Jump to content

help with stubborn malware


crs

Recommended Posts

Thank you to those who help with this message board.

I noticed odd behavior in my web browser when it first redirected search to yahoo. I used malwarebytes twice to attempt to restore normal search functions, first using a quick scan, then using a full scan. Removal of what was detected in each scan did not fix this problem with malware. I ran DDS.src. Below are the DDS.txt and attach.txt files.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Colin Raymond at 20:36:04 on 2011-11-10

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.714 [GMT -

5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-

914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-

AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\WTouch\WTouchService.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\windows\Explorer.EXE

C:\windows\system32\Dwm.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\Pen_Tablet.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\WTablet\Pen_TabletUser.exe

C:\windows\system32\Pen_Tablet.exe

C:\Windows\System32\igfxtray.exe

C:\windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Colin Raymond\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\windows\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Users\Colin Raymond\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Colin Raymond\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Colin Raymond\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\wuauclt.exe

C:\Users\Colin Raymond\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\system32\rundll32.exe

C:\Users\Colin Raymond\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Colin Raymond\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\taskhost.exe

C:\Program Files\WTouch\WTouchUser.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:

\program files\pdfforge toolbar\ie\4.7\pdfforgeToolbarIE.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:

\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:

\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:

\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497}

- c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:

\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:

\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program

files\pdfforge toolbar\ie\4.7\pdfforgeToolbarIE.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e}

- c:\program files\google\google toolbar\component

\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:

\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files

\google\google toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program

files\canon\easy-webprint ex\ewpexhlp.dll

TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files

\pdfforge toolbar\ie\4.7\pdfforgeToolbarIE.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program

files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [swg] "c:\program files\google\googletoolbarnotifier

\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "c:\users\colin raymond\appdata\local\google\update

\GoogleUpdate.exe" /c

uRun: [MobiMouse] c:\program files\virtual views\mobimouse\MobiMouse.exe

uRun: [bluCTRL Receiver] c:\program files\bluctrl\bluctrl receiver

\bluCTRLReceiver.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station

\ToshibaServiceStation.exe" /hide:60

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert

\TosWaitSrv.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online

backup\activation\TobuActivation.exe" UNATTENDED

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader

\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [dfmirage-Install] "c:\windows\temp\DFI-OMSE60.exe" -u2 "dfmirage"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe"

/DelayServices

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe

/logon

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft

\connection service\bin\ACDaemon.exe

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan

utility\CNMNSUT.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -

runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update

\jusched.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings

\SearchSettings.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes'

anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\colinr~1\appdata\roaming\micros~1\windows

\startm~1\programs\startup\dropbox.lnk - c:\users\colin raymond\appdata\roaming

\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\colinr~1\appdata\roaming\micros~1\windows

\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office

\office14\ONENOTEM.EXE

StartupFolder: c:\users\colinr~1\appdata\roaming\micros~1\windows

\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org

3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup

\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup

\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup

\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 3 (0x3)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-

E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-

5D6374584B52} - c:\program files\microsoft office

\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer

\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactiv

ex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} -

hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{FEFB0CD4-4522-43B4-9A3B-F58EACAC492A} : DhcpNameServer =

75.75.76.76 75.75.75.75

TCP: Interfaces\{FEFB0CD4-4522-43B4-9A3B-F58EACAC492A}\2375942554930393 :

DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FEFB0CD4-4522-43B4-9A3B-

F58EACAC492A}\341454E40275562602143636563737 : DhcpNameServer = 141.212.2.69

141.212.2.81

TCP: Interfaces\{FEFB0CD4-4522-43B4-9A3B-

F58EACAC492A}\742796A7A7C69702055616B60275966496 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{FEFB0CD4-4522-43B4-9A3B-

F58EACAC492A}\B45627279747F677E6023577565647771647562737 : DhcpNameServer =

192.168.0.1

TCP: Interfaces\{FEFB0CD4-4522-43B4-9A3B-F58EACAC492A}\D616769636 :

DhcpNameServer = 68.87.72.134 68.87.77.134

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:

\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:

\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my

toshiba\MyToshiba.exe /SETUP

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\colin raymond\appdata\roaming\mozilla\firefox

\profiles\hw3b4z71.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?

fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=

FF - component: c:\program files\common files\spigot\wtxpcom\components

\WidgiToolbarFF.dll

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher

\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\colin raymond\appdata\local\google\update

\1.3.21.79\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers

\MpFilter.sys [2009-12-2 165648]

R1 MpKsldb2368c3;MpKsldb2368c3;c:\programdata\microsoft\microsoft antimalware

\definition updates\{400333d7-0c93-4003-a256-b549296b9001}\MpKsldb2368c3.sys

[2011-11-10 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys

[2009-7-13 48128]

R2 Application Updater;Application Updater;c:\program files\application updater

\ApplicationUpdater.exe [2011-9-27 745880]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree

\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree

\CFSvcs.exe [2009-3-10 46448]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-9

-15 4497704]

R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010

-9-15 113448]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows

\system32\drivers\MpNWMon.sys [2009-12-2 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers

\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security

client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys

[2009-9-11 167936]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station

\TMachInfo.exe [2009-9-11 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files

\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]

R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys

[2010-9-15 13480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010

-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update

\GoogleUpdate.exe [2010-9-6 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows

\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys

[2010-4-29 29472]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update

\GoogleUpdate.exe [2010-9-6 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace

Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12

31125880]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys

[2007-5-4 42112]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files

\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9

4640000]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers

\RtsUStor.sys [2009-9-11 171008]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network

Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-11-5 376832]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers

\vwifimp.sys [2009-7-13 14336]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys

[2010-9-15 16168]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat

\WatAdminSvc.exe [2010-3-2 1343400]

.

=============== File Associations ===============

.

.txt=txt.Document

.

=============== Created Last 30 ================

.

2011-11-11 00:23:43 28752 ----a-w- c:\programdata\microsoft

\microsoft antimalware\definition updates\{400333d7-0c93-4003-a256-

b549296b9001}\MpKsldb2368c3.sys

2011-11-11 00:23:40 56200 ----a-w- c:\programdata\microsoft

\microsoft antimalware\definition updates\{400333d7-0c93-4003-a256-

b549296b9001}\offreg.dll

2011-11-10 21:58:56 -------- d-----w- c:\users\colin raymond

\appdata\roaming\Malwarebytes

2011-11-10 21:58:49 -------- d-----w- c:\programdata

\Malwarebytes

2011-11-10 21:58:46 22216 ----a-w- c:\windows\system32\drivers

\mbam.sys

2011-11-10 21:58:46 -------- d-----w- c:\program files

\Malwarebytes' Anti-Malware

2011-11-10 17:08:26 6668624 ----a-w- c:\programdata\microsoft

\microsoft antimalware\definition updates\{400333d7-0c93-4003-a256-

b549296b9001}\mpengine.dll

2011-11-09 19:24:21 1285488 ----a-w- c:\windows\system32\drivers

\tcpip.sys

2011-11-09 19:22:49 708608 ----a-w- c:\program files\common files

\system\wab32.dll

2011-11-09 19:22:46 2339840 ----a-w- c:\windows\system32\win32k.sys

2011-10-31 00:47:56 -------- d-----w- c:\program files

\pdfforge Toolbar

2011-10-31 00:47:56 -------- d-----w- c:\program files

\Application Updater

2011-10-25 19:29:00 6144 ----a-w- c:\program files\internet

explorer\iecompat.dll

2011-10-17 13:31:14 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-17 13:31:14 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-17 13:31:14 59904 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-17 13:31:14 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-17 13:31:14 204288 ----a-w- c:\windows\system32\MSNP.ax

2011-10-17 13:31:12 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-17 13:31:12 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-17 13:31:01 860672 ----a-w- c:\program files\internet

explorer\iedvtool.dll

2011-10-16 23:55:32 18139008 ----a-w- c:\program files\common

files\microsoft shared\office14\MSO.DLL

.

==================== Find3M ====================

.

