Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 repeated crashes, BSOD


  • This topic is locked This topic is locked
16 replies to this topic

#1 SixOClock

SixOClock

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2011 - 06:12 PM

I'm using a Toshiba Satellite Notebook purchased new in December 2009, running Windows Home Premium 7 (64 Bit).

I run Spybot S&D's TeaTimer security function and scan with MalwareBytes.

My laptop has been suffering from occasional bluescreens for months, but I've tended to ignore them because they haven't been a massive problem, but system crashes are becoming frequent enough now that I'm concerned. I use Winamp as a media player, and though I've uninstalled and reinstalled it several times, it still crashes often, sometimes seemingly taking the entire system with it (screen freezes, sound slows down and eventually makes a blaring noise until I shut the computer down by holding the power button). Here is the crash data from the latest Winamp crash (Windows itself stayed functional in this instance).

Problem signature:
Problem Event Name: APPCRASH
Application Name: winamp.exe
Application Version: 5.6.0.3091
Application Timestamp: 4d00b3a0
Fault Module Name: in_wm.dll
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4d00b3b8
Exception Code: c0000005
Exception Offset: 0001d812
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 4105
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Windows Defender also says that my nVidia graphics driver has failed 6 times. Here's that info on my card.

NVIDIA System Information report created on: 03/01/2011 18:00:54
System name: SIXER

[Display]
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz (2527 MHz)
Operating System: Windows 7 Home Premium, 64-bit
DirectX version: 11.0
GPU processor: GeForce G210M
Driver version: 186.42
Stream processors: 16
Core clock: 606 MHz
Shader clock: 1468 MHz
Memory clock: 790 MHz (1580 MHz data rate)
Memory interface: 64-bit
Total available graphics memory: 2286 MB
Dedicated video memory: 512 MB
System video memory: 0 MB
Shared system memory: 1774 MB
Video BIOS version: 70.18.28.00.0E
IRQ: 16
Bus: PCI Express x1

[Components]

nvCplUIR.dll 2.5.401.01 NVIDIA Control Panel
nvCpl.cpl 2.5.401.01 NVIDIA Control Panel Applet
nvCplUI.exe 2.5.401.01 NVIDIA Control Panel
nvViTvSR.dll 8.15.11.8642 NVIDIA Video and TV Server
nvViTvS.dll 8.15.11.8642 NVIDIA Video and TV Server
nvDispSR.dll 8.15.11.8642 NVIDIA Display Server
NVMCTRAY.DLL 8.15.11.8642 NVIDIA Media Center Library
nvDispS.dll 8.15.11.8642 NVIDIA Display Server
NVCPL.DLL 8.15.11.8642 NVIDIA Compatible Windows7 Display driver, Version 186.42
PhysX 909.04.28 NVIDIA PhysX
NVCUDA.DLL 8.15.11.8642 NVIDIA CUDA 2.2 driver
nvGameSR.dll 8.15.11.8642 NVIDIA 3D Settings Server
nvGameS.dll 8.15.11.8642 NVIDIA 3D Settings Server

-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:50 AM, on 05/03/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LvOXPiejlWtK] C:\Users\JMFRAN~1\AppData\Local\Temp\dd4buzfb3.exe
O4 - HKCU\..\Run: [LvOXPiejlqf] C:\Users\JMFRAN~1\AppData\Local\Temp\user.exe
O4 - HKCU\..\Run: [LvEhplZkfgre] C:\Users\JM Francheteau\AppData\Local\Temp\user.exe
O4 - HKCU\..\Run: [LvEhplZkfgnbdc] C:\Users\JM Francheteau\AppData\Local\Temp\dd4buzfb3.exe
O4 - HKCU\..\Run: [LvOXPiejlkc] C:\Users\JMFRAN~1\AppData\Local\Temp\cmd.exe
O4 - HKCU\..\Run: [LvEhplZkfgnZ] C:\Users\JM Francheteau\AppData\Local\Temp\cmd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11035 bytes



I'm new and a bit of a klutz with technology, but I'll do my best to keep up with any help you might offer.

==================================================
Dump File : 022411-19000-01.dmp
Crash Time : 24/02/2011 3:25:53 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`046f1060
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`07d76c10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\022411-19000-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 730,608
==================================================

==================================================
Dump File : 021711-24289-01.dmp
Crash Time : 17/02/2011 4:30:13 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`02e725fa
Parameter 3 : fffff880`09611a20
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+25fa
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\021711-24289-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 291,016
==================================================

==================================================
Dump File : 012511-15958-01.dmp
Crash Time : 25/01/2011 1:26:12 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0470e060
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`044e2c10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\012511-15958-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 738,800
==================================================

==================================================
Dump File : 012111-27736-01.dmp
Crash Time : 21/01/2011 4:50:43 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0847a2e0
Parameter 2 : fffff880`05088f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\012111-27736-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,455,224
==================================================

==================================================
Dump File : 011211-17799-01.dmp
Crash Time : 12/01/2011 5:44:48 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0764d4e0
Parameter 2 : fffff880`05051f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\011211-17799-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,556,416
==================================================

==================================================
Dump File : 011111-17300-01.dmp
Crash Time : 11/01/2011 11:00:18 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`07f4c4e0
Parameter 2 : fffff880`05063f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\011111-17300-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,491,704
==================================================

==================================================
Dump File : 121410-18673-01.dmp
Crash Time : 14/12/2010 12:59:04 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041287
Parameter 2 : 00000000`05e63db0
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\121410-18673-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 291,016
==================================================

==================================================
Dump File : 111810-28719-01.dmp
Crash Time : 18/11/2010 8:45:26 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`046f0a20
Parameter 3 : fffff800`04a044d8
Parameter 4 : fffffa80`04109810
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\111810-28719-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 730,608
==================================================

==================================================
Dump File : 111410-17269-01.dmp
Crash Time : 14/11/2010 4:36:59 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`060c1180
Parameter 2 : fffff880`088b8f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\111410-17269-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,499,584
==================================================

==================================================
Dump File : 111210-16676-01.dmp
Crash Time : 12/11/2010 10:11:17 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`046ee060
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`04a788f0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\111210-16676-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 730,608
==================================================

==================================================
Dump File : 110610-19609-01.dmp
Crash Time : 06/11/2010 8:19:18 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`085184e0
Parameter 2 : fffff880`0501df90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\110610-19609-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,630,144
==================================================

==================================================
Dump File : 110210-17004-01.dmp
Crash Time : 02/11/2010 6:50:36 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0492c4e0
Parameter 2 : fffff880`04feff90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\110210-17004-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,562,888
==================================================

==================================================
Dump File : 102710-19812-01.dmp
Crash Time : 27/10/2010 12:46:07 AM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`07e5a010
Parameter 2 : fffff880`04e11f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\102710-19812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,458,608
==================================================

==================================================
Dump File : 102510-17955-01.dmp
Crash Time : 25/10/2010 11:06:10 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`046d0a20
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`0808f970
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\102510-17955-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 730,664
==================================================

==================================================
Dump File : 102410-17737-01.dmp
Crash Time : 24/10/2010 2:16:31 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0470e060
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`048f8c10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\102410-17737-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 730,608
==================================================

==================================================
Dump File : 102010-32385-01.dmp
Crash Time : 20/10/2010 10:27:05 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`04711060
Parameter 3 : fffff800`049af4d8
Parameter 4 : fffffa80`03ec0c10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\102010-32385-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 730,608
==================================================

==================================================
Dump File : 100710-17113-01.dmp
Crash Time : 07/10/2010 10:44:01 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`05fa44e0
Parameter 2 : fffff880`05084f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\100710-17113-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,452,224
==================================================

==================================================
Dump File : 090610-33867-01.dmp
Crash Time : 06/09/2010 9:57:10 AM
Bug Check String : REGISTRY_ERROR
Bug Check Code : 0x00000051
Parameter 1 : 00000000`00000001
Parameter 2 : fffff8a0`00f37010
Parameter 3 : 00000000`9b4db26d
Parameter 4 : 00000000`0000102e
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\090610-33867-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 291,016
==================================================

==================================================
Dump File : 081810-18096-01.dmp
Crash Time : 18/08/2010 6:12:37 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`07170010
Parameter 2 : fffff880`05e56f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\081810-18096-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,469,768
==================================================

==================================================
Dump File : 081810-17144-01.dmp
Crash Time : 18/08/2010 10:35:38 AM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`07fb44e0
Parameter 2 : fffff880`05003f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\081810-17144-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,480,648
==================================================

