administrator]Protection: Enabled1/25/2013 12:52:39 PMmbam-log-2013-01-25 (12-52-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231316Time elapsed: 3 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kandie1023 Posted January 26, 2013 Author ID:639371 Share Posted January 26, 2013 this is from eset onlineESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# version=8# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6889# api_version=3.0.2# EOSSerial=88d15dab79475e4c987b2ef49726668e# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=false# unsafe_checked=false# antistealth_checked=true# utc_time=2013-01-25 11:47:43# local_time=2013-01-25 06:47:43 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776573 100 94 0 110701113 0 0# scanned=177647# found=1# cleaned=1# scan_time=10447C:\Backup_16-Dec-12\Candace\AppData\Local\Google\Chrome\User Data\Default\Default\aadcgbdadagfgbdidfdddgdgdegegdda\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) F49BAD3EB51E48D9DE6E2BE85C30A3DADECF5379 C Link to post Share on other sites More sharing options...
kandie1023 Posted January 26, 2013 Author ID:639373 Share Posted January 26, 2013 this is attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 12/16/2012 6:13:11 PMSystem Uptime: 1/25/2013 12:27:17 PM (7 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU | 1281/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 235.184 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP14: 1/14/2013 10:09:20 AM - Windows Modules InstallerRP15: 1/14/2013 10:58:29 AM - Windows Modules InstallerRP16: 1/24/2013 7:51:04 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X MUIApple Mobile Device SupportApple Software UpdateAtheros Bluetooth Filter Driver PackageAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAtheros Driver Installation ProgramBejeweled 3Bluetooth Stack for Windows by ToshibaBonjourChuzzle DeluxeConexant HD AudioD3DX10ESET Online Scanner v3FATE - The Traitor SoulFishdom 2Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyJava Auto UpdaterJava 6 Update 25Junk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 18.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)ooVooPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Polar BowlerQuickTimeRealtek USB 2.0 Card ReaderSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Skype Click to CallSkype LauncherSkype™ 6.0Synaptics Pointing Device DriverTangoTom Clancy's Splinter CellToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inToshiba Online BackupTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTOSHIBA Wireless LAN IndicatorTOSHIBARegistrationUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update Installer for WildTangent Games AppVirtual Villagers 5 - New BelieversWildTangent GamesWildTangent Games App (Toshiba Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesYahoo! MessengerYahoo! Software UpdateZuma's Revenge.==== End Of File =========================== Link to post Share on other sites More sharing options...
kandie1023 Posted January 26, 2013 Author ID:639374 Share Posted January 26, 2013 this is ddsDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16457Run by Candace at 19:34:07 on 2013-01-25Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1584 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\windows\system32\Dwm.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exeC:\windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\windows\system32\wuauclt.exeC:\windows\explorer.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://start.toshiba.com/uDefault_Page_URL = hxxp://start.toshiba.commStart Page = hxxp://www.yahoo.com/?ilc=8mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8uProxyOverride = <local>;*.localmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimizeduRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietmRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDmRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabTCP: NameServer = 209.18.47.61 209.18.47.62 0.0.0.0TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3} : DHCPNameServer = 209.18.47.61 209.18.47.62 0.0.0.0TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3}\7602462757D6D6F6E646 : DHCPNameServer = 192.168.2.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = hxxp://start.toshiba.com/x64-mDefault_Page_URL = hxxp://start.toshiba.com/x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Candace\AppData\Roaming\Mozilla\Firefox\Profiles\zw5bw0qb.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dllFF - ExtSQL: 2012-12-16 18:16; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgnFF - ExtSQL: 2013-01-11 10:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn.============= SERVICES / DRIVERS ===============.R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-12-16 123320]R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-12-16 126392]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-16 2656280]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-12-16 9216]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-24 24176]R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-12-16 38096]R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-12-16 57216]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2012-12-16 42096]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-12-16 243712]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-18 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-01-25 20:51:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C72A9F3-0DE9-4639-94A4-E520AB8B2BF6}\offreg.dll2013-01-25 18:02:07 -------- d-----w- C:\Program Files (x86)\ESET2013-01-25 17:31:14 -------- d-----w- C:\windows\ERUNT2013-01-25 17:30:31 -------- d-----w- C:\JRT2013-01-25 17:25:13 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C72A9F3-0DE9-4639-94A4-E520AB8B2BF6}\mpengine.dll2013-01-25 13:11:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.02013-01-24 14:38:14 -------- d-----w- C:\Users\Candace\AppData\Roaming\Malwarebytes2013-01-24 14:38:08 -------- d-----w- C:\ProgramData\Malwarebytes2013-01-24 14:38:05 24176 ----a-w- C:\windows\System32\drivers\mbam.sys2013-01-24 14:38:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-01-24 14:37:48 -------- d-----w- C:\Users\Candace\AppData\Local\Programs2013-01-24 00:38:19 750592 ----a-w- C:\windows\System32\win32spl.dll2013-01-24 00:36:34 424448 ----a-w- C:\windows\System32\KernelBase.dll2013-01-24 00:32:48 68608 ----a-w- C:\windows\System32\taskhost.exe2013-01-24 00:32:47 3149824 ----a-w- C:\windows\System32\win32k.sys2013-01-24 00:31:14 -------- d-----w- C:\ProgramData\Downloaded Installations2013-01-23 22:55:27 -------- d-----w- C:\Users\Candace\AppData\Local\LogMeIn Rescue Applet2013-01-23 22:52:43 -------- d-----w- C:\ProgramData\AMMYY2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Deployment2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Apps2013-01-16 02:53:35 -------- d-----w- C:\Users\Candace\AppData\Local\Macromedia2013-01-13 02:41:31 -------- d-----w- C:\Users\Candace\AppData\Roaming\WildTangent2013-01-12 13:54:58 -------- d-----w- C:\Users\Candace\AppData\Local\Diagnostics2013-01-11 16:44:31 -------- d-----w- C:\Program Files (x86)\Yahoo!2013-01-11 15:43:03 -------- d-----w- C:\Users\Candace\AppData\Local\Adobe2013-01-09 13:34:08 492032 ----a-w- C:\windows\SysWow64\win32spl.dll2013-01-09 13:33:55 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll2013-01-09 13:33:39 55296 ----a-w- C:\windows\SysWow64\cero.rs2013-01-09 13:33:39 51712 ----a-w- C:\windows\SysWow64\esrb.rs2013-01-09 13:33:39 23552 ----a-w- C:\windows\System32\oflc.rs2013-01-09 13:33:00 3072 ---ha-w- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll2013-01-09 13:33:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll2013-01-08 17:48:17 -------- d-----w- C:\ProgramData\VirtualizedApplications2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Roaming\SoftGrid Client2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Local\SoftGrid Client2013-01-08 15:36:45 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client2013-01-08 15:36:23 -------- d-----w- C:\Users\Candace\AppData\Roaming\TP2013-01-06 22:17:15 -------- d-----w- C:\f4d7b4a507489b0c85813f58fb2013-01-04 00:45:29 -------- d-----w- C:\Program Files (x86)\Tango2013-01-04 00:45:26 -------- d-----w- C:\Users\Candace\AppData\Local\tango2013-01-03 14:46:22 -------- d-----w- C:\Users\Candace\AppData\Local\CrashDumps.==================== Find3M ====================.2013-01-10 13:27:33 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-10 13:27:33 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs2012-12-07 10:46:42 43520 ----a-w- C:\windows\SysWow64\csrr.rs2012-12-07 10:46:42 30720 ----a-w- C:\windows\SysWow64\usk.rs2012-12-07 10:46:41 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs2012-12-07 10:46:41 44544 ----a-w- C:\windows\SysWow64\pegibbfc.rs2012-12-07 10:46:41 23552 ----a-w- C:\windows\SysWow64\oflc.rs2012-12-07 10:46:41 20480 ----a-w- C:\windows\SysWow64\pegi-pt.rs2012-12-07 10:46:40 20480 ----a-w- C:\windows\SysWow64\pegi-fi.rs2012-12-07 10:46:39 46592 ----a-w- C:\windows\SysWow64\fpb.rs2012-12-07 10:46:39 20480 ----a-w- C:\windows\SysWow64\pegi.rs2012-12-07 10:46:38 21504 ----a-w- C:\windows\SysWow64\grb.rs2012-12-07 10:46:37 40960 ----a-w- C:\windows\SysWow64\cob-au.rs2012-12-07 10:46:37 15360 ----a-w- C:\windows\SysWow64\djctq.rs2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll.============= FINISH: 19:34:35.71 =============== Link to post Share on other sites More sharing options...
Maniac Posted January 26, 2013 ID:639593 Share Posted January 26, 2013 I guess we found the problem:C:\Backup_16-Dec-12\Candace\AppData\Local\Google\Chrome\User Data\Default\Default\aadcgbdadagfgbdidfdddgdgdegegdda\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) F49BAD3EB51E48D9DE6E2BE85C30A3DADECF5379 C It was in your backup. Please reset your Chrome for sure.http://googlechrometutorial.com/google-chrome-initial-settings/Google-chrome-reset-default-page-settings.html Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 5, 2013 ID:643864 Share Posted February 5, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts