win 7 home security 2011 removal attempt

[berner]

.

DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK

Run by ben at 21:00:27.15 on Mon 05/02/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2284 [GMT -7:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\ben\AppData\Local\cox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\ben\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\PC Tools Security\pctsGui.exe

C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe

C:\Program Files (x86)\PC Tools Security\pctsSvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\ben\Desktop\Defogger(1).exe

C:\windows\system32\conhost.exe

C:\windows\system32\NOTEPAD.EXE

C:\Users\ben\Downloads\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.yahoo.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Google Update] "C:\Users\ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [HLBackupScheduler] "C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe"

uRun: [googletalk] "C:\Users\ben\AppData\Roaming\Google\Google Talk\googletalk.exe" /autostart

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Audiogalaxy] "C:\Users\ben\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup

uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart

mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"

mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"

mRun: [DATAMNGR] "C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [bYR_AGENT] "C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [MyWebSearch bar Uninstall] "rundll32" C:\PROGRA~2\UNINST~1.DLL,O -3

StartupFolder: C:\Users\ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe

StartupFolder: C:\Users\ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll c:\progra~2\google\gobca7~1\go36f4~1.dll

BHO-X64: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [(Default)]

mRun-x64: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"

mRun-x64: [smartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun-x64: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun-x64: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"

mRun-x64: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"

mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

mRun-x64: [Logitech Download Assistant] "C:\Windows\system32\rundll32.exe" C:\Windows\System32\LogiLDA.dll,LogiFetch

mRun-x64: [EvtMgr6] "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming

AppInit_DLLs-X64: c:\progra~2\imesha~1\mediabar\datamngr\x64\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\x64\iebho.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\q2qby8mg.default\

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm694YYUS&ptb=0Ute3xRGZ41qoe6yV3mEoA&ind=2011030722&ptnrS=ZRxdm694YYUS&si=71080&n=77dde4c2&psa=&st=kwd&searchfor=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\ben\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Users\ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-3-28 257232]

R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-3-28 452872]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-3-28 816016]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-3-28 366840]

R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-3-28 1150936]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-1-9 3275112]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]

R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-4-28 932384]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-20 202752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

S2 Firefox Service;Firefox Service;C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\akqyz9sk.default\extensions\startup.service@mozilla.com\svc.exe [2011-3-17 83456]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]

S2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

S2 ssfmonm;ssfmonm;C:\Windows\System32\drivers\ssfmonm.sys [2011-1-9 55360]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-1-9 3888696]

S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-9-20 6403072]

S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 188928]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-21 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-25 30192]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-9-20 35008]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-20 239136]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-20 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-15 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-05-03 01:41:05 -------- d-----w- C:\Users\ben\AppData\Local\ElevatedDiagnostics

2011-05-02 00:42:20 1687552 --sha-w- C:\Users\ben\AppData\Local\cox.exe

2011-05-01 16:01:54 586752 --sha-w- C:\Users\ben\AppData\Local\veb.exe

2011-04-30 22:22:55 -------- d-----w- C:\Program Files (x86)\MySQL

2011-04-30 22:22:53 -------- d-----w- C:\PROGRA~3\MySQL

2011-04-29 13:57:38 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{31417AB0-9BB5-46F7-ABE2-57AB7A275B75}\mpengine.dll

2011-04-25 02:38:21 -------- d-----w- C:\Users\ben\AppData\Local\Audiogalaxy

2011-04-22 16:12:25 -------- d-----w- C:\Users\ben\AppData\Local\{270BCDC4-4760-4AF7-A8BA-4CF213F3E733}

2011-04-21 23:10:01 -------- d-----w- C:\Program Files (x86)\Yontoo Layers

2011-04-21 23:10:01 -------- d-----w- C:\PROGRA~3\Tarma Installer

2011-04-21 23:09:30 -------- d-----w- C:\PROGRA~3\Premium

2011-04-21 23:09:30 -------- d-----w- C:\PROGRA~3\InstallMate

2011-04-21 21:57:31 -------- d-----w- C:\Program Files (x86)\Minecraft PC Gamer Demo

2011-04-20 16:06:26 -------- d-----w- C:\Program Files\iPod

2011-04-20 16:06:20 -------- d-----w- C:\Program Files\iTunes

2011-04-20 16:03:16 -------- d-----w- C:\Program Files\Bonjour

2011-04-20 16:03:16 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-04-19 18:27:44 -------- d-----w- C:\Users\ben\AppData\Local\Evernote