==================================================
Dump File : 071910-18486-01.dmp
Crash Time : 19/07/2010 2:32:26 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`049a54e0
Parameter 2 : fffff880`050e2f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\071910-18486-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,499,248
==================================================

==================================================
Dump File : 052610-19515-01.dmp
Crash Time : 26/05/2010 12:52:56 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`04707060
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`03d4b9e0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70600
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\052610-19515-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,734,320
==================================================

==================================================
Dump File : 051310-17971-01.dmp
Crash Time : 13/05/2010 2:16:58 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`08064010
Parameter 2 : fffff880`05004f90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\051310-17971-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,451,168
==================================================

==================================================
Dump File : 050310-18080-01.dmp
Crash Time : 03/05/2010 11:33:02 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`046ef060
Parameter 3 : fffff800`049ae4d8
Parameter 4 : fffffa80`048b1560
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+71f00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\050310-18080-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,360,896
==================================================

Edited by boopme, 06 March 2011 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:12 AM

Posted 10 March 2011 - 04:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 10 March 2011 - 05:56 PM

No worries about the delay; I appreciate your time and assistance. I am running a 64-bit edition of Windows, so I skipped the GMER. My computer came preloaded with Windows 7, so I do not have a disc with the OS on it.

I use MalwareBytes as my anti-virus, and have run it several times since my initial complaint. My system seems vulnerable to bullbleep "anti-virus" programs that install themselves on my computer and then attempt to con me into buying their licenses (Win 7 Antispyware 2011 and Antimalware Doctor are the two I've gotten in the past).

