• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
jenpenbrad

iphone looking slide up in right corner

24 posts in this topic

Hello,

 

I have an iPhone looking thing that slides up in the bottom right corner of my browser window. It happens in IE and Firefox(the only two browsers I currently have on my computer to test) and the iPhone will have a "sponsored add" on it that is relevant to what I'm browsing on that current page. For example in one of my tabs I have open this "hxxttp://www.britaxusa.com/registryrewards/products", it has strollers, car seats etc on it and the iPhone says "We've Got 8 Models of BOB Strollers. Free Shipping to Any REI Store"

 

In addition sometimes when I click a valid link on a website it diverts me to another website. If I click back and re-click the link it then works. They are always different and I haven't stayed on one long enough to find a common thread.

 

I've also noticed- not sure if its a different problem- that if I close or walk away from my computer it will sleep(I expect that), but 90% of the time it will re-starts while its sleeping and when I wake it up it has a this computer restarted unexpectedly pop up with a diagnose problem link. This pop up looks like a valid windows pop-up.

 

Thank you for any help you can offer! :)

 

Here are my logs:

 

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

 

Database version: v2012.05.03.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jen :: JEN-PC [administrator]

 

Protection: Enabled

 

5/3/2012 6:07:16 AM

mbam-log-2012-05-03 (06-07-16).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198547

Time elapsed: 5 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jen at 6:16:32 on 2012-05-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1235 [GMT -7:00]

.

AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\Explorer.EXE

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\notepad.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://start.toshiba.com

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{775EE4A8-0670-415D-A49E-AF038834EB19} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{775EE4A8-0670-415D-A49E-AF038834EB19}\2456C6B696E6F5E4B2F5432383739343 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{775EE4A8-0670-415D-A49E-AF038834EB19}\3746B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{775EE4A8-0670-415D-A49E-AF038834EB19}\45F6D67457E45647 : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Hosts: 109.163.226.208 www.google-analytics.com.

Hosts: 109.163.226.208 ad-emea.doubleclick.net.

Hosts: 109.163.226.208 www.statcounter.com.

Hosts: 67.215.245.19 www.google-analytics.com.

Hosts: 67.215.245.19 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: keyword.URL - hxxp://srp.freecause.com/?ourmark=3&sid=100433&q=

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys --> C:\windows\system32\drivers\SbFw.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]

R1 SbTis;SbTis;C:\windows\system32\drivers\sbtis.sys --> C:\windows\system32\drivers\sbtis.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-3 654408]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-8-23 135608]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-8-23 126392]

R2 risdxc;risdxc;C:\windows\system32\DRIVERS\risdxc64.sys --> C:\windows\system32\DRIVERS\risdxc64.sys [?]

R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]

R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-21 1153368]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-23 2656280]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\SBFWIM.sys --> C:\windows\system32\DRIVERS\SBFWIM.sys [?]

R3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-8-23 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-23 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 253088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-23 136176]

S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\windows\system32\DRIVERS\sbfwim.sys --> C:\windows\system32\DRIVERS\sbfwim.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-03 13:06:30 -------- d-----w- C:\Users\Jen\AppData\Roaming\Malwarebytes

2012-05-03 13:06:18 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-03 13:06:17 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-05-03 13:06:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-01 13:31:56 -------- d---a-w- C:\windows\VDLL.DLL

2012-05-01 13:31:56 -------- d---a-w- C:\windows\SysWow64\runouce.exe

2012-05-01 13:31:56 -------- d---a-w- C:\windows\rundll16.exe

2012-05-01 13:31:56 -------- d---a-w- C:\windows\RUNDL132.EXE

2012-05-01 13:31:56 -------- d---a-w- C:\windows\logo1_.exe

2012-05-01 13:31:56 -------- d---a-w- C:\windows\logo_1.exe

2012-05-01 13:29:52 632064 ----a-w- C:\windows\SysWow64\msvcr80.dll

2012-05-01 13:29:51 554240 ----a-w- C:\windows\SysWow64\msvcp80.dll

2012-05-01 13:29:50 34048 ----a-w- C:\windows\SysWow64\eEmpty.exe

2012-05-01 13:29:46 -------- d-----w- C:\Program Files (x86)\Common Files\MicroWorld

2012-05-01 13:29:43 -------- d-----w- C:\ProgramData\MicroWorld

2012-04-22 04:01:33 -------- d-----w- C:\Users\Jen\AppData\Local\adaware

2012-04-22 04:01:31 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2012-04-22 04:01:28 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys

2012-04-22 04:01:28 45904 ----a-w- C:\windows\System32\sbbd.exe

2012-04-22 04:01:26 60504 ----a-w- C:\windows\System32\drivers\sbhips.sys

2012-04-22 04:01:24 94296 ----a-w- C:\windows\System32\drivers\sbtis.sys

2012-04-22 04:01:05 84568 ----a-w- C:\windows\System32\drivers\SbFwIm.sys

2012-04-22 04:01:05 253528 ----a-w- C:\windows\System32\drivers\SbFw.sys

2012-04-22 04:01:04 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2012-04-22 04:00:12 -------- d-----w- C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus

2012-04-22 03:34:24 -------- d-----w- C:\ProgramData\PCPitstop

2012-04-22 03:33:53 -------- d-----w- C:\Program Files (x86)\PCPitstop

2012-04-21 18:21:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-21 18:21:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-21 01:17:39 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB1D84BB-8CEC-44FA-8B20-BB413C03DDEE}\mpengine.dll

2012-04-17 19:02:25 -------- d-----w- C:\Users\Jen\AppData\Local\Tific

2012-04-12 16:12:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-04-12 16:12:43 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-04-12 16:12:42 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 16:12:42 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-04-12 16:09:44 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-12 16:09:44 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-12 16:09:44 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-12 16:09:43 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-12 16:09:43 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-12 16:09:43 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-12 16:09:43 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-07 16:26:03 8741536 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-07 15:33:02 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-06 02:26:44 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-04-06 02:26:44 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-04-22 03:30:18 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr

2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-14 19:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

.

============= FINISH: 6:18:09.20 ===============

 

 

Results of screen317's Security Check version 0.99.32

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Ad-Aware Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

Java 6 Update 25

Java version out of date!

