1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus/malware removal

Discussion in 'Virus & Other Malware Removal' started by Alaina, Jan 30, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Alaina

    Alaina Thread Starter

    Joined:
    Jan 24, 2013
    Messages:
    6
    I came to this site when searching what it meant when certain words on each webpage are hyperlinked. I have lots of those and really gross ads on some of the sites I visit. My free anit virus program says everything is ok but I doubt it. Thank you in advance for your help with this. The details of the system I am using are in my profile.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:41:09 PM, on 1/24/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Users\Alana\AppData\Roaming\Smilebox\SmileboxTray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Alana\Downloads\SysInfo.exe
    C:\Users\Alana\Downloads\HijackThis.exe
    C:\Users\Alana\Downloads\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://consultants.slumberparties.com/Login.aspx?ReturnUrl=/Default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Alana\AppData\Roaming\Smilebox\SmileboxTray.exe"
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Unknown owner - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (file missing)
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13822 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Alana at 20:46:15 on 2013-01-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.1606 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\windows\System32\alg.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\TECO\Teco.exe
    C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
    C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Users\Alana\AppData\Roaming\Smilebox\SmileboxTray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://consultants.slumberparties.com/Login.aspx?ReturnUrl=%2fDefault.aspx
    uDefault_Page_URL = hxxp://start.toshiba.com/g/
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe,
    BHO: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    TB: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [SmileboxTray] "C:\Users\Alana\AppData\Roaming\Smilebox\SmileboxTray.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 24.178.162.3 66.189.0.100 24.217.201.67
    TCP: Interfaces\{0738DF8C-C989-4785-8407-766BD64B3419} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\0596C6F64702839383 : DHCPNameServer = 192.168.48.1
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\358616D656B6160275962756C656373713 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\3594D4F4E40275966496 : DHCPNameServer = 172.16.129.1
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\6656E67697 : DHCPNameServer = 192.168.2.1 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\7616274656E63713 : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\A63607027796D26696 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{A0670580-BBBF-4FCD-AFA1-4F3D93A7ED54}\E45445745414256383 : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-7-19 204288]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-25 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-25 682344]
    R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
    R2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-7-19 116752]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-25 24176]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-19 38096]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-7-19 1109096]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-19 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
    R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe /s --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [?]
    S2 PCCUJobMgr;Common Client Job Manager Service;"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [?]
    S3 FlyUsb;FLY Fusion;C:\windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-19 250984]
    S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-19 307304]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-4-14 103336]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-18 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-22 18:03:28 -------- d-----w- C:\Users\Alana\AppData\Local\{F04E1962-A0B6-47E6-9B2C-9AA83C5A0AC1}
    2013-01-22 18:03:27 -------- d-----w- C:\Users\Alana\AppData\Local\{4A5DFDA6-58FF-461B-9B5A-64EF8516079F}
    2013-01-09 05:55:47 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2012-12-30 00:52:04 -------- d-----w- C:\Users\Alana\AppData\Local\Programs
    2012-12-27 20:52:20 -------- d-----w- C:\Users\Alana\AppData\Local\Amazon
    .
    ==================== Find3M ====================
    .
    2013-01-09 20:25:27 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 20:25:27 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-12-04 02:25:04 60304 ----a-w- C:\Users\Alana\g2mdlhlpx.exe
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-11-16 04:33:24 111968 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    .
    ============= FINISH: 20:49:40.86 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/16/2011 12:30:03 PM
    System Uptime: 1/20/2013 3:57:11 AM (113 hours ago)
    .
    Motherboard: AMD | | Torpedo
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 425.212 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP140: 1/23/2013 6:31:37 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    1ClickDownloader
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4) MUI
    Amazon Kindle
    Amazon Links
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATI Catalyst Install Manager
    AVG 2013
    Bejeweled 3
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HD Audio
    Coupon Printer for Windows
    Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    D3DX10
    DVD Shrink 3.2
    DVDFab 8.1.3.2 (31/10/2011) Qt
    EPSON Printer Software
    EPSON Scan
    FATE - The Traitor Soul
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.3.0.977
    HP Photo Creations
    HP Photosmart Plus B210 series Basic Device Software
    HP Photosmart Plus B210 series Help
    HP Update
    iCloud
    IIS 7.5 Express
    IIS URL Rewrite Module 2
    ImgBurn
    inFlow Inventory
    inFlow Inventory 64-bit
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 20
    JavaFX 2.1.1
    Jewel Quest: The Sleepless Star - Collector's Edition
    Junk Mail filter update
    [email protected] 1.0
    LeapFrog Connect
    LeapFrog Tag Plugin
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Application Request Routing 2.5
    Microsoft ASP.NET Web Pages
    Microsoft Default Manager
    Microsoft External Cache Version 1 for IIS 7
    Microsoft Help Viewer 1.1
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Reader
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (INFLOWSQL)
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL Compiler Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 4.0 Web Tools ENU
    Microsoft SQL Server Compact 4.0 x64 ENU
    Microsoft SQL Server Data Tools
    Microsoft SQL Server Data Tools - enu
    Microsoft SQL Server Data Tools Build Utilities
    Microsoft SQL Server Management Objects Collection
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Shell (Integrated) - ENU
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Web Deploy 2.0
    Microsoft Web Farm Framework
    Microsoft Web Platform Installer 3.0
    Microsoft WebMatrix
    MobileMe Control Panel
    MSVCRT
    MSVCRT_amd64
    MySQL Connector Net 6.3.7
    MySQL Server 5.1
    NOOK for PC
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Polar Bowler
    Prerequisites for SSDT
    QuickTime
    Realtek USB 2.0 Reader Driver
    Realtek WLAN Driver
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Launcher
    Smilebox
    StumbleUpon IE Toolbar
    Synaptics Pointing Device Driver
    Tom Clancy's Splinter Cell
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    ToshibaRegistration
    Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514)
    Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    Video Booth
    Visual Studio 2010 x64 Redistributables
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WMV9/VC-1 Video Playback
    XnView 1.98.8
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/24/2013 12:32:01 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    1/23/2013 6:31:16 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    1/23/2013 6:28:03 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    1/22/2013 7:19:56 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 9C-8E-99-F7-05-3B. Network operations on this system may be disrupted as a result.
    1/21/2013 11:32:34 AM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user SlumberPartyPC\Alana (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    1/20/2013 5:46:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    .
    ==== End Of File ===========================


