Jump to content

Can't run Malwarebytes


Recommended Posts

I believe that my computer has some type of malware that is blocking us from running Malwarebytes. It stalls after a few seconds of running. I have tried all the suggestions on the forum, but haven't had any luck. Our antivirus protection has been disabled and won't update or run either...I'm assuming it has something to do with the malware. I'm at a loss here and have no clue what else to do. Thanks.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by User at 11:13:18 on 2011-07-05

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1996 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\sppsvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

uInternet Settings,ProxyOverride = <local>;*.local

mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{49D66D47-0AD2-497E-9642-5EF79E0A5E87} : DhcpNameServer = 168.94.0.15 168.94.0.14

TCP: Interfaces\{D7A00926-1AA8-481F-867E-F6BE43767E4A} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{D7A00926-1AA8-481F-867E-F6BE43767E4A}\94E44554C4C494E45445 : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]

R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151128]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-11 1153368]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

RUnknown aswFsBlk;aswFsBlk; [x]

RUnknown aswMonFlt;aswMonFlt; [x]

RUnknown aswSnx;aswSnx; [x]

RUnknown aswSP;aswSP; [x]

S1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-23 51512]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-05 18:56:54 -------- d-sh--w- C:\found.002

2011-07-05 15:27:23 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-05 15:27:23 -------- d-----w- C:\Program Files\AVAST Software

2011-07-05 03:14:16 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-05 03:14:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-05 03:04:21 -------- d-----w- C:\Users\User\AppData\Roaming\Sammsoft

2011-06-24 03:04:01 -------- d-sh--w- C:\found.001

2011-06-22 02:30:09 -------- d-sh--w- C:\found.000

2011-06-16 03:07:50 -------- d-----w- C:\da80f37b387a2dabf7d70f

2011-06-15 22:03:05 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys

2011-06-15 22:03:03 499712 ----a-w- C:\windows\System32\drivers\afd.sys

2011-06-15 22:03:03 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-06-15 22:03:01 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-15 22:03:01 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys

2011-06-15 22:03:01 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys

2011-06-15 22:03:01 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-15 22:03:00 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys

2011-06-06 18:42:24 16432 ----a-w- C:\windows\System32\lsdelete.exe

.

==================== Find3M ====================

.

2011-05-29 14:11:20 25912 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-05-28 03:07:01 3133952 ----a-w- C:\windows\System32\win32k.sys

2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-05-03 05:21:22 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-05-03 04:50:29 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-04-29 03:13:10 461312 ----a-w- C:\windows\System32\drivers\srv.sys

2011-04-29 03:12:54 399872 ----a-w- C:\windows\System32\drivers\srv2.sys

2011-04-29 03:12:37 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys

2011-04-22 20:18:47 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys

2011-04-22 20:18:28 1197056 ----a-w- C:\windows\System32\wininet.dll

2011-04-22 20:14:08 57856 ----a-w- C:\windows\System32\licmgr10.dll

2011-04-22 19:31:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll

2011-04-22 18:49:57 482816 ----a-w- C:\windows\System32\html.iec

2011-04-22 18:23:59 386048 ----a-w- C:\windows\SysWow64\html.iec

2011-04-15 02:28:24 118864 ----a-w- C:\windows\System32\drivers\AVGIDSDriver.sys

2011-04-09 06:58:56 142336 ----a-w- C:\windows\System32\poqexec.exe

2011-04-09 06:45:48 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-04-09 06:13:06 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\windows\SysWow64\poqexec.exe

.

============= FINISH: 11:14:00.14 ===============

Link to post
Share on other sites

Hello and :welcome:

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or AdAware.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I removed AVG since it wasn't working properly anyway.

I don't know if it is important, but I had two popups while combofix was running.

They both said: "Illegal operation attempted on a registry key that has been marked for deletion."

The file names listed were:

c:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

c:\Program Files\TOSHIBA\TPHM\

ComboFix 11-07-06.02 - User 07/06/2011 8:53.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2715 [GMT -5:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\User\AppData\Roaming\Adobe\plugs

c:\users\User\AppData\Roaming\Adobe\shed

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))

.

.

2011-07-06 14:05 . 2011-07-06 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-06 13:51 . 2011-07-06 13:51 -------- d-----w- C:\32788R22FWJFW

2011-07-06 13:35 . 2011-06-20 13:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19D38739-F956-434D-87AC-A8FE74DA5DC1}\mpengine.dll

2011-07-05 18:56 . 2011-07-05 18:56 -------- d-----w- C:\found.002

2011-07-05 15:27 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-05 15:27 . 2011-07-05 16:07 -------- d-----w- c:\programdata\AVAST Software

2011-07-05 15:27 . 2011-07-05 15:27 -------- d-----w- c:\program files\AVAST Software

2011-07-05 06:11 . 2011-07-05 06:32 -------- d-----w- c:\users\krissi

2011-07-05 03:14 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-05 03:14 . 2011-07-05 19:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-05 03:04 . 2011-07-05 03:38 -------- d-----w- c:\users\User\AppData\Roaming\Sammsoft

2011-06-24 03:04 . 2011-06-24 03:04 -------- d-----w- C:\found.001

2011-06-22 02:30 . 2011-06-22 02:30 -------- d-----w- C:\found.000

2011-06-16 03:07 . 2011-06-16 03:07 -------- d-----w- C:\da80f37b387a2dabf7d70f

2011-06-15 22:03 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-15 22:03 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 22:03 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 22:03 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-15 22:03 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-15 22:03 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-15 22:03 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-15 22:03 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-06 18:42 . 2011-04-18 10:23 16432 ----a-w- c:\windows\system32\lsdelete.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-12-11 23:39 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-25 00:14 . 2010-11-20 01:04 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-04-22 20:18 . 2011-05-25 21:40 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:58 . 2011-05-19 21:50 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:45 . 2011-05-11 22:21 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:13 . 2011-05-11 22:21 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 22:21 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 21:50 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]

2010-02-24 08:54 2454840 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]

S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:11]

.