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by JM Francheteau at 17:46:05.09 on 10/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4061.2207 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Real\RealPlayer\RecordingManager.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\JM Francheteau\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LvOXPiejlWtK] C:\Users\JMFRAN~1\AppData\Local\Temp\dd4buzfb3.exe
uRun: [LvOXPiejlqf] C:\Users\JMFRAN~1\AppData\Local\Temp\user.exe
uRun: [LvEhplZkfgre] C:\Users\JM Francheteau\AppData\Local\Temp\user.exe
uRun: [LvEhplZkfgnbdc] C:\Users\JM Francheteau\AppData\Local\Temp\dd4buzfb3.exe
uRun: [LvOXPiejlkc] C:\Users\JMFRAN~1\AppData\Local\Temp\cmd.exe
uRun: [LvEhplZkfgnZ] C:\Users\JM Francheteau\AppData\Local\Temp\cmd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JMFRAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\xyv8zi3c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\JM Francheteau\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: XULRunner: {7D1C62B0-B621-4A0D-9827-653833A79C46} - C:\Users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-11-7 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-10 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-1 140712]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-11-7 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-7 215040]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-7 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-21 135664]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-14 5435904]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-6 1255736]
.
=============== Created Last 30 ================
.
2011-03-10 18:28:42 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{5A82C854-5702-42E0-9033-F20ADA44F4AD}
2011-03-10 06:28:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A1165C2A-22E1-49C2-B313-D2E6DEDCE520}
2011-03-09 18:28:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C17BDDDD-11C2-4157-8D42-DF6F78335C03}
2011-03-09 06:27:34 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{8380B763-F2E6-4749-9235-B9A1BB02C0F6}
2011-03-08 16:49:19 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A457A319-C708-4E7A-972C-D8690CC4CD47}
2011-03-07 16:00:37 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{AA67423F-B22C-4C31-960C-678DC1D38B5C}
2011-03-06 19:49:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3B06BA40-EA13-40DF-8677-4378CC194B32}
2011-03-06 05:14:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0E563A49-94AC-4F82-97F1-9BCBE4809CF6}
2011-03-05 17:13:56 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{9F83257D-A058-40E5-89A7-478F53D18B37}
2011-03-04 20:49:55 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0619B3A6-3A87-4FDE-829E-2398E008231B}
2011-03-04 04:09:27 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3E98DDC0-8C66-4DD3-B173-333F16ED5735}
2011-03-03 16:09:05 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11BE4876-681D-49CA-BFE4-491D78F41C2D}
2011-03-03 03:42:28 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{2AB524F9-7F7B-4007-A756-E3C59461C251}
2011-03-02 15:42:06 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{25697A05-5525-4C34-A34A-8C6192AE9D7B}
2011-03-02 03:15:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{180D6BA3-98F6-423E-986B-FAE5EFE3BB22}
2011-03-01 22:36:23 388096 ----a-r- C:\Users\JMFRAN~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 22:36:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-01 18:02:26 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88445CB2-E10F-4B52-89E6-E54477BEB8F8}\mpengine.dll
2011-03-01 15:14:43 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{46A8BADF-7CE9-4914-AFF4-9CF0EDBD8D1C}
2011-03-01 02:16:50 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{36DDBCFD-055F-41CF-817E-72040915F5E2}
2011-02-28 14:16:38 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C827D21C-103D-4B73-A735-41C31DD3FFF4}
2011-02-27 20:17:10 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{35410F18-E70B-4204-8AE7-D8F61DEFB217}
2011-02-26 17:10:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C3360259-FD58-4237-917D-59D34952C091}
2011-02-25 21:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{D4E26959-7C7D-4D04-9D65-E2BA80E9A92D}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{51CD0EDB-B05E-454F-B768-6E3197A7FDCE}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{075B3438-B211-4114-BF20-FD06F7C97DCB}
2011-02-24 18:02:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11024713-CB6F-41CA-9A7B-26B61A5E9067}
2011-02-23 20:03:59 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{4E3C41AC-DBC9-4982-A2AD-D81145540128}
2011-02-23 06:30:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{DB0CA369-7626-4E89-B28B-DAAA2992F742}
2011-02-22 18:29:44 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{B6FD14B9-4CA5-4E88-BDBE-CCF75CFB0C8C}
2011-02-22 18:23:18 -------- d-----w- C:\windows\en
2011-02-22 18:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 18:20:00 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-02-22 18:20:00 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-02-22 18:19:59 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-02-22 18:19:59 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-02-22 18:18:10 3860992 ----a-w- C:\windows\System32\UIRibbon.dll
2011-02-22 18:18:10 2983424 ----a-w- C:\windows\SysWow64\UIRibbon.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\SysWow64\UIRibbonRes.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\System32\UIRibbonRes.dll
2011-02-22 18:17:04 206848 ----a-w- C:\windows\System32\mfps.dll
2011-02-22 18:17:03 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2011-02-22 18:17:03 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2011-02-22 18:17:03 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2011-02-22 18:17:03 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2011-02-22 18:17:02 4068864 ----a-w- C:\windows\System32\mf.dll
2011-02-22 18:17:02 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2011-02-22 18:16:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DSETUP.dll
2011-02-22 18:16:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DXSETUP.exe
2011-02-22 18:16:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\dsetup32.dll
2011-02-22 18:16:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DSETUP.dll
2011-02-22 18:16:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DXSETUP.exe
2011-02-22 18:16:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\dsetup32.dll
2011-02-22 18:16:24 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9c04cb531cbd2bc05\Silverlight.4.0.exe
2011-02-22 18:15:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\Windows Live
2011-02-11 13:26:31 258048 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfppw73.dll
.
==================== Find3M ====================
.
2011-02-02 22:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-12-20 23:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 17:49:08.68 ===============

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 12 March 2011 - 04:10 AM

Hi,

Please post contents of attach.txt log too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 March 2011 - 08:37 PM

Hi, I had tried to attach it as a .zip but that failed, so I've re-run the scan and will post the updated logs.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by JM Francheteau at 21:35:41.75 on 13/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4061.2214 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\explorer.exe
C:\windows\splwow64.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\JM Francheteau\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LvOXPiejlWtK] C:\Users\JMFRAN~1\AppData\Local\Temp\dd4buzfb3.exe
uRun: [LvOXPiejlqf] C:\Users\JMFRAN~1\AppData\Local\Temp\user.exe
uRun: [LvEhplZkfgre] C:\Users\JM Francheteau\AppData\Local\Temp\user.exe
uRun: [LvEhplZkfgnbdc] C:\Users\JM Francheteau\AppData\Local\Temp\dd4buzfb3.exe
uRun: [LvOXPiejlkc] C:\Users\JMFRAN~1\AppData\Local\Temp\cmd.exe
uRun: [LvEhplZkfgnZ] C:\Users\JM Francheteau\AppData\Local\Temp\cmd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JMFRAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\xyv8zi3c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\JM Francheteau\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: XULRunner: {7D1C62B0-B621-4A0D-9827-653833A79C46} - C:\Users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-11-7 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-10 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-11-7 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-7 215040]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-7 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-21 135664]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-1 140712]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-14 5435904]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-6 1255736]
.
=============== Created Last 30 ================
.
2011-03-13 19:29:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{60AF9E65-D0A1-4249-A3D7-1081358C5CEC}
2011-03-11 18:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{CBE1340A-265E-4DEF-BFD7-81CF7B7F5D74}
2011-03-11 06:29:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{67C01170-CF76-4940-BAEA-F7D629CA068F}
2011-03-10 18:28:42 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{5A82C854-5702-42E0-9033-F20ADA44F4AD}
2011-03-10 06:28:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A1165C2A-22E1-49C2-B313-D2E6DEDCE520}
2011-03-09 18:28:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C17BDDDD-11C2-4157-8D42-DF6F78335C03}
2011-03-09 06:27:34 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{8380B763-F2E6-4749-9235-B9A1BB02C0F6}
2011-03-08 16:49:19 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A457A319-C708-4E7A-972C-D8690CC4CD47}
2011-03-07 16:00:37 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{AA67423F-B22C-4C31-960C-678DC1D38B5C}
2011-03-06 19:49:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3B06BA40-EA13-40DF-8677-4378CC194B32}
2011-03-06 05:14:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0E563A49-94AC-4F82-97F1-9BCBE4809CF6}
2011-03-05 17:13:56 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{9F83257D-A058-40E5-89A7-478F53D18B37}
2011-03-04 20:49:55 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0619B3A6-3A87-4FDE-829E-2398E008231B}
2011-03-04 04:09:27 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3E98DDC0-8C66-4DD3-B173-333F16ED5735}
2011-03-03 16:09:05 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11BE4876-681D-49CA-BFE4-491D78F41C2D}
2011-03-03 03:42:28 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{2AB524F9-7F7B-4007-A756-E3C59461C251}
2011-03-02 15:42:06 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{25697A05-5525-4C34-A34A-8C6192AE9D7B}
2011-03-02 03:15:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{180D6BA3-98F6-423E-986B-FAE5EFE3BB22}
2011-03-01 22:36:23 388096 ----a-r- C:\Users\JMFRAN~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 22:36:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-01 18:02:26 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88445CB2-E10F-4B52-89E6-E54477BEB8F8}\mpengine.dll
2011-03-01 15:14:43 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{46A8BADF-7CE9-4914-AFF4-9CF0EDBD8D1C}
2011-03-01 02:16:50 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{36DDBCFD-055F-41CF-817E-72040915F5E2}
2011-02-28 14:16:38 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C827D21C-103D-4B73-A735-41C31DD3FFF4}
2011-02-27 20:17:10 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{35410F18-E70B-4204-8AE7-D8F61DEFB217}
2011-02-26 17:10:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C3360259-FD58-4237-917D-59D34952C091}
2011-02-25 21:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{D4E26959-7C7D-4D04-9D65-E2BA80E9A92D}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{51CD0EDB-B05E-454F-B768-6E3197A7FDCE}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{075B3438-B211-4114-BF20-FD06F7C97DCB}
2011-02-24 18:02:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11024713-CB6F-41CA-9A7B-26B61A5E9067}
2011-02-23 20:03:59 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{4E3C41AC-DBC9-4982-A2AD-D81145540128}
2011-02-23 06:30:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{DB0CA369-7626-4E89-B28B-DAAA2992F742}
2011-02-22 18:29:44 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{B6FD14B9-4CA5-4E88-BDBE-CCF75CFB0C8C}
2011-02-22 18:23:18 -------- d-----w- C:\windows\en
2011-02-22 18:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 18:20:00 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-02-22 18:20:00 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-02-22 18:19:59 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-02-22 18:19:59 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-02-22 18:18:10 3860992 ----a-w- C:\windows\System32\UIRibbon.dll
2011-02-22 18:18:10 2983424 ----a-w- C:\windows\SysWow64\UIRibbon.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\SysWow64\UIRibbonRes.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\System32\UIRibbonRes.dll
2011-02-22 18:17:04 206848 ----a-w- C:\windows\System32\mfps.dll
2011-02-22 18:17:03 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2011-02-22 18:17:03 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2011-02-22 18:17:03 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2011-02-22 18:17:03 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2011-02-22 18:17:02 4068864 ----a-w- C:\windows\System32\mf.dll
2011-02-22 18:17:02 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2011-02-22 18:16:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DSETUP.dll
2011-02-22 18:16:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DXSETUP.exe
2011-02-22 18:16:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\dsetup32.dll
2011-02-22 18:16:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DSETUP.dll
2011-02-22 18:16:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DXSETUP.exe
2011-02-22 18:16:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\dsetup32.dll
2011-02-22 18:16:24 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9c04cb531cbd2bc05\Silverlight.4.0.exe
2011-02-22 18:15:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\Windows Live
.
==================== Find3M ====================
.
2011-02-02 22:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-12-20 23:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 21:36:02.17 ===============