    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-30 19:28:41
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6475GSX rev.GT001M 596.17GB
    Running: tx6u0k9i.exe; Driver: C:\Users\Alana\AppData\Local\Temp\kfliruog.sys


    ---- Threads - GMER 2.0 ----

    Thread C:\windows\System32\svchost.exe [872:7936] 000007feff8f2070
    Thread C:\windows\System32\svchost.exe [1036:1504] 000007fefa7659a0
    Thread C:\windows\System32\svchost.exe [1036:1908] 000007fefcda1a70
    Thread C:\windows\System32\svchost.exe [1036:4272] 000007fef32d20c0
    Thread C:\windows\System32\svchost.exe [1036:4276] 000007fef32d26a8
    Thread C:\windows\System32\svchost.exe [1036:6140] 000007fef5a188f8
    Thread C:\windows\System32\svchost.exe [1036:6256] 000007fef56d44e0
    Thread C:\windows\System32\svchost.exe [1036:5688] 000007fef41642c8
    Thread C:\windows\System32\svchost.exe [1036:4552] 000007fef94c5fd0
    Thread C:\windows\System32\svchost.exe [1036:4864] 000007fef94c63ec
    Thread C:\windows\system32\svchost.exe [1076:3484] 000007fef4e584d8
    Thread C:\windows\system32\svchost.exe [1076:3600] 000007fef4e023a8
    Thread C:\windows\system32\svchost.exe [1076:3644] 000007fef4ec0d00
    Thread C:\windows\system32\svchost.exe [1076:3648] 000007fef4a39498
    Thread C:\windows\system32\svchost.exe [1076:5220] 000007fef95e5124
    Thread C:\windows\system32\svchost.exe [1076:6636] 000007fef136506c
    Thread C:\windows\system32\svchost.exe [1076:6640] 000007fef4431c20
    Thread C:\windows\system32\svchost.exe [1076:6648] 000007fef4431c20
    Thread C:\windows\system32\svchost.exe [1076:9468] 000007fee976cb70
    Thread C:\windows\system32\svchost.exe [1076:8880] 000007fef3685170
    Thread C:\windows\system32\svchost.exe [1076:9016] 000007fef3685170
    Thread C:\windows\system32\svchost.exe [1076:9360] 000007fee976cb70
    Thread C:\windows\system32\svchost.exe [1076:5528] 000007fef51517f8
    Thread C:\windows\system32\svchost.exe [1076:5352] 000007fef51517f8
    Thread C:\windows\system32\svchost.exe [1076:6764] 000007feff8d1ab0
    Thread C:\windows\system32\svchost.exe [1076:5172] 000007feff864164
    Thread C:\windows\system32\svchost.exe [1380:3020] 000007fef5a5bd88
    Thread C:\windows\system32\svchost.exe [1380:3176] 000007fef56783d8
    Thread C:\windows\system32\svchost.exe [1380:3180] 000007fef56783d8
    Thread C:\windows\system32\svchost.exe [1380:3184] 000007fef56783d8
    Thread C:\windows\system32\svchost.exe [1380:3188] 000007fef56783d8
    Thread C:\windows\system32\svchost.exe [1380:3552] 000007fef4cb3f1c
    Thread C:\windows\system32\svchost.exe [1380:3560] 000007fef4c81a38
    Thread C:\windows\system32\svchost.exe [1380:3572] 000007fef4a95388
    Thread C:\windows\system32\svchost.exe [1380:3580] 000007fef4a77738
    Thread C:\windows\system32\svchost.exe [1380:3596] 000007fef4a61f90
    Thread C:\windows\system32\svchost.exe [1380:4516] 000007fef95e5124
    Thread C:\windows\system32\svchost.exe [1380:8516] 000007fef3685170