2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28]

.

2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-Ad-Aware - c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe

AddRemove-BFG-Kindergarten - c:\bigfishgamescache\GameManager\Kindergarten\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

.

**************************************************************************

.

Completion time: 2011-07-06 09:32:56 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-06 14:32

.

Pre-Run: 268,602,105,856 bytes free

Post-Run: 269,177,933,824 bytes free

.

- - End Of File - - DA2C41A0EA9D4B5F761DD50652003A75

combofix.txt

Link to post
Share on other sites

I don't know if it is important, but I had two popups while combofix was running.

They both said: "Illegal operation attempted on a registry key that has been marked for deletion."

This sometimes happens and should be fixed with a reboot.

How are things running at this point?

Can you please rerun DDS and post me attach.txt this time?

Link to post
Share on other sites

I still can't run Malwarebytes. It freezes up about 17 seconds into the scan.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by User at 10:39:37 on 2011-07-06

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2609 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\atieclxx.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

uInternet Settings,ProxyOverride = <local>;*.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjQ3NDQ0MzU0LVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw"&"prod=90"&"ver=10.0.1382

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{49D66D47-0AD2-497E-9642-5EF79E0A5E87} : DhcpNameServer = 168.94.0.15 168.94.0.14

TCP: Interfaces\{D7A00926-1AA8-481F-867E-F6BE43767E4A} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{D7A00926-1AA8-481F-867E-F6BE43767E4A}\94E44554C4C494E45445 : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjQ3NDQ0MzU0LVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw"&"prod=90"&"ver=10.0.1382

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151128]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-11 1153368]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-23 51512]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-06 14:32:11 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A498F449-B717-409E-B9A3-9524272F5401}\mpengine.dll

2011-07-06 14:24:46 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-06 13:51:14 98816 ----a-w- C:\windows\sed.exe

2011-07-06 13:51:14 518144 ----a-w- C:\windows\SWREG.exe

2011-07-06 13:51:14 256000 ----a-w- C:\windows\PEV.exe

2011-07-06 13:51:14 208896 ----a-w- C:\windows\MBR.exe

2011-07-05 18:56:54 -------- d-----w- C:\found.002

2011-07-05 15:27:23 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-05 15:27:23 -------- d-----w- C:\Program Files\AVAST Software

2011-07-05 03:14:16 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-05 03:14:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-05 03:04:21 -------- d-----w- C:\Users\User\AppData\Roaming\Sammsoft

2011-06-24 03:04:01 -------- d-----w- C:\found.001

2011-06-22 02:30:09 -------- d-----w- C:\found.000

2011-06-16 03:07:50 -------- d-----w- C:\da80f37b387a2dabf7d70f

2011-06-15 22:03:05 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys

2011-06-15 22:03:03 499712 ----a-w- C:\windows\System32\drivers\afd.sys

2011-06-15 22:03:03 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-06-15 22:03:01 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-15 22:03:01 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys

2011-06-15 22:03:01 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys

2011-06-15 22:03:01 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-15 22:03:00 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys

2011-06-06 18:42:24 16432 ----a-w- C:\windows\System32\lsdelete.exe

.

==================== Find3M ====================

.

2011-05-29 14:11:20 25912 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-05-28 03:07:01 3133952 ----a-w- C:\windows\System32\win32k.sys

2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-05-25 00:14:10 270720 ------w- C:\windows\System32\MpSigStub.exe

2011-05-03 05:21:22 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-05-03 04:50:29 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-04-29 03:13:10 461312 ----a-w- C:\windows\System32\drivers\srv.sys

2011-04-29 03:12:54 399872 ----a-w- C:\windows\System32\drivers\srv2.sys

2011-04-29 03:12:37 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys

2011-04-22 20:18:47 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys

2011-04-22 20:18:28 1197056 ----a-w- C:\windows\System32\wininet.dll

2011-04-22 20:14:08 57856 ----a-w- C:\windows\System32\licmgr10.dll

2011-04-22 19:31:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll

2011-04-22 18:49:57 482816 ----a-w- C:\windows\System32\html.iec

2011-04-22 18:23:59 386048 ----a-w- C:\windows\SysWow64\html.iec

2011-04-09 06:58:56 142336 ----a-w- C:\windows\System32\poqexec.exe

2011-04-09 06:45:48 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-04-09 06:13:06 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\windows\SysWow64\poqexec.exe

.

============= FINISH: 10:40:05.37 ===============

Link to post
Share on other sites

If these runs were spontaneously, lets do one scheduled as well. :)

Please click Start > Programs > Accessories, right click on Command Prompt and select "Run as Administrator".

In the command window type chkdsk /r and press enter. When asked to schedule the scan, type Y and press enter.

Restart your computer and let the disk check run unhindered. Afterwards try to run a new MBAM scan.

Link to post
Share on other sites

Wow, the disc check took over 3 hours to complete. It found many bad clusters. I lost count around 40. I just ran Malwarebytes without a problem. Should I be concerned about the fact that there were so many broken clusters? Thanks.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7049

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/8/2011 12:13:19 PM

mbam-log-2011-07-08 (12-13-19).txt

Scan type: Quick scan

Objects scanned: 183102

Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Link to post
Share on other sites

It depends a bit on what was bad, but I definitely would keep the possibility in mind that the disk could be going bad. Since MBAM successfully ran, that means the problems were fixed, however, I strongly recommend to back up all important data, just in case (better safe than sorry).

Could you please rerun DDS, and post me attach.txt this time?

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.