Attach file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2010 6:21:52 PM
System Uptime: 13/03/2011 3:33:47 PM (6 hours ago)
.
Motherboard: TOSHIBA | | KSKAA
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2534/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 17.74 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP71: 13/03/2011 6:32:26 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
AC3Filter 1.62b
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.2
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
D3DX10
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
eMusic Download Manager 4.1.3.1
Facebook Plug-In
Google Toolbar for Internet Explorer
Google Update Helper
HDMI Control Manager
HiJackThis
InterVideo WinDVD BD for TOSHIBA
Java™ 6 Update 14
JMicron Flash Media Controller Driver
Last.fm 1.5.4.27091
Malwarebytes' Anti-Malware
Medieval II Total War
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.15)
MP3 Player Recovery Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
NVIDIA PhysX
QuickTime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
Vuze
Warcraft III
Warcraft III: All Products
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
13/03/2011 8:53:51 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
11/03/2011 11:59:31 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address 00-14-A5-A1-D2-84. Network operations on this system may be disrupted as a result.
10/03/2011 8:16:24 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
10/03/2011 1:36:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer AMIT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{16A0ACED-059F-434F-8459-856932185853}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 14 March 2011 - 04:36 AM

Hi,

Vuze

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 14 March 2011 - 10:34 AM

ComboFix 11-03-13.02 - JM Francheteau 14/03/2011 11:24:31.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4061.2866 [GMT -4:00]
Running from: c:\users\JM Francheteau\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\JM Francheteau\.COMMgr
c:\users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}
c:\users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}\chrome.manifest
c:\users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}\chrome\content\_cfg.js
c:\users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}\chrome\content\overlay.xul
c:\users\JM Francheteau\AppData\Local\{7D1C62B0-B621-4A0D-9827-653833A79C46}\install.rdf
c:\users\JM Francheteau\AppData\Roaming\Adobe\plugs
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 15:28 . 2011-03-14 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 15:07 . 2011-03-14 15:07 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{941845FA-49F4-49CE-92C3-43DC808DED42}
2011-03-13 19:29 . 2011-03-13 19:29 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{60AF9E65-D0A1-4249-A3D7-1081358C5CEC}
2011-03-11 18:29 . 2011-03-11 18:30 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{CBE1340A-265E-4DEF-BFD7-81CF7B7F5D74}
2011-03-11 06:29 . 2011-03-11 06:29 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{67C01170-CF76-4940-BAEA-F7D629CA068F}
2011-03-10 18:28 . 2011-03-10 18:29 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{5A82C854-5702-42E0-9033-F20ADA44F4AD}
2011-03-10 06:28 . 2011-03-10 06:28 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{A1165C2A-22E1-49C2-B313-D2E6DEDCE520}
2011-03-09 18:28 . 2011-03-09 18:28 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{C17BDDDD-11C2-4157-8D42-DF6F78335C03}
2011-03-09 06:27 . 2011-03-09 06:27 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{8380B763-F2E6-4749-9235-B9A1BB02C0F6}
2011-03-08 16:49 . 2011-03-08 16:49 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{A457A319-C708-4E7A-972C-D8690CC4CD47}
2011-03-07 16:00 . 2011-03-07 16:00 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{AA67423F-B22C-4C31-960C-678DC1D38B5C}
2011-03-06 19:49 . 2011-03-06 19:49 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{3B06BA40-EA13-40DF-8677-4378CC194B32}
2011-03-06 05:14 . 2011-03-06 05:14 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{0E563A49-94AC-4F82-97F1-9BCBE4809CF6}
2011-03-05 17:13 . 2011-03-05 17:14 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{9F83257D-A058-40E5-89A7-478F53D18B37}
2011-03-04 20:49 . 2011-03-04 20:50 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{0619B3A6-3A87-4FDE-829E-2398E008231B}
2011-03-04 04:09 . 2011-03-04 04:09 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{3E98DDC0-8C66-4DD3-B173-333F16ED5735}
2011-03-03 16:09 . 2011-03-03 16:09 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{11BE4876-681D-49CA-BFE4-491D78F41C2D}
2011-03-03 03:42 . 2011-03-03 03:42 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{2AB524F9-7F7B-4007-A756-E3C59461C251}
2011-03-02 15:42 . 2011-03-02 15:42 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{25697A05-5525-4C34-A34A-8C6192AE9D7B}