    Thread C:\windows\system32\svchost.exe [1380:4600] 000007feff67341c
    Thread C:\windows\system32\svchost.exe [1380:9788] 000007feff673a2c
    Thread C:\windows\system32\svchost.exe [1380:4640] 000007feff675c20
    Thread C:\windows\System32\spoolsv.exe [1616:4052] 000007fef3f610c8
    Thread C:\windows\System32\spoolsv.exe [1616:4060] 000007fef3f26144
    Thread C:\windows\System32\spoolsv.exe [1616:4064] 000007fef94c5fd0
    Thread C:\windows\System32\spoolsv.exe [1616:4068] 000007fef3f03438
    Thread C:\windows\System32\spoolsv.exe [1616:4072] 000007fef94c63ec
    Thread C:\windows\System32\spoolsv.exe [1616:4076] 000007fef3f03438
    Thread C:\windows\System32\spoolsv.exe [1616:4080] 000007fef94c63ec
    Thread C:\windows\System32\spoolsv.exe [1616:3172] 000007fef7a75e5c
    Thread C:\windows\System32\spoolsv.exe [1616:3152] 000007fef4205074
    Thread C:\windows\System32\spoolsv.exe [1616:4108] 000007fef4272288
    Thread C:\windows\SysWOW64\ntdll.dll [1900:1904] 0000000000e2af60
    Thread C:\windows\SysWOW64\ntdll.dll [2084:2088] 0000000000f3be12
    Thread C:\windows\SysWOW64\ntdll.dll [2084:2328] 0000000000eea0d0
    Thread C:\windows\SysWOW64\ntdll.dll [2084:2372] 0000000000eecc70
    Thread C:\windows\system32\wbem\wmiprvse.exe [3884:6644] 000007fef4431c20
    Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4088:4152] 00000000700a473d
    Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4088:4164] 00000000700b5ced
    Thread [4724:4744] 000007fefeaba808
    Thread [4724:4748] 0000000077b1aec0
    Thread [4724:4752] 0000000077b1fbc0
    Thread [4724:10112] 0000000077b1fbc0
    Thread C:\windows\SysWOW64\ntdll.dll [5040:5044] 0000000000d62438
    Thread C:\windows\SysWOW64\ntdll.dll [5040:5792] 0000000000d607c6
    Thread C:\windows\SysWOW64\ntdll.dll [5252:5256] 000000000040103e
    Thread C:\windows\SysWOW64\ntdll.dll [5252:5324] 000000006f35a6e3
    Thread C:\windows\SysWOW64\ntdll.dll [5252:6068] 000000006f355548
    Thread C:\windows\SysWOW64\ntdll.dll [5532:5536] 000000000041661b
    Thread C:\windows\SysWOW64\ntdll.dll [5532:7412] 000000006f8532fb
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6920:2276] 000007fefb862a7c
    Thread C:\windows\SysWOW64\ntdll.dll [7348:7532] 0000000000422a1f
    Thread C:\windows\SysWOW64\ntdll.dll [7348:4384] 000000006f8532fb
    Thread C:\windows\SysWOW64\ntdll.dll [7348:7560] 000000006dabe7f5
    Thread C:\windows\SysWOW64\ntdll.dll [7348:1880] 000000006dabe7f5
    Thread C:\windows\SysWOW64\ntdll.dll [7348:5808] 000000006dabe7f5
    Thread C:\windows\SysWOW64\ntdll.dll [7348:1320] 000000006dabe7f5
    Thread C:\windows\SysWOW64\ntdll.dll [7348:992] 000000006dabe7f5
    Thread C:\windows\SysWOW64\ntdll.dll [7348:8036] 000000006dabe7f5
    Thread C:\windows\SysWOW64\ntdll.dll [7348:10132] 00000000733762ee
    Thread C:\windows\SysWOW64\ntdll.dll [4596:3044] 00000000004050de
    Thread C:\windows\SysWOW64\ntdll.dll [5360:8908] 00000000004050de