Adobe Reader X (10.1.3)

Mozilla Firefox (11.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Ad-Aware Antivirus AdAwareService.exe

``````````End of Log````````````

Edited by nasdaq
Link obfuscated

Share this post


Link to post
Share on other sites

Earlier today the computer restarted while asleep. The windows window that popped up when I logged in again said " windows has recovered from an unexpected shutdown" I clicked show problem details and this is what it said:

 

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

 

Additional information about the problem:

BCCode: 9f

BCP1: 0000000000000003

BCP2: FFFFFA80049EBA10

BCP3: FFFFF80000B9C3D8

BCP4: FFFFFA8006BD6530

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

 

Files that help describe the problem:

C:\Windows\Minidump\050312-49592-01.dmp

C:\Users\Jen\AppData\Local\Temp\WER-77111-0.sysdata.xml

 

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

 

If the online privacy statement is not available, please read our privacy statement offline:

C:\windows\system32\en-US\erofflps.txt

Share this post


Link to post
Share on other sites

Welcome jenpenbrad to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

 

Just a few things before we begin:

 

:excl:Before proceeding:

  • In the upper right hand corner of this topic there is a button labelled Watch this topic. Please click this button, select Immediate E-Mail notification and then click Proceed to ensure you are notified when I reply.
  • Please back up your personal documents and files by copying them to a location other than your system drive.
  • Please open Notepad>Format and if Word Wrap is ticked, please select it to untick it.

 

:excl:For the duration of this topic:

Please DO NOT run, install and/or uninstall/remove any tools/ programs other than those I suggest to you in order to avoid conflicts and/or additional problems on your system. :thumbup:

 

 

:excl:When you receive new instructions:

  • Please read the whole post before carrying out any of the instructions.
  • All our tools must be downloaded to the Desktop and launched from there (unless I specify otherwise).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program unless I ask you to.
  • Please DO NOT plug in any external devices like USBs and Hard Drives unless I ask you to.
  • If you encounter any problems please stop and let me know.

 

:excl:When replying:

  • Please click the Add Reply button post-10-126012383895.gif so that my reply is not posted back to me. Thank you!
  • Please copy and paste your logs into your post unless I specifically ask you to attach one.

_________________________________________________________________________________________________________________________________

 

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

==========

 

Next, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

 

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
     
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
     
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

 

 

Finally, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

 

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

 

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

 

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

=========

 

In your next reply please post the following:

  • ComboFix.txt.
  • TDSSKiller log.
  • MBRCheck log.

How is your computer running now?

Share this post


Link to post
Share on other sites

Thanks! I think it got rid of the iphone pop up! Atleast I'm not seeing it on any pages at the moment.

 

Here are the logs:

 

ComboFix 12-05-05.07 - Jen 05/05/2012 20:10:59.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2740 [GMT -7:00]

Running from: c:\users\Jen\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\Roaming

c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83C5C05E-3381-41D9-BC45-D46249127439}.xps

c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA473EC2-C256-419A-9933-741484CF2E95}.xps

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\energy.exe

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\energy.sys

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\exec.exe

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\sld.dll

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys

.

.

((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))

.

.

2012-05-06 03:15 . 2012-05-06 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-03 15:41 . 2012-05-03 15:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-03 15:40 . 2012-05-03 15:40 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-03 15:40 . 2012-05-03 15:40 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-03 14:47 . 2012-05-03 14:48 -------- d-----w- c:\users\Jen\AppData\Roaming\QuickScan

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\programdata\Malwarebytes

2012-05-03 13:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\VDLL.DLL

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\SysWow64\runouce.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\rundll16.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\RUNDL132.EXE

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\logo1_.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\logo_1.exe

2012-05-01 13:29 . 2012-05-01 13:29 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-05-01 13:29 . 2012-05-01 13:29 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll

2012-05-01 13:29 . 2012-05-01 13:29 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\programdata\MicroWorld

2012-04-21 18:21 . 2012-04-21 19:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-21 18:21 . 2012-04-21 18:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-21 01:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1D84BB-8CEC-44FA-8B20-BB413C03DDEE}\mpengine.dll

2012-04-17 19:02 . 2012-04-17 19:03 -------- d-----w- c:\users\Jen\AppData\Local\Tific

2012-04-12 16:12 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-12 16:12 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 16:12 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 16:12 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 16:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 16:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 16:09 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 16:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 16:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-07 16:26 . 2012-05-06 02:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-07 15:33 . 2012-05-06 02:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 02:36 . 2011-08-09 05:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 01:37 . 2012-03-09 01:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 23:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 23:38 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 23:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 23:38 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-13 23:38 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-13 23:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-04-17 135608]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 19:44]

.

2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 02:37]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: keyword.URL - hxxp://srp.freecause.com/?ourmark=3&sid=100433&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~2\AD-AWA~1\AdAware.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-05 20:23:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-06 03:23

.

Pre-Run: 565,957,062,656 bytes free

Post-Run: 565,935,726,592 bytes free

.

- - End Of File - - 64777A91EC61E499EBAFC10CD00ADAEE

 

 

20:31:21.0877 2920 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

20:31:22.0775 2920 ============================================================

20:31:22.0775 2920 Current date / time: 2012/05/05 20:31:22.0775

20:31:22.0775 2920 SystemInfo:

20:31:22.0775 2920

20:31:22.0775 2920 OS Version: 6.1.7601 ServicePack: 1.0

20:31:22.0775 2920 Product type: Workstation

20:31:22.0775 2920 ComputerName: JEN-PC

20:31:22.0776 2920 UserName: Jen

20:31:22.0776 2920 Windows directory: C:\windows

20:31:22.0776 2920 System windows directory: C:\windows

20:31:22.0776 2920 Running under WOW64

20:31:22.0776 2920 Processor architecture: Intel x64

20:31:22.0776 2920 Number of processors: 4

20:31:22.0776 2920 Page size: 0x1000

20:31:22.0776 2920 Boot type: Normal boot

20:31:22.0776 2920 ============================================================

20:31:23.0721 2920 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:31:23.0729 2920 ============================================================

20:31:23.0729 2920 \Device\Harddisk0\DR0:

20:31:23.0729 2920 MBR partitions:

20:31:23.0730 2920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48867800

20:31:23.0730 2920 ============================================================

20:31:23.0753 2920 C: <-> \Device\Harddisk0\DR0\Partition0

20:31:23.0753 2920 ============================================================

20:31:23.0753 2920 Initialize success

20:31:23.0753 2920 ============================================================

20:31:26.0943 5320 ============================================================

20:31:26.0943 5320 Scan started

20:31:26.0943 5320 Mode: Manual;

20:31:26.0943 5320 ============================================================

20:31:28.0072 5320 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

20:31:28.0078 5320 1394ohci - ok

20:31:28.0189 5320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

20:31:28.0194 5320 ACPI - ok

20:31:28.0277 5320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

20:31:28.0279 5320 AcpiPmi - ok

20:31:28.0450 5320 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

20:31:28.0469 5320 Ad-Aware Service - ok

20:31:28.0561 5320 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:31:28.0563 5320 AdobeARMservice - ok

20:31:28.0751 5320 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:31:28.0756 5320 AdobeFlashPlayerUpdateSvc - ok

20:31:28.0926 5320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

20:31:28.0937 5320 adp94xx - ok

20:31:29.0000 5320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

20:31:29.0008 5320 adpahci - ok

20:31:29.0040 5320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

20:31:29.0045 5320 adpu320 - ok

20:31:29.0092 5320 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

20:31:29.0093 5320 AeLookupSvc - ok

20:31:29.0210 5320 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

20:31:29.0219 5320 AFD - ok

20:31:29.0258 5320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

20:31:29.0260 5320 agp440 - ok

20:31:29.0311 5320 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

20:31:29.0313 5320 ALG - ok

20:31:29.0344 5320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

20:31:29.0346 5320 aliide - ok

20:31:29.0362 5320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

20:31:29.0364 5320 amdide - ok

20:31:29.0379 5320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

20:31:29.0381 5320 AmdK8 - ok

20:31:29.0389 5320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

20:31:29.0392 5320 AmdPPM - ok

20:31:29.0417 5320 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

20:31:29.0420 5320 amdsata - ok

20:31:29.0465 5320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

20:31:29.0469 5320 amdsbs - ok

20:31:29.0490 5320 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

20:31:29.0491 5320 amdxata - ok

20:31:29.0529 5320 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

20:31:29.0531 5320 AppID - ok

20:31:29.0553 5320 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

20:31:29.0555 5320 AppIDSvc - ok

20:31:29.0594 5320 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

20:31:29.0596 5320 Appinfo - ok

20:31:29.0631 5320 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

20:31:29.0633 5320 arc - ok

20:31:29.0663 5320 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

20:31:29.0666 5320 arcsas - ok

20:31:29.0684 5320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

20:31:29.0686 5320 AsyncMac - ok

20:31:29.0727 5320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

20:31:29.0728 5320 atapi - ok

20:31:29.0811 5320 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

20:31:29.0825 5320 AudioEndpointBuilder - ok

20:31:29.0839 5320 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

20:31:29.0847 5320 AudioSrv - ok

20:31:29.0876 5320 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

20:31:29.0879 5320 AxInstSV - ok

20:31:29.0959 5320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

20:31:29.0968 5320 b06bdrv - ok

20:31:30.0021 5320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

20:31:30.0027 5320 b57nd60a - ok

20:31:30.0074 5320 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

20:31:30.0077 5320 BDESVC - ok

20:31:30.0110 5320 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

20:31:30.0111 5320 Beep - ok

20:31:30.0213 5320 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

20:31:30.0227 5320 BFE - ok

20:31:30.0318 5320 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll

20:31:30.0330 5320 BITS - ok

20:31:30.0386 5320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

20:31:30.0388 5320 blbdrive - ok

20:31:30.0432 5320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

20:31:30.0435 5320 bowser - ok

20:31:30.0475 5320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

20:31:30.0477 5320 BrFiltLo - ok

20:31:30.0488 5320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

20:31:30.0489 5320 BrFiltUp - ok

20:31:30.0526 5320 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

20:31:30.0530 5320 BridgeMP - ok

20:31:30.0584 5320 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

20:31:30.0587 5320 Browser - ok

20:31:30.0630 5320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

20:31:30.0636 5320 Brserid - ok

20:31:30.0678 5320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

20:31:30.0680 5320 BrSerWdm - ok

20:31:30.0691 5320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

20:31:30.0693 5320 BrUsbMdm - ok

20:31:30.0714 5320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

20:31:30.0715 5320 BrUsbSer - ok

20:31:30.0727 5320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

20:31:30.0729 5320 BTHMODEM - ok

20:31:30.0778 5320 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

20:31:30.0779 5320 bthserv - ok

20:31:30.0795 5320 catchme - ok

20:31:30.0826 5320 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

20:31:30.0828 5320 cdfs - ok

20:31:30.0877 5320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

20:31:30.0881 5320 cdrom - ok

20:31:30.0925 5320 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

20:31:30.0927 5320 CertPropSvc - ok

20:31:30.0961 5320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

20:31:30.0962 5320 circlass - ok

20:31:31.0039 5320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

20:31:31.0048 5320 CLFS - ok

20:31:31.0201 5320 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:31:31.0234 5320 clr_optimization_v2.0.50727_32 - ok

20:31:31.0405 5320 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:31:31.0408 5320 clr_optimization_v2.0.50727_64 - ok

20:31:31.0514 5320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:31:31.0570 5320 clr_optimization_v4.0.30319_32 - ok

20:31:31.0629 5320 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:31:31.0633 5320 clr_optimization_v4.0.30319_64 - ok

20:31:31.0671 5320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

20:31:31.0672 5320 CmBatt - ok

20:31:31.0682 5320 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

20:31:31.0683 5320 cmdide - ok

20:31:31.0748 5320 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

20:31:31.0753 5320 CNG - ok

20:31:31.0783 5320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

20:31:31.0784 5320 Compbatt - ok

20:31:31.0794 5320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

20:31:31.0795 5320 CompositeBus - ok

20:31:31.0808 5320 COMSysApp - ok

20:31:31.0827 5320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

20:31:31.0828 5320 crcdisk - ok

20:31:31.0865 5320 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

20:31:31.0870 5320 CryptSvc - ok

20:31:31.0951 5320 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

20:31:31.0967 5320 DcomLaunch - ok

20:31:32.0041 5320 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

20:31:32.0046 5320 defragsvc - ok

20:31:32.0095 5320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

20:31:32.0097 5320 DfsC - ok

20:31:32.0156 5320 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

20:31:32.0160 5320 Dhcp - ok

20:31:32.0179 5320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

20:31:32.0180 5320 discache - ok

20:31:32.0228 5320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

20:31:32.0229 5320 Disk - ok

20:31:32.0272 5320 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

20:31:32.0276 5320 Dnscache - ok

20:31:32.0313 5320 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

20:31:32.0318 5320 dot3svc - ok

20:31:32.0331 5320 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

20:31:32.0334 5320 DPS - ok

20:31:32.0379 5320 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

20:31:32.0380 5320 drmkaud - ok

20:31:32.0478 5320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

20:31:32.0492 5320 DXGKrnl - ok

20:31:32.0564 5320 e1cexpress (8563d1507431c77e295fe9a01ae8d014) C:\windows\system32\DRIVERS\e1c62x64.sys

20:31:32.0567 5320 e1cexpress - ok

20:31:32.0593 5320 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

20:31:32.0596 5320 EapHost - ok

20:31:32.0857 5320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

20:31:32.0914 5320 ebdrv - ok

20:31:33.0035 5320 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

20:31:33.0037 5320 EFS - ok

20:31:33.0158 5320 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

20:31:33.0171 5320 ehRecvr - ok

20:31:33.0186 5320 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

20:31:33.0190 5320 ehSched - ok

20:31:33.0309 5320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

20:31:33.0319 5320 elxstor - ok

20:31:33.0324 5320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

20:31:33.0325 5320 ErrDev - ok

20:31:33.0389 5320 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

20:31:33.0395 5320 EventSystem - ok

20:31:33.0579 5320 EvtEng (57e61dc4f7980d57c0b162fc5b9f0b38) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

20:31:33.0597 5320 EvtEng - ok

20:31:33.0754 5320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

20:31:33.0760 5320 exfat - ok

20:31:33.0786 5320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

20:31:33.0792 5320 fastfat - ok

20:31:33.0897 5320 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

20:31:33.0904 5320 Fax - ok

20:31:33.0932 5320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

20:31:33.0933 5320 fdc - ok

20:31:33.0973 5320 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

20:31:33.0974 5320 fdPHost - ok

20:31:33.0987 5320 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

20:31:33.0988 5320 FDResPub - ok

20:31:34.0007 5320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

20:31:34.0008 5320 FileInfo - ok

20:31:34.0032 5320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

20:31:34.0033 5320 Filetrace - ok

20:31:34.0045 5320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

20:31:34.0046 5320 flpydisk - ok

20:31:34.0081 5320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

20:31:34.0085 5320 FltMgr - ok

20:31:34.0190 5320 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

20:31:34.0206 5320 FontCache - ok

20:31:34.0256 5320 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:31:34.0258 5320 FontCache3.0.0.0 - ok

20:31:34.0297 5320 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

20:31:34.0299 5320 FsDepends - ok

20:31:34.0326 5320 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

20:31:34.0327 5320 Fs_Rec - ok

20:31:34.0387 5320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

20:31:34.0390 5320 fvevol - ok

20:31:34.0422 5320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

20:31:34.0423 5320 gagp30kx - ok

20:31:34.0514 5320 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

20:31:34.0525 5320 gpsvc - ok

20:31:34.0612 5320 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:31:34.0615 5320 gupdate - ok

20:31:34.0625 5320 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:31:34.0628 5320 gupdatem - ok

20:31:34.0675 5320 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

20:31:34.0679 5320 gusvc - ok

20:31:34.0709 5320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

20:31:34.0711 5320 hcw85cir - ok

20:31:34.0743 5320 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

20:31:34.0750 5320 HdAudAddService - ok

20:31:34.0787 5320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

20:31:34.0789 5320 HDAudBus - ok

20:31:34.0818 5320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

20:31:34.0820 5320 HidBatt - ok

20:31:34.0831 5320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

20:31:34.0834 5320 HidBth - ok

20:31:34.0841 5320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

20:31:34.0843 5320 HidIr - ok

20:31:34.0875 5320 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

20:31:34.0877 5320 hidserv - ok

20:31:34.0924 5320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

20:31:34.0925 5320 HidUsb - ok

20:31:34.0964 5320 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

20:31:34.0966 5320 hkmsvc - ok

20:31:35.0007 5320 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

20:31:35.0010 5320 HomeGroupListener - ok

20:31:35.0055 5320 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

20:31:35.0061 5320 HomeGroupProvider - ok

20:31:35.0108 5320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

20:31:35.0113 5320 HpSAMD - ok

20:31:35.0160 5320 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys

20:31:35.0162 5320 HTCAND64 - ok

20:31:35.0247 5320 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\windows\system32\DRIVERS\htcnprot.sys

20:31:35.0249 5320 htcnprot - ok

20:31:35.0330 5320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

20:31:35.0343 5320 HTTP - ok

20:31:35.0387 5320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

20:31:35.0388 5320 hwpolicy - ok

20:31:35.0430 5320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

20:31:35.0432 5320 i8042prt - ok

20:31:35.0502 5320 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

20:31:35.0507 5320 iaStor - ok

20:31:35.0663 5320 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

20:31:35.0671 5320 iaStorV - ok

20:31:35.0838 5320 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:31:35.0848 5320 idsvc - ok

20:31:36.0773 5320 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys

20:31:36.0994 5320 igfx - ok

20:31:37.0147 5320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

20:31:37.0149 5320 iirsp - ok

20:31:37.0264 5320 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

20:31:37.0277 5320 IKEEXT - ok

20:31:37.0326 5320 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys

20:31:37.0328 5320 intaud_WaveExtensible - ok

20:31:37.0597 5320 IntcAzAudAddService (51e8db3618d106a2b2849a00839cc452) C:\windows\system32\drivers\RTKVHD64.sys

20:31:37.0630 5320 IntcAzAudAddService - ok

20:31:37.0836 5320 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

20:31:37.0842 5320 IntcDAud - ok

20:31:37.0868 5320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

20:31:37.0869 5320 intelide - ok

20:31:37.0899 5320 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

20:31:37.0900 5320 intelppm - ok

20:31:37.0932 5320 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

20:31:37.0935 5320 IPBusEnum - ok

20:31:37.0963 5320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

20:31:37.0965 5320 IpFilterDriver - ok

20:31:38.0022 5320 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

20:31:38.0033 5320 iphlpsvc - ok

20:31:38.0061 5320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

20:31:38.0062 5320 IPMIDRV - ok

20:31:38.0071 5320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

20:31:38.0073 5320 IPNAT - ok

20:31:38.0103 5320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

20:31:38.0104 5320 IRENUM - ok

20:31:38.0118 5320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

20:31:38.0119 5320 isapnp - ok

20:31:38.0159 5320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

20:31:38.0163 5320 iScsiPrt - ok

20:31:38.0201 5320 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys

20:31:38.0202 5320 iwdbus - ok

20:31:38.0247 5320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

20:31:38.0249 5320 kbdclass - ok

20:31:38.0276 5320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

20:31:38.0277 5320 kbdhid - ok

20:31:38.0313 5320 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:31:38.0315 5320 KeyIso - ok

20:31:38.0342 5320 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

20:31:38.0343 5320 KSecDD - ok

20:31:38.0364 5320 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

20:31:38.0366 5320 KSecPkg - ok

20:31:38.0401 5320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

20:31:38.0403 5320 ksthunk - ok

20:31:38.0446 5320 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

20:31:38.0454 5320 KtmRm - ok

20:31:38.0497 5320 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

20:31:38.0501 5320 LanmanServer - ok

20:31:38.0538 5320 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

20:31:38.0542 5320 LanmanWorkstation - ok

20:31:38.0575 5320 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

20:31:38.0577 5320 lltdio - ok

20:31:38.0620 5320 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

20:31:38.0626 5320 lltdsvc - ok

20:31:38.0642 5320 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

20:31:38.0644 5320 lmhosts - ok

20:31:38.0739 5320 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:31:38.0745 5320 LMS - ok

20:31:38.0785 5320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

20:31:38.0787 5320 LSI_FC - ok

20:31:38.0816 5320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

20:31:38.0819 5320 LSI_SAS - ok

20:31:38.0828 5320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

20:31:38.0830 5320 LSI_SAS2 - ok

20:31:38.0841 5320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

20:31:38.0843 5320 LSI_SCSI - ok

20:31:38.0883 5320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

20:31:38.0885 5320 luafv - ok

20:31:38.0935 5320 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

20:31:38.0936 5320 MBAMProtector - ok

20:31:39.0028 5320 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:31:39.0038 5320 MBAMService - ok

20:31:39.0067 5320 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

20:31:39.0070 5320 Mcx2Svc - ok

20:31:39.0098 5320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

20:31:39.0099 5320 megasas - ok

20:31:39.0122 5320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

20:31:39.0126 5320 MegaSR - ok

20:31:39.0191 5320 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

20:31:39.0193 5320 MEIx64 - ok

20:31:39.0302 5320 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

20:31:39.0306 5320 MMCSS - ok

20:31:39.0350 5320 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

20:31:39.0352 5320 Modem - ok

20:31:39.0372 5320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

20:31:39.0374 5320 monitor - ok

20:31:39.0398 5320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

20:31:39.0399 5320 mouclass - ok

20:31:39.0425 5320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys

20:31:39.0426 5320 mouhid - ok

20:31:39.0469 5320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

20:31:39.0471 5320 mountmgr - ok

20:31:39.0531 5320 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:31:39.0535 5320 MozillaMaintenance - ok

20:31:39.0567 5320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

20:31:39.0571 5320 mpio - ok

20:31:39.0606 5320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

20:31:39.0609 5320 mpsdrv - ok

20:31:39.0691 5320 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

20:31:39.0708 5320 MpsSvc - ok

20:31:39.0733 5320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

20:31:39.0736 5320 MRxDAV - ok

20:31:39.0760 5320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

20:31:39.0762 5320 mrxsmb - ok

20:31:39.0808 5320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

20:31:39.0812 5320 mrxsmb10 - ok

20:31:39.0841 5320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

20:31:39.0843 5320 mrxsmb20 - ok

20:31:39.0857 5320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

20:31:39.0858 5320 msahci - ok

20:31:39.0890 5320 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

20:31:39.0892 5320 msdsm - ok

20:31:39.0928 5320 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

20:31:39.0933 5320 MSDTC - ok

20:31:39.0955 5320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

20:31:39.0965 5320 Msfs - ok

20:31:39.0989 5320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

20:31:39.0997 5320 mshidkmdf - ok

20:31:40.0008 5320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

20:31:40.0008 5320 msisadrv - ok

20:31:40.0032 5320 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

Please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    DDS::
    uInternet Settings,ProxyOverride = <local>
     
    File::
    c:\windows\SysWow64\runouce.exe
    c:\windows\rundll16.exe
    c:\windows\RUNDL132.EXE
    c:\windows\logo1_.exe
    c:\windows\logo_1.exe
     
    Firefox::
     
    FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\
    FF - prefs.js: keyword.URL - hxxp://srp.freecause.com/?ourmark=3&sid=100433&q=
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

==========

 

Next, please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis: You will only be able to have one file scanned at a time.

 

c:\windows\VDLL.DLL

 

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please cloick Reanalyze file now.

 

If Jotti is busy, please go to http://www.virustotal.com.

==========

 

Finally, please run a free online scan with the ESET Online Scanner.

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

==========

 

In your next post please provide the following:

  • ComboFix.txt.
  • Results from Jotti.
  • log.txt.

How is your computer running?

Share this post


Link to post
Share on other sites

I couldn't upload c:\windows\VDLL.DLL to Jotti because it is a folder that is empty. Is there a way to upload a folder or was I doing something wrong?

My computer went to sleep and restarted itself while running ESET. I restarted ESET and the log is at the bottom.

 

Here are the logs for ComboFix.txt.and log.txt(1st and 3rd things you asked me to run):

 