2011-04-19 18:27:03 -------- d-----w- C:\Program Files (x86)\Evernote

2011-04-18 15:34:19 -------- d-----w- C:\Program Files (x86)\Transparent

2011-04-18 15:33:15 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2011-04-18 15:33:15 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2011-04-18 15:33:15 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2011-04-18 15:33:15 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2011-04-18 15:33:14 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2011-04-18 15:33:13 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2011-04-18 15:33:13 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2011-04-17 01:03:06 960560 ----a-w- C:\Users\ben\AppData\Local\RetrogamerAuto.exe

2011-04-16 23:21:42 53248 ----a-r- C:\Users\ben\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-04-16 23:21:28 -------- d-----w- C:\Users\ben\AppData\Local\Logishrd

2011-04-16 02:17:49 -------- d-----w- C:\windows\System32\SPReview

2011-04-16 02:15:45 -------- d-----w- C:\windows\System32\EventProviders

2011-04-16 01:50:58 444752 ----a-w- C:\windows\System32\mscoree.dll

2011-04-16 01:49:58 861696 ----a-w- C:\windows\System32\oleaut32.dll

2011-04-16 01:48:59 509952 ----a-w- C:\windows\System32\ntshrui.dll

2011-04-16 01:47:59 94592 ----a-w- C:\windows\System32\drivers\mountmgr.sys

2011-04-16 01:46:59 98304 ----a-w- C:\windows\SysWow64\nslookup.exe

2011-04-16 01:45:59 5120 ----a-w- C:\windows\System32\msdxm.ocx

2011-04-16 01:44:56 189952 ----a-w- C:\windows\SysWow64\wdscore.dll

2011-04-16 01:44:55 209920 ----a-w- C:\windows\SysWow64\PkgMgr.exe

2011-04-16 01:44:29 323072 ----a-w- C:\windows\SysWow64\drvstore.dll

2011-04-16 01:44:28 257024 ----a-w- C:\windows\SysWow64\dpx.dll

2011-04-16 01:44:18 363008 ----a-w- C:\windows\SysWow64\wbemcomn.dll

2011-04-16 01:44:17 606208 ----a-w- C:\windows\SysWow64\wbem\fastprox.dll

2011-04-16 01:39:41 529408 ----a-w- C:\windows\System32\wbemcomn.dll

2011-04-16 01:39:41 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll

2011-04-16 01:39:41 1225216 ----a-w- C:\windows\System32\wbem\wbemcore.dll

2011-04-16 01:39:21 933376 ----a-w- C:\windows\System32\SmiEngine.dll

2011-04-16 01:39:10 199168 ----a-w- C:\windows\System32\PkgMgr.exe

2011-04-16 01:38:10 422912 ----a-w- C:\windows\System32\drvstore.dll

2011-04-16 01:38:09 399872 ----a-w- C:\windows\System32\dpx.dll

2011-04-15 22:41:11 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2011-04-15 22:41:11 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2011-04-15 22:41:08 3135488 ----a-w- C:\windows\System32\win32k.sys

2011-04-15 22:41:06 1359872 ----a-w- C:\windows\System32\mfc42u.dll

2011-04-15 22:41:05 1395712 ----a-w- C:\windows\System32\mfc42.dll

2011-04-15 22:41:04 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll

2011-04-15 22:41:04 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll

2011-04-15 22:41:02 467456 ----a-w- C:\windows\System32\drivers\srv.sys

2011-04-15 22:41:01 411648 ----a-w- C:\windows\System32\drivers\srv2.sys

2011-04-15 22:41:01 167936 ----a-w- C:\windows\System32\drivers\srvnet.sys

2011-04-11 23:20:18 -------- d-----w- C:\Pesterchum

2011-04-11 02:23:26 -------- d-----w- C:\ubuntu

2011-04-11 01:49:52 -------- d-----w- C:\Users\ben\AppData\Local\Macroplant

2011-04-11 00:19:04 -------- d-----w- C:\Program Files (x86)\iPhone Explorer

2011-04-06 23:26:58 96544 ----a-w- C:\windows\System32\dnssd.dll

2011-04-06 23:26:58 69408 ----a-w- C:\windows\System32\jdns_sd.dll

2011-04-06 23:26:58 237856 ----a-w- C:\windows\System32\dnssdX.dll

2011-04-06 23:26:58 119584 ----a-w- C:\windows\System32\dns-sd.exe

2011-04-06 23:20:16 91424 ----a-w- C:\windows\SysWow64\dnssd.dll

2011-04-06 23:20:16 75040 ----a-w- C:\windows\SysWow64\jdns_sd.dll

2011-04-06 23:20:16 197920 ----a-w- C:\windows\SysWow64\dnssdX.dll

2011-04-06 23:20:16 107808 ----a-w- C:\windows\SysWow64\dns-sd.exe

2011-04-06 22:33:46 -------- d-----w- C:\Users\ben\AppData\Local\Yahoo

2011-04-06 22:29:55 -------- d-----w- C:\Program Files (x86)\Yahoo!