2011-03-02 03:15 . 2011-03-02 03:15 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{180D6BA3-98F6-423E-986B-FAE5EFE3BB22}
2011-03-01 22:36 . 2011-03-01 22:36 388096 ----a-r- c:\users\JM Francheteau\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 22:36 . 2011-03-01 22:36 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-01 18:02 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88445CB2-E10F-4B52-89E6-E54477BEB8F8}\mpengine.dll
2011-03-01 15:14 . 2011-03-01 15:15 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{46A8BADF-7CE9-4914-AFF4-9CF0EDBD8D1C}
2011-03-01 02:16 . 2011-03-01 02:17 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{36DDBCFD-055F-41CF-817E-72040915F5E2}
2011-02-28 14:16 . 2011-02-28 14:16 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{C827D21C-103D-4B73-A735-41C31DD3FFF4}
2011-02-27 20:17 . 2011-02-27 20:17 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{35410F18-E70B-4204-8AE7-D8F61DEFB217}
2011-02-26 17:10 . 2011-02-26 17:10 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{C3360259-FD58-4237-917D-59D34952C091}
2011-02-25 21:29 . 2011-02-25 21:30 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{D4E26959-7C7D-4D04-9D65-E2BA80E9A92D}
2011-02-25 07:09 . 2011-02-25 07:31 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{51CD0EDB-B05E-454F-B768-6E3197A7FDCE}
2011-02-25 07:09 . 2011-02-25 07:09 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{075B3438-B211-4114-BF20-FD06F7C97DCB}
2011-02-24 18:02 . 2011-02-24 18:02 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{11024713-CB6F-41CA-9A7B-26B61A5E9067}
2011-02-23 20:03 . 2011-02-23 20:04 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{4E3C41AC-DBC9-4982-A2AD-D81145540128}
2011-02-23 06:30 . 2011-02-23 06:30 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{DB0CA369-7626-4E89-B28B-DAAA2992F742}
2011-02-22 18:29 . 2011-02-22 18:29 -------- d-----w- c:\users\JM Francheteau\AppData\Local\{B6FD14B9-4CA5-4E88-BDBE-CCF75CFB0C8C}
2011-02-22 18:23 . 2011-02-22 18:23 -------- d-----w- c:\windows\en
2011-02-22 18:22 . 2011-02-22 18:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 18:20 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-02-22 18:20 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-02-22 18:19 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-02-22 18:19 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-22 18:18 . 2011-02-22 18:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-02-22 18:18 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-22 18:18 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-22 18:18 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-02-22 18:18 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-02-22 18:17 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-02-22 18:17 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-02-22 18:17 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-02-22 18:17 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-02-22 18:17 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-02-22 18:17 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-02-22 18:17 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2011-02-22 18:16 . 2011-02-22 18:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DSETUP.dll
2011-02-22 18:16 . 2011-02-22 18:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DXSETUP.exe
2011-02-22 18:16 . 2011-02-22 18:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\dsetup32.dll
2011-02-22 18:16 . 2011-02-22 18:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DSETUP.dll
2011-02-22 18:16 . 2011-02-22 18:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DXSETUP.exe
2011-02-22 18:16 . 2011-02-22 18:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\dsetup32.dll
2011-02-22 18:16 . 2011-02-22 18:16 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9c04cb531cbd2bc05\Silverlight.4.0.exe
2011-02-22 18:15 . 2011-02-25 07:09 -------- d-----w- c:\users\JM Francheteau\AppData\Local\Windows Live
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 02:11 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:04 . 2010-08-13 20:06 0 ----a-w- c:\users\JM Francheteau\AppData\Local\Lbiwozavoh.bin
2011-02-02 22:11 . 2010-01-05 23:38 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 23:09 . 2010-08-18 23:29 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-18 23:29 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 00:14]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 00:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-11 10051616]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\JM Francheteau\AppData\Roaming\Mozilla\Firefox\Profiles\xyv8zi3c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-TkBellExe - c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-14 11:31:00
ComboFix-quarantined-files.txt 2011-03-14 15:31
.
Pre-Run: 39,890,325,504 bytes free
Post-Run: 40,035,463,168 bytes free
.
- - End Of File - - E6F630D13237AE7C2DA258ACDB23F14B

