1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search engine redirect virus

Discussion in 'Virus & Other Malware Removal' started by bongsmoka420, Aug 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , 64 bit
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
    Processor Count: 4
    RAM: 3894 Mb
    Graphics Card: Intel(R) Graphics Media Accelerator HD, 1723 Mb
    Hard Drives: C: Total - 467737 MB, Free - 411125 MB;
    Motherboard: TOSHIBA, Portable PC, Base Board Version, Base Board Serial Number
    Antivirus: None


    I have one of them search engine redirecting viruses. The search engines don't redirect until you click one of the results that come up. Also I think part of it is that randomly a thing comes up saying I won something. I can't seem to find any usable help to solve this problem. Iobit Advanced System Care 4 Free, Iobit Malware Fighter, and Malwarebytes' Anti-Malware seem to detect and say they're fixing something but after I restart when Malwaresbytes' finishes I google something and the virus remains.

    Here's the 'HiJackThis' and 'DDS' logs and the Attach log is attached of course.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:57:00 PM, on 8/31/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16839)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\system32\nlssrv32.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 11624 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Owner at 15:38:48 on 2011-08-31
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2229 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    C:\windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\SysWOW64\nlssrv32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Windows\System32\ThpSrv.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\msiexec.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\SysWOW64\DllHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
    mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{54ED7A8D-1494-4A8D-8B37-538D2BC67A24} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B8543C1B-7828-408B-BB4A-61D04AE5CE27} : DhcpNameServer = 168.94.0.15 168.94.0.14
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-8-19 328536]
    R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-6-24 393112]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-1 13336]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-8-19 820568]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2009-6-7 61440]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-11-30 317296]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-1 2314240]
    R3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-8-19 33184]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 135664]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-28 1436424]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 135664]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-1 222720]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-1 51512]
    S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-8-19 21328]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-8-19 20336]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-08-31 20:30:54 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-31 20:30:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-08-21 22:04:24 -------- d-----we C:\windows\system64
    2011-08-20 02:23:11 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
    .
    ==================== Find3M ====================
    .
    2011-08-20 02:05:02 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
    2011-07-07 00:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 00:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-06-23 05:29:39 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe
    2011-06-23 04:38:05 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:38:04 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:27:14 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2011-06-21 06:20:48 1197056 ----a-w- C:\windows\System32\wininet.dll
    2011-06-21 06:20:06 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2011-06-21 05:36:36 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-06-21 05:35:05 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2011-06-21 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
    2011-06-21 04:26:02 386048 ----a-w- C:\windows\SysWow64\html.iec
    2011-06-15 09:58:31 212992 ----a-w- C:\windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
    .
    ============= FINISH: 15:39:47.70 ===============
     
  2. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    (top of list update)
     
  3. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
  4. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    also I wanted to add that I did notice that I have to click the internet explorer quick launch icon twice sometimes three times to get it start. if I just click once it highlights the icon like it's going to start up but goes away in a few seconds.
     
  5. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
  6. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    You may wish to Subscribe to this topic - at the bottom left corner of the page click Subscribe and you will be notified when you receive a reply.

    Thank you for your patience.
     
  7. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy bongsmoka420
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial post then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    IObit is a Rogue software based in China is stealing and incorporating proprietary databases and intellectual property into their software. Please read this link which explain why I do not recommend this kind of software.
    So please,
    Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
    Advanced System Care 4 free
    Iobit Malwarefighter




    Please download TDSSKiller.exe to your desktop.

    Execute TDSSKiller.exe and press Start Scan.
    • If Malicious objects are found
      • Ensure Cure is selected ( it should be by default )
      • Click Continue then click Reboot now.
    • If nothing will be found
      • Simply click Close.
    Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.



    Your DDS Log is a little bit out of date.

    Please launch DDS
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    Please post both in your next reply



    Please post in your next reply
    TDSSKiller Log
    dds.txt
    attach.txt
     
  8. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    thank you for picking up, reviewing, and replying to my thread. I'm so happy you did, I really appreciate it. This virus has me stumped. Usually I don't have a problem removing viruses, trojans, and malware, but this one's trouble for me.

    the TDSSKiller showed no Malicious threats found.
    here's all the logs you requested.