2011-04-05 01:31:49 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2011-04-04 01:13:16 -------- d-----w- C:\Users\ben\AppData\Roaming\com.amazon.music.uploader

.

==================== Find3M ====================

.

2011-04-20 16:11:58 160121 ----a-w- C:\InformationalData.tmp

2011-04-20 16:11:58 13550 ----a-w- C:\DetectionData.tmp

2011-04-20 02:37:53 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-04-16 23:19:57 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys

2011-04-16 02:58:56 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

2011-04-16 02:58:55 175616 ----a-w- C:\windows\System32\msclmd.dll

2011-04-05 01:30:50 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2011-04-05 01:30:50 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2011-03-12 12:08:49 1465344 ----a-w- C:\windows\System32\XpsPrint.dll

2011-03-12 11:23:45 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll

2011-03-11 06:41:37 189824 ----a-w- C:\windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys

2011-03-11 06:33:29 2565632 ----a-w- C:\windows\System32\esent.dll

2011-03-11 06:30:28 96768 ----a-w- C:\windows\System32\fsutil.exe

2011-03-11 05:33:09 1699328 ----a-w- C:\windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\windows\SysWow64\fsutil.exe

2011-03-10 02:44:08 14952 ----a-w- C:\windows\System32\drivers\iPodDrv.sys

2011-03-08 06:29:32 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-03-04 06:19:28 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe

2011-02-25 06:19:30 2871808 ----a-w- C:\windows\explorer.exe

2011-02-25 05:30:54 2616320 ----a-w- C:\windows\SysWow64\explorer.exe

2011-02-23 04:56:31 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys

2011-02-23 04:55:12 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\windows\System32\drivers\bowser.sys

2011-02-22 23:51:58 4280320 ----a-w- C:\windows\SysWow64\GPhotos.scr

2011-02-19 12:05:15 1139200 ----a-w- C:\windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\windows\System32\d2d1.dll

2011-02-19 12:03:46 46080 ----a-w- C:\windows\System32\atmlib.dll

2011-02-19 09:00:32 367616 ----a-w- C:\windows\System32\atmfd.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\windows\SysWow64\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- C:\windows\SysWow64\atmfd.dll

2011-02-19 00:36:58 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys

2011-02-19 00:36:58 4184352 ----a-w- C:\windows\System32\usbaaplrc.dll

2011-02-18 10:51:16 31232 ----a-w- C:\windows\System32\prevhost.exe

2011-02-18 05:39:44 31232 ----a-w- C:\windows\SysWow64\prevhost.exe

2011-02-12 11:34:16 267776 ----a-w- C:\windows\System32\FXSCOVER.exe

2011-02-05 17:10:16 642944 ----a-w- C:\windows\System32\winload.efi

2011-02-05 17:10:08 20352 ----a-w- C:\windows\System32\kdusb.dll

2011-02-05 17:10:08 19328 ----a-w- C:\windows\System32\kd1394.dll

2011-02-05 17:10:08 17792 ----a-w- C:\windows\System32\kdcom.dll

2011-02-05 17:06:41 605552 ----a-w- C:\windows\System32\winload.exe

2011-02-05 17:06:41 566208 ----a-w- C:\windows\System32\winresume.efi

2011-02-05 17:06:41 518672 ----a-w- C:\windows\System32\winresume.exe

2011-02-03 01:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe

.

============= FINISH: 21:01:49.45 ===============

[LDTate]

Logs will be closed if you haven't replied within 3 days

Looks like you're running 2 anti-virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Webroot AntiVirus with Spy Sweeper

Spyware Doctor with AntiVirus

After the above:

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista / Windows7 Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[berner]

a friend of mine got rid of the virus already

[LDTate]

Glad you got it fixed.

Thank you for taking the time to post back and letting us know

Peace be with you

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!