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E415CEDB-14FA-42D3-887C-3E51ED88F86D}\[email protected] isatap.{CAAD62C3-E250-4938-B779-AB92AB7165C0}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{46AAF49D-92E6-4D7E-96B3-8FDA1C5C017B}?\Device\{A8C33865-6700-4361-8786-610274597B93}?\Device\{E415CEDB-14FA-42D3-887C-3E51ED88F86D}?\Device\{020AE834-84EA-4EF6-95F8-75A17B580E85}?\Device\{5AE172BE-CA94-4A29-AEDF-1943C72A9CCD}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{46AAF49D-92E6-4D7E-96B3-8FDA1C5C017B}"?"{A8C33865-6700-4361-8786-610274597B93}"?"{E415CEDB-14FA-42D3-887C-3E51ED88F86D}"?"{020AE834-84EA-4EF6-95F8-75A17B580E85}"?"{5AE172BE-CA94-4A29-AEDF-1943C72A9CCD}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{46AAF49D-92E6-4D7E-96B3-8FDA1C5C017B}?\Device\TCPIP6TUNNEL_{A8C33865-6700-4361-8786-610274597B93}?\Device\TCPIP6TUNNEL_{E415CEDB-14FA-42D3-887C-3E51ED88F86D}?\Device\TCPIP6TUNNEL_{020AE834-84EA-4EF6-95F8-75A17B580E85}?\Device\TCPIP6TUNNEL_{5AE172BE-CA94-4A29-AEDF-1943C72A9CCD}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E415CEDB-14FA-42D3-887C-3E51ED88F86D}@InterfaceName isatap.{CAAD62C3-E250-4938-B779-AB92AB7165C0}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E415CEDB-14FA-42D3-887C-3E51ED88F86D}@ReusableType 0

    ---- EOF - GMER 2.0 ----
     
  2. Alaina

    Alaina Thread Starter

    Joined:
    Jan 24, 2013
    Messages:
    6
    Bump
     
  3. Alaina

    Alaina Thread Starter

    Joined:
    Jan 24, 2013
    Messages:
    6
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    sorry for the wait
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  5. Alaina

    Alaina Thread Starter

    Joined:
    Jan 24, 2013
    Messages:
    6
    # AdwCleaner v2.112 - Logfile created 02/20/2013 at 17:38:00
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Alana - SLUMBERPARTYPC
    # Boot Mode : Normal
    # Running from : C:\Users\Alana\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files (x86)\1ClickDownload
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\Alan Parsons\AppData\Local\AskToolbar
    Folder Found : C:\Users\Alan Parsons\AppData\Local\Temp\boost_interprocess
    Folder Found : C:\Users\Alana\AppData\Local\APN
    Folder Found : C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Folder Found : C:\Users\Alana\AppData\Local\Temp\AskSearch
    Folder Found : C:\Users\Alana\AppData\Local\Temp\boost_interprocess
    Folder Found : C:\Users\ronald\AppData\Local\AskToolbar
    Folder Found : C:\Users\ronald\AppData\Local\Temp\boost_interprocess

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\Ask.com.tmp
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\PIP
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Found : HKLM\Software\PIP
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\ronald\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2948 octets] - [20/02/2013 17:38:00]

    ########## EOF - C:\AdwCleaner[R1].txt - [3008 octets] ##########
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    however, if the problem is happening in Chrome as well as IE, then
    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  7. Alaina

    Alaina Thread Starter

    Joined:
    Jan 24, 2013
    Messages:
    6
    # AdwCleaner v2.112 - Logfile created 02/21/2013 at 20:33:42
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Alana - SLUMBERPARTYPC
    # Boot Mode : Normal
    # Running from : C:\Users\Alana\Downloads\AdwCleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\1ClickDownload
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Alan Parsons\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Alan Parsons\AppData\Local\Temp\boost_interprocess
    Folder Deleted : C:\Users\Alana\AppData\Local\APN
    Folder Deleted : C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Folder Deleted : C:\Users\Alana\AppData\Local\Temp\AskSearch
    Folder Deleted : C:\Users\Alana\AppData\Local\Temp\boost_interprocess
    Folder Deleted : C:\Users\ronald\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\ronald\AppData\Local\Temp\boost_interprocess

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Ask.com.tmp
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
    Key Deleted : HKLM\SOFTWARE\Software
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\ronald\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3073 octets] - [20/02/2013 17:38:00]
    AdwCleaner[S1].txt - [3080 octets] - [21/02/2013 20:33:42]

    ########## EOF - C:\AdwCleaner[S1].txt - [3140 octets] ##########
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    how is it now
    are you still getting any problems, and if you are which browser are they happening in
     
  9. Alaina

    Alaina Thread Starter

    Joined:
    Jan 24, 2013
    Messages:
    6
    The gross pictures are gone and I haven't noticed any of the randomly hyperlinked words. Thank you so much for your help. :)
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087620

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice