Jump to content


Photo
- - - - -

win 7 home security 2011 removal attempt


  • This topic is locked This topic is locked
4 replies to this topic

#1 berner

berner

    New Member

  • Members
  • Pip
  • 2 posts

Posted 03 May 2011 - 08:05 PM

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by ben at 21:00:27.15 on Mon 05/02/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2284 [GMT -7:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\ben\AppData\Local\cox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ben\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\ben\Desktop\Defogger(1).exe
C:\windows\system32\conhost.exe
C:\windows\system32\NOTEPAD.EXE
C:\Users\ben\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HLBackupScheduler] "C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe"
uRun: [googletalk] "C:\Users\ben\AppData\Roaming\Google\Google Talk\googletalk.exe" /autostart
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Audiogalaxy] "C:\Users\ben\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [DATAMNGR] "C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BYR_AGENT] "C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [MyWebSearch bar Uninstall] "rundll32" C:\PROGRA~2\UNINST~1.DLL,O -3
StartupFolder: C:\Users\ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
StartupFolder: C:\Users\ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll c:\progra~2\google\gobca7~1\go36f4~1.dll
BHO-X64: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [(Default)]
mRun-x64: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
mRun-x64: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
mRun-x64: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
mRun-x64: [Logitech Download Assistant] "C:\Windows\system32\rundll32.exe" C:\Windows\System32\LogiLDA.dll,LogiFetch
mRun-x64: [EvtMgr6] "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
AppInit_DLLs-X64: c:\progra~2\imesha~1\mediabar\datamngr\x64\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\x64\iebho.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\q2qby8mg.default\
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm694YYUS&ptb=0Ute3xRGZ41qoe6yV3mEoA&ind=2011030722&ptnrS=ZRxdm694YYUS&si=71080&n=77dde4c2&psa=&st=kwd&searchfor=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\ben\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-3-28 257232]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-3-28 452872]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-3-28 816016]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-3-28 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-3-28 1150936]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-1-9 3275112]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-4-28 932384]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-20 202752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 Firefox Service;Firefox Service;C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\akqyz9sk.default\extensions\startup.service@mozilla.com\svc.exe [2011-3-17 83456]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]
S2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
S2 ssfmonm;ssfmonm;C:\Windows\System32\drivers\ssfmonm.sys [2011-1-9 55360]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-1-9 3888696]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-9-20 6403072]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 188928]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-25 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-9-20 35008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-20 239136]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-20 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-03 01:41:05 -------- d-----w- C:\Users\ben\AppData\Local\ElevatedDiagnostics
2011-05-02 00:42:20 1687552 --sha-w- C:\Users\ben\AppData\Local\cox.exe
2011-05-01 16:01:54 586752 --sha-w- C:\Users\ben\AppData\Local\veb.exe
2011-04-30 22:22:55 -------- d-----w- C:\Program Files (x86)\MySQL
2011-04-30 22:22:53 -------- d-----w- C:\PROGRA~3\MySQL
2011-04-29 13:57:38 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{31417AB0-9BB5-46F7-ABE2-57AB7A275B75}\mpengine.dll
2011-04-25 02:38:21 -------- d-----w- C:\Users\ben\AppData\Local\Audiogalaxy
2011-04-22 16:12:25 -------- d-----w- C:\Users\ben\AppData\Local\{270BCDC4-4760-4AF7-A8BA-4CF213F3E733}
2011-04-21 23:10:01 -------- d-----w- C:\Program Files (x86)\Yontoo Layers
2011-04-21 23:10:01 -------- d-----w- C:\PROGRA~3\Tarma Installer
2011-04-21 23:09:30 -------- d-----w- C:\PROGRA~3\Premium
2011-04-21 23:09:30 -------- d-----w- C:\PROGRA~3\InstallMate
2011-04-21 21:57:31 -------- d-----w- C:\Program Files (x86)\Minecraft PC Gamer Demo
2011-04-20 16:06:26 -------- d-----w- C:\Program Files\iPod
2011-04-20 16:06:20 -------- d-----w- C:\Program Files\iTunes
2011-04-20 16:03:16 -------- d-----w- C:\Program Files\Bonjour
2011-04-20 16:03:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-19 18:27:44 -------- d-----w- C:\Users\ben\AppData\Local\Evernote
2011-04-19 18:27:03 -------- d-----w- C:\Program Files (x86)\Evernote
2011-04-18 15:34:19 -------- d-----w- C:\Program Files (x86)\Transparent
2011-04-18 15:33:15 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-04-18 15:33:15 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-04-18 15:33:15 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-04-18 15:33:15 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-04-18 15:33:14 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-04-18 15:33:13 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-04-18 15:33:13 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-04-17 01:03:06 960560 ----a-w- C:\Users\ben\AppData\Local\RetrogamerAuto.exe
2011-04-16 23:21:42 53248 ----a-r- C:\Users\ben\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-16 23:21:28 -------- d-----w- C:\Users\ben\AppData\Local\Logishrd
2011-04-16 02:17:49 -------- d-----w- C:\windows\System32\SPReview
2011-04-16 02:15:45 -------- d-----w- C:\windows\System32\EventProviders
2011-04-16 01:50:58 444752 ----a-w- C:\windows\System32\mscoree.dll
2011-04-16 01:49:58 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-04-16 01:48:59 509952 ----a-w- C:\windows\System32\ntshrui.dll
2011-04-16 01:47:59 94592 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2011-04-16 01:46:59 98304 ----a-w- C:\windows\SysWow64\nslookup.exe
2011-04-16 01:45:59 5120 ----a-w- C:\windows\System32\msdxm.ocx
2011-04-16 01:44:56 189952 ----a-w- C:\windows\SysWow64\wdscore.dll
2011-04-16 01:44:55 209920 ----a-w- C:\windows\SysWow64\PkgMgr.exe
2011-04-16 01:44:29 323072 ----a-w- C:\windows\SysWow64\drvstore.dll
2011-04-16 01:44:28 257024 ----a-w- C:\windows\SysWow64\dpx.dll
2011-04-16 01:44:18 363008 ----a-w- C:\windows\SysWow64\wbemcomn.dll
2011-04-16 01:44:17 606208 ----a-w- C:\windows\SysWow64\wbem\fastprox.dll
2011-04-16 01:39:41 529408 ----a-w- C:\windows\System32\wbemcomn.dll
2011-04-16 01:39:41 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2011-04-16 01:39:41 1225216 ----a-w- C:\windows\System32\wbem\wbemcore.dll
2011-04-16 01:39:21 933376 ----a-w- C:\windows\System32\SmiEngine.dll
2011-04-16 01:39:10 199168 ----a-w- C:\windows\System32\PkgMgr.exe
2011-04-16 01:38:10 422912 ----a-w- C:\windows\System32\drvstore.dll
2011-04-16 01:38:09 399872 ----a-w- C:\windows\System32\dpx.dll
2011-04-15 22:41:11 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-04-15 22:41:11 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-04-15 22:41:08 3135488 ----a-w- C:\windows\System32\win32k.sys
2011-04-15 22:41:06 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-04-15 22:41:05 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-04-15 22:41:04 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-04-15 22:41:04 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-04-15 22:41:02 467456 ----a-w- C:\windows\System32\drivers\srv.sys
2011-04-15 22:41:01 411648 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-04-15 22:41:01 167936 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-04-11 23:20:18 -------- d-----w- C:\Pesterchum
2011-04-11 02:23:26 -------- d-----w- C:\ubuntu
2011-04-11 01:49:52 -------- d-----w- C:\Users\ben\AppData\Local\Macroplant
2011-04-11 00:19:04 -------- d-----w- C:\Program Files (x86)\iPhone Explorer
2011-04-06 23:26:58 96544 ----a-w- C:\windows\System32\dnssd.dll
2011-04-06 23:26:58 69408 ----a-w- C:\windows\System32\jdns_sd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-04-06 22:33:46 -------- d-----w- C:\Users\ben\AppData\Local\Yahoo
2011-04-06 22:29:55 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-04-05 01:31:49 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-04-04 01:13:16 -------- d-----w- C:\Users\ben\AppData\Roaming\com.amazon.music.uploader
.
==================== Find3M ====================
.
2011-04-20 16:11:58 160121 ----a-w- C:\InformationalData.tmp
2011-04-20 16:11:58 13550 ----a-w- C:\DetectionData.tmp
2011-04-20 02:37:53 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-04-16 23:19:57 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2011-04-16 02:58:56 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-04-16 02:58:55 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-04-05 01:30:50 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-04-05 01:30:50 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2011-03-11 06:33:29 2565632 ----a-w- C:\windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\windows\System32\fsutil.exe
2011-03-11 05:33:09 1699328 ----a-w- C:\windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2011-03-10 02:44:08 14952 ----a-w- C:\windows\System32\drivers\iPodDrv.sys
2011-03-08 06:29:32 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-02-25 06:19:30 2871808 ----a-w- C:\windows\explorer.exe
2011-02-25 05:30:54 2616320 ----a-w- C:\windows\SysWow64\explorer.exe
2011-02-23 04:56:31 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-02-23 04:55:12 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-02-22 23:51:58 4280320 ----a-w- C:\windows\SysWow64\GPhotos.scr
2011-02-19 12:05:15 1139200 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-19 00:36:58 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-02-19 00:36:58 4184352 ----a-w- C:\windows\System32\usbaaplrc.dll
2011-02-18 10:51:16 31232 ----a-w- C:\windows\System32\prevhost.exe
2011-02-18 05:39:44 31232 ----a-w- C:\windows\SysWow64\prevhost.exe
2011-02-12 11:34:16 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-02-05 17:10:16 642944 ----a-w- C:\windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\windows\System32\winresume.exe
2011-02-03 01:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 21:01:49.45 ===============

#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 05 May 2011 - 08:48 PM

Posted Image

Logs will be closed if you haven't replied within 3 days

Looks like you're running 2 anti-virus programs.



Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.


1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove either:
Webroot AntiVirus with Spy Sweeper
Spyware Doctor with AntiVirus


After the above:

Please don't attach the scans / logs for these tools, use "copy/paste".


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista / Windows7 Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.



Please do not delete anything unless instructed to.



I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache
http://www.java.com/...lugin_cache.xml


Next:
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste".
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 berner

berner

    New Member

  • Members
  • Pip
  • 2 posts

Posted 05 May 2011 - 08:50 PM

a friend of mine got rid of the virus already

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 05 May 2011 - 08:52 PM

Glad you got it fixed.

Thank you for taking the time to post back and letting us know
Peace be with you
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 05 May 2011 - 08:54 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users