    2011/09/03 10:20:48.0442 9144 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
    2011/09/03 10:20:48.0739 9144 ================================================================================
    2011/09/03 10:20:48.0739 9144 SystemInfo:
    2011/09/03 10:20:48.0739 9144
    2011/09/03 10:20:48.0739 9144 OS Version: 6.1.7600 ServicePack: 0.0
    2011/09/03 10:20:48.0739 9144 Product type: Workstation
    2011/09/03 10:20:48.0739 9144 ComputerName: OWNER-PC
    2011/09/03 10:20:48.0739 9144 UserName: Owner
    2011/09/03 10:20:48.0739 9144 Windows directory: C:\windows
    2011/09/03 10:20:48.0739 9144 System windows directory: C:\windows
    2011/09/03 10:20:48.0739 9144 Running under WOW64
    2011/09/03 10:20:48.0739 9144 Processor architecture: Intel x64
    2011/09/03 10:20:48.0739 9144 Number of processors: 4
    2011/09/03 10:20:48.0739 9144 Page size: 0x1000
    2011/09/03 10:20:48.0739 9144 Boot type: Normal boot
    2011/09/03 10:20:48.0739 9144 ================================================================================
    2011/09/03 10:20:49.0878 9144 Initialize success
    2011/09/03 10:20:57.0428 9372 ================================================================================
    2011/09/03 10:20:57.0428 9372 Scan started
    2011/09/03 10:20:57.0428 9372 Mode: Manual;
    2011/09/03 10:20:57.0428 9372 ================================================================================
    2011/09/03 10:20:59.0238 9372 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
    2011/09/03 10:20:59.0347 9372 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
    2011/09/03 10:20:59.0519 9372 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
    2011/09/03 10:20:59.0565 9372 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
    2011/09/03 10:20:59.0690 9372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
    2011/09/03 10:20:59.0846 9372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
    2011/09/03 10:21:00.0002 9372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
    2011/09/03 10:21:00.0345 9372 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
    2011/09/03 10:21:00.0455 9372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
    2011/09/03 10:21:00.0673 9372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
    2011/09/03 10:21:00.0798 9372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
    2011/09/03 10:21:00.0938 9372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
    2011/09/03 10:21:01.0079 9372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    2011/09/03 10:21:01.0235 9372 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
    2011/09/03 10:21:01.0375 9372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
    2011/09/03 10:21:01.0484 9372 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
    2011/09/03 10:21:01.0562 9372 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
    2011/09/03 10:21:01.0734 9372 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
    2011/09/03 10:21:01.0781 9372 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
    2011/09/03 10:21:01.0874 9372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    2011/09/03 10:21:01.0921 9372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
    2011/09/03 10:21:02.0077 9372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
    2011/09/03 10:21:02.0217 9372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    2011/09/03 10:21:02.0280 9372 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    2011/09/03 10:21:02.0451 9372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    2011/09/03 10:21:02.0529 9372 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
    2011/09/03 10:21:02.0592 9372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/03 10:21:02.0623 9372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/03 10:21:02.0670 9372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    2011/09/03 10:21:02.0701 9372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    2011/09/03 10:21:02.0748 9372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    2011/09/03 10:21:02.0779 9372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    2011/09/03 10:21:02.0810 9372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
    2011/09/03 10:21:02.0888 9372 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    2011/09/03 10:21:02.0966 9372 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
    2011/09/03 10:21:03.0107 9372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
    2011/09/03 10:21:03.0153 9372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    2011/09/03 10:21:03.0247 9372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    2011/09/03 10:21:03.0263 9372 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
    2011/09/03 10:21:03.0309 9372 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
    2011/09/03 10:21:03.0356 9372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
    2011/09/03 10:21:03.0387 9372 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
    2011/09/03 10:21:03.0450 9372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
    2011/09/03 10:21:03.0621 9372 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
    2011/09/03 10:21:03.0699 9372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    2011/09/03 10:21:03.0793 9372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
    2011/09/03 10:21:03.0855 9372 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    2011/09/03 10:21:03.0902 9372 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
    2011/09/03 10:21:04.0043 9372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
    2011/09/03 10:21:04.0245 9372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
    2011/09/03 10:21:04.0261 9372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
    2011/09/03 10:21:04.0370 9372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    2011/09/03 10:21:04.0401 9372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    2011/09/03 10:21:04.0448 9372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