2011-10-08 11:46:45 414368 ----a-w- c:\windows

\system32\FlashPlayerCPLApp.cpl

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec

2010-06-14 17:43:12 270336 ----a-w- c:\program files\Icaps.exe

2010-05-13 19:20:26 2215936 ----a-w- c:\program files\Browser.dll

2010-03-12 16:56:46 450560 ----a-w- c:\program files\editctrl.dll

2009-04-20 15:38:54 1274 ----a-w- c:\program files

\DspComFilter.reg

2008-10-24 21:50:06 41443 ----a-w- c:\program files\win2k1024.reg

2008-08-05 20:37:02 634 ----a-w- c:\program files\oscopein.reg

2007-08-08 19:59:44 41550 ----a-w- c:\program files\winnt9x1024.reg

2005-08-03 20:00:10 59720 ----a-w- c:\program files\win2k640.reg

2003-01-21 06:33:02 29217 ----a-w- c:\program files\winnt9x640.reg

2003-01-07 19:22:04 1935 ----a-w- c:\program files\fixICAPS.reg

2002-10-18 21:46:10 40960 ----a-w- c:\program files\DropTree.ocx

2000-02-29 21:16:46 98304 ----a-w- c:\program files\win2k.dll

1997-05-06 15:07:42 1069 ----a-w- c:\program files\icaps.reg

1997-05-06 15:07:34 414 ----a-w- c:\program files\editctrl.reg

1997-05-06 15:07:24 401 ----a-w- c:\program files\browser.reg

.

============= FINISH: 20:37:54.00 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/30/2009 8:26:52 PM

System Uptime: 11/10/2011 7:41:15 PM (1 hours ago)

.

Motherboard: TOSHIBA | | NBWAA

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | U2E1 | 2194/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 96.537 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet P3010 Series

Device ID: ROOT\MULTIFUNCTION\0009

Manufacturer: Hewlett-Packard

Name: HP LaserJet P3010 Series

PNP Device ID: ROOT\MULTIFUNCTION\0009

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsld00b99b2

Device ID: ROOT\LEGACY_MPKSLD00B99B2\0000

Manufacturer:

Name: MpKsld00b99b2

PNP Device ID: ROOT\LEGACY_MPKSLD00B99B2\0000

Service: MpKsld00b99b2

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl843c5181

Device ID: ROOT\LEGACY_MPKSL843C5181\0000

Manufacturer:

Name: MpKsl843c5181

PNP Device ID: ROOT\LEGACY_MPKSL843C5181\0000

Service: MpKsl843c5181

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl1ec78df9

Device ID: ROOT\LEGACY_MPKSL1EC78DF9\0000

Manufacturer:

Name: MpKsl1ec78df9

PNP Device ID: ROOT\LEGACY_MPKSL1EC78DF9\0000

Service: MpKsl1ec78df9

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0011

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0011

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl8cd0c22d

Device ID: ROOT\LEGACY_MPKSL8CD0C22D\0000

Manufacturer:

Name: MpKsl8cd0c22d

PNP Device ID: ROOT\LEGACY_MPKSL8CD0C22D\0000

Service: MpKsl8cd0c22d

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl2b2d9350

Device ID: ROOT\LEGACY_MPKSL2B2D9350\0000

Manufacturer:

Name: MpKsl2b2d9350

PNP Device ID: ROOT\LEGACY_MPKSL2B2D9350\0000

Service: MpKsl2b2d9350

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl935d18f0

Device ID: ROOT\LEGACY_MPKSL935D18F0\0000

Manufacturer:

Name: MpKsl935d18f0

PNP Device ID: ROOT\LEGACY_MPKSL935D18F0\0000

Service: MpKsl935d18f0

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl414dce5d

Device ID: ROOT\LEGACY_MPKSL414DCE5D\0000

Manufacturer:

Name: MpKsl414dce5d

PNP Device ID: ROOT\LEGACY_MPKSL414DCE5D\0000

Service: MpKsl414dce5d

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslecb2ec34

Device ID: ROOT\LEGACY_MPKSLECB2EC34\0000

Manufacturer:

Name: MpKslecb2ec34

PNP Device ID: ROOT\LEGACY_MPKSLECB2EC34\0000

Service: MpKslecb2ec34

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl97b92dfc

Device ID: ROOT\LEGACY_MPKSL97B92DFC\0000

Manufacturer:

Name: MpKsl97b92dfc

PNP Device ID: ROOT\LEGACY_MPKSL97B92DFC\0000

Service: MpKsl97b92dfc

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsla750b5e0

Device ID: ROOT\LEGACY_MPKSLA750B5E0\0000

Manufacturer:

Name: MpKsla750b5e0

PNP Device ID: ROOT\LEGACY_MPKSLA750B5E0\0000

Service: MpKsla750b5e0

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl56ae6246

Device ID: ROOT\LEGACY_MPKSL56AE6246\0000

Manufacturer:

Name: MpKsl56ae6246

PNP Device ID: ROOT\LEGACY_MPKSL56AE6246\0000

Service: MpKsl56ae6246

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

Device ID: USB\VID_0BDA&PID_8197\00E04C000001

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

PNP Device ID: USB\VID_0BDA&PID_8197\00E04C000001

Service: RTL8187B

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsla9bf16c1

Device ID: ROOT\LEGACY_MPKSLA9BF16C1\0000

Manufacturer:

Name: MpKsla9bf16c1

PNP Device ID: ROOT\LEGACY_MPKSLA9BF16C1\0000

Service: MpKsla9bf16c1

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslb08c493a

Device ID: ROOT\LEGACY_MPKSLB08C493A\0000

Manufacturer:

Name: MpKslb08c493a

PNP Device ID: ROOT\LEGACY_MPKSLB08C493A\0000

Service: MpKslb08c493a

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKslbe00d948

Device ID: ROOT\LEGACY_MPKSLBE00D948\0000

Manufacturer:

Name: MpKslbe00d948

PNP Device ID: ROOT\LEGACY_MPKSLBE00D948\0000

Service: MpKslbe00d948

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet P2055dn

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: Hewlett-Packard

Name: HP LaserJet P2055dn

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet CP3525

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet CP3525

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl799be7eb

Device ID: ROOT\LEGACY_MPKSL799BE7EB\0000

Manufacturer:

Name: MpKsl799be7eb

PNP Device ID: ROOT\LEGACY_MPKSL799BE7EB\0000

Service: MpKsl799be7eb

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet 3600

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet 3600

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: MpKsl0923e1d8

Device ID: ROOT\LEGACY_MPKSL0923E1D8\0000

Manufacturer:

Name: MpKsl0923e1d8

PNP Device ID: ROOT\LEGACY_MPKSL0923E1D8\0000

Service: MpKsl0923e1d8

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet P2015 Series

Device ID: ROOT\MULTIFUNCTION\0007

Manufacturer: Hewlett-Packard

Name: HP LaserJet P2015 Series

PNP Device ID: ROOT\MULTIFUNCTION\0007

Service:

.

==== System Restore Points ===================

.

RP559: 11/1/2011 4:59:17 PM - Windows Update

RP560: 11/2/2011 10:01:15 PM - Windows Update

RP561: 11/4/2011 11:53:56 AM - Windows Update

RP562: 11/5/2011 12:28:31 PM - Windows Update

RP563: 11/6/2011 3:13:29 PM - Windows Update

RP564: 11/7/2011 6:12:50 PM - Windows Update

RP565: 11/8/2011 6:24:40 PM - Windows Update

RP566: 11/10/2011 11:58:14 AM - Windows Update

RP567: 11/10/2011 12:08:07 PM - Windows Update

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

7-Zip 4.65

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 6.0

Adobe Reader 9.3.4

Adobe SVG Viewer

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Panorama Maker 4

ArcSoft PhotoStudio 6

Audacity 1.3.12 (Unicode)

Bamboo

BitTorrent

BlackBerry Desktop Software 6.0

Bonjour

BufferChm

Bulk Rename Utility 2.7.1.2

Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data

Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.0

Canon MP990 series MP Drivers

Canon MP990 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Easy-PhotoPrint Pro

Canon Utilities My Printer

Canon Utilities Solution Menu

Compatibility Pack for the 2007 Office system

Copy

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Dia (remove only)

DocProc

Dropbox

EMF Plug-In

F300

F300_Help

F300Trb

Fax

FFmpeg for Audacity on Windows

File Uploader

FileZilla Client 3.3.3

Foxit Reader

Freedom

FTDI USB Serial Converter Drivers

GIMP 2.6.10

Google Chrome

Google Earth

Google SketchUp 7.1

Google SketchUp 8

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Solution Center 13.0

HPPhotoGadget

HPProductAssistant

ICAP/4Windows Demo 8.3.11 Build 3684

iDEN Phonebook Manager

Image Resizer Powertoy Clone for Windows

Inkscape 0.46

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

MATLAB Student R2010a

MATLAB® Compiler Runtime 7.9

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft IntelliPoint 8.0

Microsoft IntelliType Pro 8.0

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Standard Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 4.0.1 (x86 en-US)

Mozilla Thunderbird (3.1.11)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyToshiba

Network

Nikon Message Center

Norton Internet Security

Notepad++

OCR Software by I.R.I.S. 13.0

OpenOffice.org 3.2

Pando

PDFCreator

pdfforge Toolbar v4.7

PlayReady PC Runtime x86

Python 2.6

Python 2.6 numpy-1.5.0rc1

Python 2.6 scipy-0.8.0

Python 2.7

Quickbooks Financial Center

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Scan

SecureShell

SecureW2 Enterprise Client 3.5.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype Toolbars

Skype™ 4.2

SolutionCenter

StarCraft II

Status

Sun VirtualBox

Synaptics Pointing Device Driver

Toolbox

Toshiba Application and Driver Installer

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Online Backup

Toshiba Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

ToshibaRegistration

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Utility Common Driver

Virtual Magnifying Glass v3.4

VNC Free Edition 4.1.3

WebReg

WebTablet IE Plugin

WebTablet Netscape Plugin

WIDCOMM Bluetooth Software

WildTangent Games

Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

xplorer² lite 32 bit

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 8:46:22 AM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

WTouchService service.

11/8/2011 5:52:33 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

lmhosts service.

11/7/2011 7:10:40 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Wlansvc service.

11/4/2011 11:42:51 AM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Netman service.

11/10/2011 8:30:42 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

ShellHWDetection service.

11/10/2011 6:59:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM

got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/10/2011 6:59:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM

got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/10/2011 6:59:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM

got error "1084" attempting to start the service EventSystem with arguments ""

in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/10/2011 6:59:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM

got error "1084" attempting to start the service ShellHWDetection with arguments

"" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/10/2011 6:59:02 PM, Error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: discache MpFilter spldr

VBoxDrv VBoxUSBMon Wanarpv6

.

==== End Of File ===========================

Link to post
Share on other sites

some additional information.

I two pieces of malware which may be causing my problem one process SearchSettings.exe and one program in my startup file Widgi Toolbar. Both are described as hijacking browser function, redirecting search which are symptoms that I am experiencing. One strange feature is that the program would not allow me to search for or download DDS, I had to use my roommates computer and email the program to myself.

If anyone has any suggestions as to the next step in safely removing these programs it would be much appreciated. A full scan from Malwarebytes run in safe mode w/networking did not seem to completely do the trick.

Link to post
Share on other sites

Another update.

I continued searching about these programs and the Widgi Toolbar was apparently running the program called SearchSettings and together these were called at startup and would reset the search settings and redirect search behavior. It was actually easy enough to stop the Widgi toolbar from running at startup and then uninstall which allowed me to permanently fix my search settings.

As it turns out these programs piggybacked with the PDFcreator software from pdfforge. There is some controversy as to whether this is actually spyware:

http://www.pdfforge.org/content/pdfcreator-toolbar-spyware

I would consider this thread now closed. Thanks to anyone who did give this problem some consideration.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.