ComboFix 12-05-06.01 - Jen 05/06/2012 7:18.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2651 [GMT -7:00]

Running from: c:\users\Jen\Desktop\ComboFix.exe

Command switches used :: c:\users\Jen\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\logo_1.exe"

"c:\windows\logo1_.exe"

"c:\windows\RUNDL132.EXE"

"c:\windows\rundll16.exe"

"c:\windows\SysWow64\runouce.exe"

.

.

((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))

.

.

2012-05-06 14:22 . 2012-05-06 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-03 15:41 . 2012-05-03 15:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-03 15:40 . 2012-05-03 15:40 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-03 15:40 . 2012-05-03 15:40 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-03 14:47 . 2012-05-03 14:48 -------- d-----w- c:\users\Jen\AppData\Roaming\QuickScan

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\programdata\Malwarebytes

2012-05-03 13:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\VDLL.DLL

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\SysWow64\runouce.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\rundll16.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\RUNDL132.EXE

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\logo1_.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\logo_1.exe

2012-05-01 13:29 . 2012-05-01 13:29 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-05-01 13:29 . 2012-05-01 13:29 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll

2012-05-01 13:29 . 2012-05-01 13:29 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\programdata\MicroWorld

2012-04-21 18:21 . 2012-04-21 19:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-21 18:21 . 2012-04-21 18:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-21 01:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1D84BB-8CEC-44FA-8B20-BB413C03DDEE}\mpengine.dll

2012-04-17 19:02 . 2012-04-17 19:03 -------- d-----w- c:\users\Jen\AppData\Local\Tific

2012-04-12 16:12 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-12 16:12 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 16:12 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 16:12 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 16:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 16:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 16:09 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 16:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 16:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-07 16:26 . 2012-05-06 04:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-07 15:33 . 2012-05-06 04:26 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 04:26 . 2011-08-09 05:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 01:37 . 2012-03-09 01:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 23:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 23:38 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 23:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 23:38 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-13 23:38 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-13 23:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-06_03.18.07 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-05-06 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-05-06 03:28 34518 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-06 14:25 39988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-09-12 01:53 . 2012-05-06 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-12 01:53 . 2012-05-06 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-12 01:53 . 2012-05-06 02:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-09-12 01:53 . 2012-05-06 04:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-12 01:52 . 2012-05-06 14:25 8350 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729988672-1424739153-538692077-1001_UserData.bin

+ 2012-05-06 14:23 . 2012-05-06 14:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-06 03:17 . 2012-05-06 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-06 14:23 . 2012-05-06 14:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-06 03:17 . 2012-05-06 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe

+ 2012-04-07 15:33 . 2012-05-06 04:26 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

- 2012-04-07 15:33 . 2012-05-06 02:37 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2011-09-12 04:24 . 2012-05-06 13:03 254526 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-09-12 10:29 . 2012-05-06 10:32 271472 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-05-03 15:42 624412 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-06 03:31 624412 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-06 03:31 106756 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-03 15:42 106756 c:\windows\system32\perfc009.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe

+ 2011-09-13 19:50 . 2012-05-06 14:22 780880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-09-13 19:50 . 2012-05-06 03:16 780880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-05-06 14:22 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-06 03:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

+ 2012-05-06 04:26 . 2012-05-06 04:26 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

+ 2011-09-13 19:50 . 2012-05-06 14:22 39428456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729988672-1424739153-538692077-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-04-17 135608]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 19:44]

.

2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 04:26]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~2\AD-AWA~1\AdAware.exe

c:\program files (x86)\TOSHIBA\widimon\widimon.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-06 07:29:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-06 14:29

ComboFix2.txt 2012-05-06 03:23

.

Pre-Run: 565,738,455,040 bytes free

Post-Run: 565,675,634,688 bytes free

.

- - End Of File - - 3A2B0477AD055C8B23A720EFF8F04293

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Edited by jenpenbrad

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).


  •  
  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

 

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

 

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

 

Please do not reboot your computer.

 

Next, please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    File::
    c:\windows\SysWow64\runouce.exe
    c:\windows\rundll16.exe
    c:\windows\RUNDL132.EXE
    c:\windows\logo1_.exe
    c:\windows\logo_1.exe
     
    Folder::
    c:\windows\VDLL.DLL
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

==========

 

In your next post please provide the following:

  • ComboFix.txt.

How do things appear on your computer?

Share this post


Link to post
Share on other sites

Heya- thanks so much for your help!!

 

ok ran ComboFix again after rkill.exe, I didn't restart inbetween running the two, but ComboFix restarted the computer before it finished.

 

Here is the log:

 

ComboFix 12-05-06.01 - Jen 05/07/2012 18:17:47.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2774 [GMT -7:00]

Running from: c:\users\Jen\Desktop\ComboFix.exe

Command switches used :: c:\users\Jen\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\logo_1.exe"

"c:\windows\logo1_.exe"

"c:\windows\RUNDL132.EXE"

"c:\windows\rundll16.exe"

"c:\windows\SysWow64\runouce.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\VDLL.DLL

.

.

((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))

.

.

2012-05-08 01:21 . 2012-05-08 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-06 14:38 . 2012-05-06 14:38 -------- d-----w- c:\program files (x86)\ESET

2012-05-03 15:41 . 2012-05-03 15:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-03 15:40 . 2012-05-03 15:40 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-03 15:40 . 2012-05-03 15:40 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-03 14:47 . 2012-05-03 14:48 -------- d-----w- c:\users\Jen\AppData\Roaming\QuickScan

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\programdata\Malwarebytes

2012-05-03 13:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\SysWow64\runouce.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\rundll16.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\RUNDL132.EXE

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\logo1_.exe

2012-05-01 13:31 . 2012-05-01 13:31 -------- d---a-w- c:\windows\logo_1.exe

2012-05-01 13:29 . 2012-05-01 13:29 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-05-01 13:29 . 2012-05-01 13:29 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll

2012-05-01 13:29 . 2012-05-01 13:29 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\programdata\MicroWorld

2012-04-21 18:21 . 2012-04-21 19:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-21 18:21 . 2012-04-21 18:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-21 01:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1D84BB-8CEC-44FA-8B20-BB413C03DDEE}\mpengine.dll

2012-04-17 19:02 . 2012-04-17 19:03 -------- d-----w- c:\users\Jen\AppData\Local\Tific

2012-04-12 16:12 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-12 16:12 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 16:12 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 16:12 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 16:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 16:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 16:09 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 16:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 16:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 04:26 . 2012-04-07 15:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 04:26 . 2011-08-09 05:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 04:26 . 2012-04-07 16:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 01:37 . 2012-03-09 01:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 23:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 23:38 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 23:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 23:38 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-13 23:38 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-13 23:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-06_03.18.07 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-05-06 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-05-06 14:32 35414 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-06 15:53 40052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-09-12 01:53 . 2012-05-06 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-12 01:53 . 2012-05-06 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-12 01:53 . 2012-05-06 02:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-09-12 01:53 . 2012-05-06 04:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-12 01:52 . 2012-05-06 15:53 8434 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729988672-1424739153-538692077-1001_UserData.bin