    2011/09/03 10:21:04.0511 9372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    2011/09/03 10:21:04.0542 9372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    2011/09/03 10:21:04.0573 9372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
    2011/09/03 10:21:04.0651 9372 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
    2011/09/03 10:21:04.0682 9372 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    2011/09/03 10:21:04.0713 9372 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
    2011/09/03 10:21:04.0776 9372 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
    2011/09/03 10:21:04.0854 9372 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    2011/09/03 10:21:04.0916 9372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
    2011/09/03 10:21:05.0119 9372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    2011/09/03 10:21:05.0197 9372 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
    2011/09/03 10:21:05.0322 9372 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
    2011/09/03 10:21:05.0431 9372 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
    2011/09/03 10:21:05.0509 9372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
    2011/09/03 10:21:05.0525 9372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
    2011/09/03 10:21:05.0540 9372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
    2011/09/03 10:21:05.0618 9372 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
    2011/09/03 10:21:05.0743 9372 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
    2011/09/03 10:21:05.0790 9372 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
    2011/09/03 10:21:05.0837 9372 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
    2011/09/03 10:21:05.0852 9372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    2011/09/03 10:21:06.0008 9372 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
    2011/09/03 10:21:06.0133 9372 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
    2011/09/03 10:21:06.0492 9372 igfx (0372c154226f7074cd150f475a4870a6) C:\windows\system32\DRIVERS\igdkmd64.sys
    2011/09/03 10:21:06.0819 9372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
    2011/09/03 10:21:06.0991 9372 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
    2011/09/03 10:21:07.0194 9372 IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\windows\system32\drivers\RTKVHD64.sys
    2011/09/03 10:21:07.0350 9372 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\windows\system32\DRIVERS\IntcDAud.sys
    2011/09/03 10:21:07.0459 9372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
    2011/09/03 10:21:07.0584 9372 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    2011/09/03 10:21:07.0693 9372 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/03 10:21:07.0787 9372 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
    2011/09/03 10:21:07.0880 9372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    2011/09/03 10:21:07.0911 9372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    2011/09/03 10:21:07.0958 9372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
    2011/09/03 10:21:07.0989 9372 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
    2011/09/03 10:21:08.0083 9372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    2011/09/03 10:21:08.0114 9372 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
    2011/09/03 10:21:08.0161 9372 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
    2011/09/03 10:21:08.0223 9372 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
    2011/09/03 10:21:08.0286 9372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    2011/09/03 10:21:08.0395 9372 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\windows\system32\DRIVERS\L1C62x64.sys
    2011/09/03 10:21:08.0551 9372 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    2011/09/03 10:21:08.0769 9372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
    2011/09/03 10:21:08.0832 9372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
    2011/09/03 10:21:08.0879 9372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/03 10:21:08.0894 9372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/03 10:21:08.0941 9372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    2011/09/03 10:21:08.0988 9372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
    2011/09/03 10:21:09.0019 9372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
    2011/09/03 10:21:09.0050 9372 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    2011/09/03 10:21:09.0097 9372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    2011/09/03 10:21:09.0128 9372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    2011/09/03 10:21:09.0191 9372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    2011/09/03 10:21:09.0222 9372 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
    2011/09/03 10:21:09.0237 9372 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
    2011/09/03 10:21:09.0269 9372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    2011/09/03 10:21:09.0300 9372 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
    2011/09/03 10:21:09.0347 9372 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
    2011/09/03 10:21:09.0393 9372 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/03 10:21:09.0456 9372 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/03 10:21:09.0487 9372 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
    2011/09/03 10:21:09.0518 9372 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
    2011/09/03 10:21:09.0565 9372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    2011/09/03 10:21:09.0596 9372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    2011/09/03 10:21:09.0612 9372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
    2011/09/03 10:21:09.0659 9372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    2011/09/03 10:21:09.0674 9372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    2011/09/03 10:21:09.0705 9372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    2011/09/03 10:21:09.0737 9372 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
    2011/09/03 10:21:09.0768 9372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    2011/09/03 10:21:09.0799 9372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    2011/09/03 10:21:09.0815 9372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
    2011/09/03 10:21:09.0846 9372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    2011/09/03 10:21:10.0049 9372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    2011/09/03 10:21:10.0251 9372 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
    2011/09/03 10:21:10.0532 9372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    2011/09/03 10:21:10.0797 9372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    2011/09/03 10:21:11.0000 9372 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
    2011/09/03 10:21:11.0156 9372 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
    2011/09/03 10:21:11.0343 9372 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
    2011/09/03 10:21:11.0515 9372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    2011/09/03 10:21:11.0687 9372 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
    2011/09/03 10:21:12.0077 9372 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
    2011/09/03 10:21:12.0435 9372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
    2011/09/03 10:21:12.0669 9372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    2011/09/03 10:21:12.0701 9372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    2011/09/03 10:21:12.0825 9372 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
    2011/09/03 10:21:13.0013 9372 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    2011/09/03 10:21:13.0153 9372 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
    2011/09/03 10:21:13.0247 9372 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
    2011/09/03 10:21:13.0387 9372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
    2011/09/03 10:21:13.0574 9372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
    2011/09/03 10:21:13.0808 9372 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
    2011/09/03 10:21:13.0980 9372 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
    2011/09/03 10:21:14.0183 9372 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
    2011/09/03 10:21:14.0339 9372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    2011/09/03 10:21:14.0510 9372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
    2011/09/03 10:21:14.0666 9372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    2011/09/03 10:21:14.0838 9372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    2011/09/03 10:21:15.0041 9372 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
    2011/09/03 10:21:15.0212 9372 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
    2011/09/03 10:21:15.0368 9372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
    2011/09/03 10:21:15.0555 9372 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
    2011/09/03 10:21:15.0696 9372 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
    2011/09/03 10:21:15.0852 9372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
    2011/09/03 10:21:16.0039 9372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
    2011/09/03 10:21:16.0101 9372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    2011/09/03 10:21:16.0179 9372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    2011/09/03 10:21:16.0257 9372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    2011/09/03 10:21:16.0367 9372 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
    2011/09/03 10:21:16.0523 9372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    2011/09/03 10:21:16.0679 9372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    2011/09/03 10:21:16.0881 9372 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
    2011/09/03 10:21:17.0069 9372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
    2011/09/03 10:21:17.0240 9372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    2011/09/03 10:21:17.0396 9372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    2011/09/03 10:21:17.0537 9372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    2011/09/03 10:21:17.0583 9372 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
    2011/09/03 10:21:17.0755 9372 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
    2011/09/03 10:21:18.0114 9372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    2011/09/03 10:21:18.0270 9372 RSUSBSTOR (a48f861547fdd1d68201c9216acfe6dc) C:\windows\system32\Drivers\RtsUStor.sys
    2011/09/03 10:21:18.0410 9372 RTL8187Se (3ec7911ed886dc5d8a9f70129254679c) C:\windows\system32\DRIVERS\RTL8187Se.sys
    2011/09/03 10:21:18.0473 9372 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
    2011/09/03 10:21:18.0504 9372 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
    2011/09/03 10:21:18.0566 9372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    2011/09/03 10:21:18.0613 9372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
    2011/09/03 10:21:18.0644 9372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
    2011/09/03 10:21:18.0769 9372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
    2011/09/03 10:21:18.0909 9372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    2011/09/03 10:21:18.0941 9372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    2011/09/03 10:21:18.0956 9372 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\drivers\sffp_sd.sys
    2011/09/03 10:21:18.0987 9372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
    2011/09/03 10:21:19.0081 9372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/03 10:21:19.0128 9372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
    2011/09/03 10:21:19.0190 9372 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\windows\system32\Drivers\SmartDefragDriver.sys
    2011/09/03 10:21:19.0268 9372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    2011/09/03 10:21:19.0315 9372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    2011/09/03 10:21:19.0409 9372 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
    2011/09/03 10:21:19.0455 9372 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
    2011/09/03 10:21:19.0502 9372 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
    2011/09/03 10:21:19.0580 9372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
    2011/09/03 10:21:19.0643 9372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    2011/09/03 10:21:19.0783 9372 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\windows\system32\DRIVERS\SynTP.sys
    2011/09/03 10:21:19.0923 9372 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
    2011/09/03 10:21:20.0142 9372 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
    2011/09/03 10:21:20.0235 9372 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
    2011/09/03 10:21:20.0345 9372 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    2011/09/03 10:21:20.0407 9372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    2011/09/03 10:21:20.0438 9372 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
    2011/09/03 10:21:20.0485 9372 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
    2011/09/03 10:21:20.0516 9372 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
    2011/09/03 10:21:20.0594 9372 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
    2011/09/03 10:21:20.0641 9372 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
    2011/09/03 10:21:20.0766 9372 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
    2011/09/03 10:21:20.0844 9372 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
    2011/09/03 10:21:20.0875 9372 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
    2011/09/03 10:21:20.0922 9372 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    2011/09/03 10:21:20.0969 9372 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
    2011/09/03 10:21:21.0015 9372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
    2011/09/03 10:21:21.0047 9372 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
    2011/09/03 10:21:21.0109 9372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
    2011/09/03 10:21:21.0140 9372 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
    2011/09/03 10:21:21.0171 9372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
    2011/09/03 10:21:21.0249 9372 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
    2011/09/03 10:21:21.0312 9372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
    2011/09/03 10:21:21.0359 9372 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
    2011/09/03 10:21:21.0405 9372 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
    2011/09/03 10:21:21.0452 9372 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
    2011/09/03 10:21:21.0483 9372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
    2011/09/03 10:21:21.0530 9372 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/03 10:21:21.0608 9372 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
    2011/09/03 10:21:21.0717 9372 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
    2011/09/03 10:21:21.0795 9372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
    2011/09/03 10:21:21.0842 9372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    2011/09/03 10:21:21.0858 9372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    2011/09/03 10:21:21.0889 9372 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
    2011/09/03 10:21:21.0920 9372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
    2011/09/03 10:21:21.0951 9372 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
    2011/09/03 10:21:21.0983 9372 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
    2011/09/03 10:21:22.0014 9372 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
    2011/09/03 10:21:22.0076 9372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
    2011/09/03 10:21:22.0107 9372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    2011/09/03 10:21:22.0139 9372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    2011/09/03 10:21:22.0170 9372 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
    2011/09/03 10:21:22.0201 9372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
    2011/09/03 10:21:22.0232 9372 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
    2011/09/03 10:21:22.0263 9372 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
    2011/09/03 10:21:22.0466 9372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
    2011/09/03 10:21:22.0544 9372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    2011/09/03 10:21:22.0747 9372 wdkmd (adcb28896d433d68103a1670fa3d5ee5) C:\windows\system32\DRIVERS\WDKMD.sys
    2011/09/03 10:21:22.0903 9372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    2011/09/03 10:21:22.0981 9372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    2011/09/03 10:21:23.0231 9372 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
    2011/09/03 10:21:23.0387 9372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
    2011/09/03 10:21:23.0574 9372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    2011/09/03 10:21:23.0652 9372 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
    2011/09/03 10:21:23.0777 9372 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
    2011/09/03 10:21:23.0870 9372 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    2011/09/03 10:21:23.0901 9372 Boot (0x1200) (c1e8066dfca7ecfecf54428ff810fd28) \Device\Harddisk0\DR0\Partition0
    2011/09/03 10:21:23.0901 9372 ================================================================================
    2011/09/03 10:21:23.0901 9372 Scan finished
    2011/09/03 10:21:23.0901 9372 ================================================================================
    2011/09/03 10:21:23.0917 7044 Detected object count: 0
    2011/09/03 10:21:23.0917 7044 Actual detected object count: 0
    2011/09/03 10:21:45.0679 0972 Deinitialize success



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Owner at 10:32:35 on 2011-09-03
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2461 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\SysWOW64\nlssrv32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\TODDSrv.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{54ED7A8D-1494-4A8D-8B37-538D2BC67A24} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B8543C1B-7828-408B-BB4A-61D04AE5CE27} : DhcpNameServer = 168.94.0.15 168.94.0.14
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-1 13336]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2009-6-7 61440]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-1 2314240]
    R3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 135664]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-11-30 317296]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-28 1436424]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 135664]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-1 222720]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-1 51512]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-08-31 20:30:54 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-31 20:30:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-08-23 19:33:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2011-08-23 19:33:01 2048 ----a-w- C:\windows\System32\tzres.dll
    2011-08-21 22:04:24 -------- d-----we C:\windows\system64
    2011-08-20 02:23:11 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
    .
    ==================== Find3M ====================
    .
    2011-08-20 02:05:02 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
    2011-07-07 00:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 00:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-06-23 05:29:39 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe
    2011-06-23 04:38:05 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:38:04 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:27:14 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2011-06-21 06:20:48 1197056 ----a-w- C:\windows\System32\wininet.dll
    2011-06-21 06:20:06 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2011-06-21 05:36:36 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-06-21 05:35:05 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2011-06-21 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
    2011-06-21 04:26:02 386048 ----a-w- C:\windows\SysWow64\html.iec
    2011-06-15 09:58:31 212992 ----a-w- C:\windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
    .
    ============= FINISH: 10:33:51.47 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/1/2011 6:28:45 PM
    System Uptime: 9/3/2011 12:53:42 AM (10 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 1586/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 457 GiB total, 401.556 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    ==== System Restore Points ===================
    .
    RP57: 8/19/2011 9:22:28 PM - Windows Modules Installer
    RP58: 8/21/2011 5:07:28 PM - Windows Update
    RP59: 8/31/2011 1:27:10 PM - Removed Autodesk Material Library 2011.
    RP60: 8/31/2011 1:29:31 PM - Removed Autodesk Material Library 2011 Base Image library.
    RP61: 8/31/2011 3:02:25 PM - Installed HiJackThis
    RP62: 8/31/2011 3:24:57 PM - Removed HiJackThis
    RP63: 8/31/2011 3:30:32 PM - Installed HiJackThis
    RP64: 8/31/2011 4:06:27 PM - Windows Update
    RP65: 9/3/2011 10:17:02 AM - Removed IObit Toolbar v4.5.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1
    AIM 7
    Akamai NetSession Interface
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Download Updater (AOL LLC)
    DVDneXtCOPY 4 neXtTech
    FARO LS 1.1.406.58
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDMI Control Manager
    HiJackThis
    Hotfix for Office (KB975927)
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java(TM) 6 Update 14
    Junk Mail filter update
    Kobo
    Machinist 2
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Roxio Burn
    Roxio Express Labeler 3
    Roxio Roxio Burn
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.1
    Smart Defrag 2
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    uTorrentBar Toolbar
    VLC media player 1.1.10
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/2/2011 10:15:17 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    9/2/2011 10:14:44 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    9/2/2011 10:14:44 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    9/2/2011 10:14:33 AM, Error: volmgr [46] - Crash dump initialization failed!
    8/31/2011 8:47:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
    8/31/2011 8:47:56 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  9. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    Your logs are looking good. Do you use a Router ?

    I need to see the most recent Logfile of Malwarebytes ?

    Launch MBAM --> Tab Logs --> click on the most recent log. A notepad window will appear. Please copy/paste the contents here.



    Please start all tools with Right- click --> Run as Administrator



    Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
    Smart Defrag 2 ( << IObit Software )
    Conduit Engine
    uTorrentBar Toolbar

    Conduit toolbars are reputed to have a certain trackware functionality.



    Please press the [​IMG] + R Key and Copy/Paste the following single-line command into the Run box and click OK

    ipconfig /flushdns



    Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    You can use this thread as a guide.

    Please include the C:\ComboFix.txt in your next reply for further review.




    I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

    Here are a few very good free Antivirus products which are available: Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Install, update definitions, and run a full system scan with the Anti-Virus of your choice.



    Please post in your next reply
    MBAM Log
    Combofix.txt
    How is your system running now ?
     
  10. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org
    Database version: 7620
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    8/31/2011 2:17:18 PM
    mbam-log-2011-08-31 (14-17-18).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 405317
    Time elapsed: 29 minute(s), 56 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\program files (x86)\iobit toolbar\IE\4.5\iobittoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.











    ComboFix 11-09-05.05 - Owner 09/05/2011 20:30:01.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2814 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Local\mnb.exe
    c:\windows\system32\consrv.dll
    c:\windows\system32\Thumbs.db
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-06 01:36 . 2011-09-06 01:36 -------- d-----w- c:\users\ty\AppData\Local\temp
    2011-08-31 20:30 . 2011-08-31 20:30 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-31 20:30 . 2011-08-31 20:30 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-08-23 19:33 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 19:33 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-21 16:03 . 2011-08-21 16:04 -------- d-----w- c:\users\ty.Owner-PC.002
    2011-08-20 02:23 . 2011-08-20 02:23 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-08-13 16:22 . 2011-08-16 23:07 -------- d-----w- c:\users\ty.Owner-PC.001
    2011-08-11 17:46 . 2011-07-22 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-20 02:05 . 2011-05-13 16:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-16 04:32 . 2011-08-11 17:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-07 00:52 . 2011-04-19 05:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 00:52 . 2011-04-19 05:00 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 02:56 . 2011-07-14 19:24 3134464 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-02 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 135664]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-12-01 317296]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-28 1436424]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 135664]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-01 222720]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 16:09]
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02 16:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928]
    "combofix"="c:\combofix\CF27988.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    Toolbar-Locked - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,7b,4f,e7,d1,18,72,45,b1,1e,fe,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,7b,4f,e7,d1,18,72,45,b1,1e,fe,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\nlssrv32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-05 20:44:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-06 01:44
    .
    Pre-Run: 440,054,714,368 bytes free
    Post-Run: 439,430,512,640 bytes free
    .
    - - End Of File - - 3751B6504DBC9654C02C22B296D94342






    the virus seems to have been removed now. search engines work just fine when clicking links. IE comes on with one click on quick launch. I installed avast.

    thanks a lot. this was a great experience. let me know if there's anything else you feel I could use some help with, virus prevention or something.
     
  11. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy again,

    A few things we have to do and I will give you some tips for prevention at the end of the cleaning process :)


    Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
    • Click Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts

    When the installation is complete go to Add/Remove Programs and uninstall all previous versions.



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    • Download the latest version of Java Runtime Enviroment ( JRE ) 7 and save it to your desktop.
    • Scroll down to where it says Java SE 7
    • Click the red Download JRE button on the right.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7-windows-i586-p.exe to install the newest version.

    After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Make sure all are checked
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click Start
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log in your next reply.



    Please launch DDS
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    Please post both in your next reply.



    Please post in your next reply
    log.txt
    dds.txt
    attach.txt
     
  12. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hello, are you still with us?

    If you do not reply within 24 hours I will unsubscribe this thread and wont be notified about new replies.
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    As it's important to reply in a timely manner when removing malware and even more so when a trainee is involved, Larusso is unsubscribing from this thread to move on to help someone else who is waiting patiently for assistance.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1015364