+ 2012-05-08 01:22 . 2012-05-08 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-06 03:17 . 2012-05-06 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-06 03:17 . 2012-05-06 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-08 01:22 . 2012-05-08 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe

- 2012-04-07 15:33 . 2012-05-06 02:37 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-04-07 15:33 . 2012-05-06 04:26 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2011-09-12 04:24 . 2012-05-07 17:22 256638 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-09-12 10:29 . 2012-05-08 00:12 272924 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-05-06 17:20 624412 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-03 15:42 624412 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-06 17:20 106756 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-03 15:42 106756 c:\windows\system32\perfc009.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe

- 2011-09-13 19:50 . 2012-05-06 03:16 780880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-13 19:50 . 2012-05-08 01:21 780880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-05-06 03:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-08 01:21 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

+ 2011-09-13 19:50 . 2012-05-08 01:21 2186148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729988672-1424739153-538692077-1001-12288.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

+ 2011-09-13 19:50 . 2012-05-08 01:21 39449887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729988672-1424739153-538692077-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-04-17 135608]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 19:44]

.

2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 04:26]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~2\AD-AWA~1\AdAware.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-07 18:27:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-08 01:27

ComboFix2.txt 2012-05-06 14:29

ComboFix3.txt 2012-05-06 03:23

.

Pre-Run: 565,370,523,648 bytes free

Post-Run: 565,311,930,368 bytes free

.

- - End Of File - - 68EE88D736F12841EA7989159A315157

Edited by jenpenbrad

Share this post


Link to post
Share on other sites

Hello jenpenbrad. :)

 

Please download OTL.exe by OldTimer to your Desktop.

 

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

     
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Share this post


Link to post
Share on other sites

Heya Dark Knight!

 

Here are those logs:

 

OTL logfile created on: 5/9/2012 3:43:31 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Jen\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.91 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 68.86% Memory free

7.81 Gb Paging File | 5.83 Gb Available in Paging File | 74.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 580.20 Gb Total Space | 526.30 Gb Free Space | 90.71% Space Free | Partition Type: NTFS

 

Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/05/09 15:41:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

PRC - [2012/04/17 12:02:24 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe

PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

PRC - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

PRC - [2010/12/25 16:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe

PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files (x86)\Ad-Aware Antivirus\ThreatWork.dll

MOD - [2012/02/16 09:59:40 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll

MOD - [2012/02/16 09:58:49 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/16 09:58:46 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/16 09:58:44 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011/12/20 14:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll

MOD - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

MOD - [2011/12/20 14:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll

MOD - [2011/12/20 14:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll

MOD - [2011/12/20 14:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll

MOD - [2011/12/20 14:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll

MOD - [2011/12/20 14:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll

MOD - [2011/12/20 14:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll

MOD - [2011/12/20 14:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll

MOD - [2011/11/02 06:40:11 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/07/01 11:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2011/06/09 21:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2011/06/01 12:38:30 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2011/06/01 12:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/06/01 12:19:58 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2011/05/24 09:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2011/05/17 14:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2011/04/20 15:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/05 21:26:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/03 08:40:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/17 12:02:24 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)

SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/28 16:18:14 | 000,342,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®

DRV:64bit: - [2011/06/26 18:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/06/21 15:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/06/21 15:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011/05/01 14:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)

DRV:64bit: - [2011/04/22 09:03:00 | 000,101,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)

DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)

DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011/03/23 17:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/03/12 18:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 12:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F2CA00E0-4D9A-45F0-B3C7-50741539985C}

IE:64bit: - HKLM\..\SearchScopes\{F2CA00E0-4D9A-45F0-B3C7-50741539985C}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {F2CA00E0-4D9A-45F0-B3C7-50741539985C}

IE - HKLM\..\SearchScopes\{F2CA00E0-4D9A-45F0-B3C7-50741539985C}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {F2CA00E0-4D9A-45F0-B3C7-50741539985C}

IE - HKCU\..\SearchScopes\{F2CA00E0-4D9A-45F0-B3C7-50741539985C}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.useDBForOrder: true

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 08:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/21 21:01:40 | 000,000,000 | ---D | M]

 

[2011/09/11 19:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen\AppData\Roaming\Mozilla\Extensions

[2012/05/03 07:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\extensions

[2012/05/03 07:47:47 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012/01/26 18:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/01/26 18:39:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/05/03 08:40:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/05 19:26:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/05 19:26:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Skype Click to Call = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: Norton Identity Protection = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\

CHR - Extension: Norton Identity Protection = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\

 

O1 HOSTS File: ([2012/05/07 18:23:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)

O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe ()

O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{775EE4A8-0670-415D-A49E-AF038834EB19}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\windows\SysWow64\ff_vfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/09 15:41:29 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/05/07 18:29:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/07 18:27:37 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/05/06 07:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/05/05 20:30:40 | 000,000,000 | ---D | C] -- C:\Users\Jen\Desktop\tdsskiller

[2012/05/05 20:08:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/05/05 20:08:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/05/05 20:08:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/05/05 20:08:11 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/05/05 20:08:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/05 20:05:35 | 004,485,446 | R--- | C] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/05/03 08:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/03 08:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/03 07:47:54 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\QuickScan

[2012/05/03 06:06:30 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Malwarebytes

[2012/05/03 06:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/03 06:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/03 06:06:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/05/03 06:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/01 06:31:56 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\runouce.exe

[2012/05/01 06:31:56 | 000,000,000 | ---D | C] -- C:\windows\rundll16.exe

[2012/05/01 06:31:56 | 000,000,000 | ---D | C] -- C:\windows\RUNDL132.EXE

[2012/05/01 06:31:56 | 000,000,000 | ---D | C] -- C:\windows\logo1_.exe

[2012/05/01 06:31:56 | 000,000,000 | ---D | C] -- C:\windows\logo_1.exe

[2012/05/01 06:29:52 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr80.dll

[2012/05/01 06:29:51 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp80.dll

[2012/05/01 06:29:50 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\eEmpty.exe

[2012/05/01 06:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld

[2012/05/01 06:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld

[2012/04/28 21:23:16 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012/04/21 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\adaware

[2012/04/21 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/04/21 21:01:28 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys

[2012/04/21 21:01:28 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\sbbd.exe

[2012/04/21 21:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012/04/21 21:01:26 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbhips.sys

[2012/04/21 21:01:24 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbtis.sys

[2012/04/21 21:01:05 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFw.sys

[2012/04/21 21:01:05 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFwIm.sys

[2012/04/21 21:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/04/21 21:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012/04/21 21:00:12 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus

[2012/04/21 20:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop

[2012/04/21 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop

[2012/04/21 11:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/04/21 11:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/04/21 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/04/17 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Tific

[2012/04/12 09:13:04 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/04/12 09:13:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/04/12 09:13:03 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/04/12 09:13:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/04/12 09:13:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/04/12 09:13:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/04/12 09:13:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/04/12 09:13:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/04/12 09:13:01 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/04/12 09:13:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/04/12 09:13:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/04/12 09:12:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012/04/12 09:12:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012/04/12 09:12:42 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012/04/12 09:09:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll

[2012/04/12 09:09:44 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys

[2012/04/12 09:09:43 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/09 15:48:05 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/09 15:41:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/05/09 15:40:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/05/09 15:26:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/05/09 06:48:51 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/08 19:18:37 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/08 19:18:37 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/08 19:15:46 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/05/08 19:15:46 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/05/08 19:15:45 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/05/08 19:10:54 | 3145,273,344 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/07 18:23:07 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/05/06 17:41:28 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012/05/06 08:51:48 | 486,211,179 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/05/06 07:17:01 | 004,485,446 | R--- | M] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/05/05 21:26:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/05/05 21:26:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/05/05 21:26:07 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012/05/05 20:35:40 | 000,080,384 | ---- | M] () -- C:\Users\Jen\Desktop\MBRCheck(1).exe

[2012/05/05 20:30:08 | 002,055,783 | ---- | M] () -- C:\Users\Jen\Desktop\tdsskiller.zip

[2012/05/03 08:37:04 | 000,414,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/05/01 06:30:47 | 000,000,028 | ---- | M] () -- C:\windows\Lic.xxx

[2012/05/01 06:29:51 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr80.dll

[2012/05/01 06:29:50 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp80.dll

[2012/05/01 06:29:49 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\windows\SysWow64\eEmpty.exe

[2012/04/26 20:06:35 | 000,001,682 | ---- | M] () -- C:\windows\SysWow64\EmailAVConfig.xml

[2012/04/26 20:06:34 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml

[2012/04/21 20:38:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\SBFC.dat

[2012/04/21 12:46:35 | 003,262,591 | ---- | M] () -- C:\Users\Jen\Desktop\DSC_4539.JPG

[2012/04/14 15:34:39 | 000,002,355 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/05/05 20:35:40 | 000,080,384 | ---- | C] () -- C:\Users\Jen\Desktop\MBRCheck(1).exe

[2012/05/05 20:30:07 | 002,055,783 | ---- | C] () -- C:\Users\Jen\Desktop\tdsskiller.zip

[2012/05/05 20:08:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/05/05 20:08:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/05/05 20:08:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/05/05 20:08:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/05/05 20:08:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/05/01 06:30:47 | 000,000,028 | ---- | C] () -- C:\windows\Lic.xxx

[2012/04/28 21:23:04 | 486,211,179 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012/04/26 20:06:35 | 000,001,682 | ---- | C] () -- C:\windows\SysWow64\EmailAVConfig.xml

[2012/04/26 20:06:34 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml

[2012/04/21 21:05:58 | 000,000,940 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012/04/21 20:38:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\SBFC.dat

[2012/04/21 12:43:18 | 003,262,591 | ---- | C] () -- C:\Users\Jen\Desktop\DSC_4539.JPG

[2012/04/14 15:34:39 | 000,002,355 | ---- | C] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk

[2011/12/11 14:49:01 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll

[2011/11/11 09:40:21 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat

[2011/09/13 10:52:28 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/06/26 18:53:56 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/06/26 18:53:56 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/06/26 18:53:56 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/06/26 18:48:56 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2011/06/26 18:28:06 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2011/08/08 22:33:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012/05/07 18:27:34 | 000,026,582 | ---- | M] () -- C:\ComboFix.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2012/05/08 19:10:54 | 3145,273,344 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2012/05/08 19:11:04 | 4193,701,888 | -HS- | M] () -- C:\pagefile.sys

[2012/05/07 18:09:06 | 000,000,488 | ---- | M] () -- C:\rkill.log

[2012/05/05 20:33:13 | 000,128,980 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_05.05.2012_20.31.21_log.txt

[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2011/10/19 22:04:30 | 000,007,799 | ---- | M] () -- C:\WirelessDiagLog.csv

 

< %systemroot%\*. /mp /s >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 

< End of report >

 

 

OTL Extras logfile created on: 5/9/2012 3:43:31 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Jen\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.91 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 68.86% Memory free

7.81 Gb Paging File | 5.83 Gb Available in Paging File | 74.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 580.20 Gb Total Space | 526.30 Gb Free Space | 90.71% Space Free | Partition Type: NTFS

 

Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Edited by jenpenbrad

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

Before we proceed with some file deletions, I would like you to scan some files first.

 

Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis: You will only be able to have one file scanned at a time.

 

C:\windows\Lic.xxx

C:\windows\logo_1.exe

C:\windows\logo1_.exe

C:\windows\RUNDL132.EXE

C:\windows\rundll16.exe

C:\windows\SysWow64\runouce.exe

 

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please click Reanalyze file now.

 

If Jotti is busy, please go to http://www.virustotal.com.

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

Good Evening!

 

I could only scan 2 because the other 4 are folder names and each folder is empty. Here are the two I could scan and the reports:

 

Filename: Lic.xxx

Status:

Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Fri 11 May 2012 03:24:59 (CET) Permalink

 

Filename: runonce.exe

Status:

Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Fri 11 May 2012 03:30:04 (CET) Permalink

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

Before we proceed any further, could you please have the file C:\windows\SysWow64\runouce.exe scanned, making sure you do not have runonce scanned, as the important thing here is that a u is replacing the n.

 

Please post the results of that scan in your next reply. :thumbup:

Share this post


Link to post
Share on other sites

All good jenpenbrad. :)

 

Please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    Folder::
    C:\windows\logo_1.exe
    C:\windows\logo1_.exe
    C:\windows\RUNDL132.EXE
    C:\windows\rundll16.exe
    C:\windows\SysWow64\runouce.exe
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

 

Are there any current problems on your computer?

Share this post


Link to post
Share on other sites

Hello Dark Knight!

 

My computer decided to do an 18 part windows update last night after I ran ComboFix. Here is the log:

 

ComboFix 12-05-10.05 - Jen 05/10/2012 19:44:01.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2710 [GMT -7:00]

Running from: c:\users\Jen\Desktop\ComboFix.exe

Command switches used :: c:\users\Jen\Desktop\cfscript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\logo_1.exe

c:\windows\logo1_.exe

c:\windows\RUNDL132.EXE

c:\windows\rundll16.exe

c:\windows\SysWow64\runouce.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))

.

.

2012-05-11 02:47 . 2012-05-11 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-06 14:38 . 2012-05-06 14:38 -------- d-----w- c:\program files (x86)\ESET

2012-05-03 15:41 . 2012-05-03 15:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-03 15:40 . 2012-05-03 15:40 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-03 15:40 . 2012-05-03 15:40 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-03 14:47 . 2012-05-03 14:48 -------- d-----w- c:\users\Jen\AppData\Roaming\QuickScan

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\programdata\Malwarebytes

2012-05-03 13:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 13:06 . 2012-05-03 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-01 13:29 . 2012-05-01 13:29 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll

2012-05-01 13:29 . 2012-05-01 13:29 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll

2012-05-01 13:29 . 2012-05-01 13:29 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld

2012-05-01 13:29 . 2012-05-01 13:29 -------- d-----w- c:\programdata\MicroWorld

2012-04-21 18:21 . 2012-04-21 19:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-21 18:21 . 2012-04-21 18:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-21 01:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1D84BB-8CEC-44FA-8B20-BB413C03DDEE}\mpengine.dll

2012-04-17 19:02 . 2012-04-17 19:03 -------- d-----w- c:\users\Jen\AppData\Local\Tific

2012-04-12 16:12 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-12 16:12 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 16:12 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 16:12 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 16:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 16:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 16:09 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 16:09 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 16:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 16:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 04:26 . 2012-04-07 15:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 04:26 . 2011-08-09 05:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 04:26 . 2012-04-07 16:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 01:37 . 2012-03-09 01:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 23:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 23:38 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 23:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 23:38 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-06_03.18.07 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-05-06 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-05-08 12:38 37104 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-10 02:47 40234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-09-12 01:53 . 2012-05-06 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-12 01:53 . 2012-05-06 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-12 01:53 . 2012-05-06 02:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-09-12 01:53 . 2012-05-06 04:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-06 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-12 01:52 . 2012-05-10 02:47 8482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729988672-1424739153-538692077-1001_UserData.bin

+ 2012-05-11 02:48 . 2012-05-11 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-06 03:17 . 2012-05-06 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-06 03:17 . 2012-05-06 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-11 02:48 . 2012-05-11 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe

- 2012-04-07 15:33 . 2012-05-06 02:37 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-04-07 15:33 . 2012-05-06 04:26 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2011-09-12 04:24 . 2012-05-10 12:53 257566 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-09-12 10:29 . 2012-05-11 00:05 274252 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-05-10 12:56 624412 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-03 15:42 624412 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-10 12:56 106756 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-03 15:42 106756 c:\windows\system32\perfc009.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe

- 2011-09-13 19:50 . 2012-05-06 03:16 780880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-13 19:50 . 2012-05-11 02:48 780880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-05-06 03:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-11 02:48 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

+ 2011-09-13 19:50 . 2012-05-08 01:21 2186148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729988672-1424739153-538692077-1001-12288.dat

+ 2012-05-06 04:26 . 2012-05-06 04:26 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

+ 2011-09-13 19:50 . 2012-05-11 02:48 39449887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729988672-1424739153-538692077-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-04-17 135608]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 19:44]

.

2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 04:26]

.

2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 05:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\5w34h5rp.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~2\AD-AWA~1\AdAware.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-10 19:53:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-11 02:53

ComboFix2.txt 2012-05-08 01:27

ComboFix3.txt 2012-05-06 14:29

ComboFix4.txt 2012-05-06 03:23

.

Pre-Run: 564,188,680,192 bytes free

Post-Run: 563,868,418,048 bytes free

.

- - End Of File - - DBB5B9EF4DB5F24DA18DBB8C97B2EF60

Edited by jenpenbrad

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

Are there any current issues on your computer?

 

In Internet Explorer, please do a scan with the Kaspersky Online Scanner.

 

Note: If you are using Windows Vista or 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report.
  • Now, click on the Save Report as button.
  • In the drop down box labelled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and Paste that information in your next post.

To optimise scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the Zoom to 75%. Once the license is accepted, reset to 100%.

Share this post


Link to post
Share on other sites

Hello jenpenbrad. :)

 

Please try this scan instead.

 

Please go here to run Panda ActiveScan 2.0

  • Click the big green Scan now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
  • Once the scan is completed, please hit the notepad icon next to the text Export to:.
  • Save it to a convenient location such as your Desktop.
  • Post the contents of the ActiveScan.txt in your next reply.

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

Hi!

 

Computer seems to be running normal at this point. I don't notice any of the problems that I was having before. Although according to this something is still on the computer, here is that log:

 

;***********************************************************************************************************************************************************************************

ANALYSIS: 2012-05-11 23:17:54

PROTECTIONS: 1

MALWARE: 9

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Lavasoft Ad-Aware No Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\pgm26feg.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\zk02fg1h.txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\6rr4mty0.txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\zl36b1hh.txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\2652bl3d.txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\51e5dn43.txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\tyo109wo.txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\wn9mosh9.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\zxos046j.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\5mnah1zs.txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\0tddydud.txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\jen\appdata\roaming\microsoft\windows\cookies\low\vqbxls6p.txt

09664291 Exploit/CVE-2011-3544 Virus/Trojan No 0 Yes No c:\users\jen\appdata\locallow\sun\java\deployment\cache\6.0\62\3b1c1d3e-30231136

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

That log is fine. :thumbup:

 

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

 

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows XP version:

http://www.java.com/en/download/manual.jsp

 

  • Save it to your Desktop.
  • Please go to Start > Control Panel > Add Or Remove Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

 

Please let me know in your next post if you have any issues installing the newest version of Java.

Share this post


Link to post
Share on other sites

Hiya,

 

My computer is running windows 7- I'm assuming this is still the correct Java?

 

I removed the older versions and installed the new one.

Share this post


Link to post
Share on other sites

Hey jenpenbrad. :)

 

Yep, all good. :thumbup:

 

A little housekeeping to uninstall ComboFix:

 

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

 

ComboFix /uninstall

 

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

 

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

 

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

 

 

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

 

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

 

Please consider installing and running the following program:

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

 

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

 

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

 

http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

 

 

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like Adblock Plus, NoScript and Web of Trust, can make it even more secure. Google Chrome or Opera are other good options.

 

Please also read Tony Klein's excellent article: How did I get infected in the first place.

 

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.