DDS log

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by JM Francheteau at 11:33:14.23 on 14/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4061.2472 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\JM Francheteau\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JMFRAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\xyv8zi3c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\JM Francheteau\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-11-7 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-10 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-11-7 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-7 215040]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-7 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-21 135664]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-1 140712]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-14 5435904]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-6 1255736]
.
=============== Created Last 30 ================
.
2011-03-14 15:21:39 98816 ----a-w- C:\windows\sed.exe
2011-03-14 15:21:39 89088 ----a-w- C:\windows\MBR.exe
2011-03-14 15:21:39 256512 ----a-w- C:\windows\PEV.exe
2011-03-14 15:21:39 161792 ----a-w- C:\windows\SWREG.exe
2011-03-14 15:07:12 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{941845FA-49F4-49CE-92C3-43DC808DED42}
2011-03-13 19:29:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{60AF9E65-D0A1-4249-A3D7-1081358C5CEC}
2011-03-11 18:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{CBE1340A-265E-4DEF-BFD7-81CF7B7F5D74}
2011-03-11 06:29:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{67C01170-CF76-4940-BAEA-F7D629CA068F}
2011-03-10 18:28:42 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{5A82C854-5702-42E0-9033-F20ADA44F4AD}
2011-03-10 06:28:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A1165C2A-22E1-49C2-B313-D2E6DEDCE520}
2011-03-09 18:28:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C17BDDDD-11C2-4157-8D42-DF6F78335C03}
2011-03-09 06:27:34 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{8380B763-F2E6-4749-9235-B9A1BB02C0F6}
2011-03-08 16:49:19 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A457A319-C708-4E7A-972C-D8690CC4CD47}
2011-03-07 16:00:37 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{AA67423F-B22C-4C31-960C-678DC1D38B5C}
2011-03-06 19:49:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3B06BA40-EA13-40DF-8677-4378CC194B32}
2011-03-06 05:14:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0E563A49-94AC-4F82-97F1-9BCBE4809CF6}
2011-03-05 17:13:56 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{9F83257D-A058-40E5-89A7-478F53D18B37}
2011-03-04 20:49:55 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0619B3A6-3A87-4FDE-829E-2398E008231B}
2011-03-04 04:09:27 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3E98DDC0-8C66-4DD3-B173-333F16ED5735}
2011-03-03 16:09:05 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11BE4876-681D-49CA-BFE4-491D78F41C2D}
2011-03-03 03:42:28 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{2AB524F9-7F7B-4007-A756-E3C59461C251}
2011-03-02 15:42:06 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{25697A05-5525-4C34-A34A-8C6192AE9D7B}
2011-03-02 03:15:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{180D6BA3-98F6-423E-986B-FAE5EFE3BB22}
2011-03-01 22:36:23 388096 ----a-r- C:\Users\JMFRAN~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 22:36:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-01 18:02:26 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88445CB2-E10F-4B52-89E6-E54477BEB8F8}\mpengine.dll
2011-03-01 15:14:43 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{46A8BADF-7CE9-4914-AFF4-9CF0EDBD8D1C}
2011-03-01 02:16:50 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{36DDBCFD-055F-41CF-817E-72040915F5E2}
2011-02-28 14:16:38 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C827D21C-103D-4B73-A735-41C31DD3FFF4}
2011-02-27 20:17:10 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{35410F18-E70B-4204-8AE7-D8F61DEFB217}
2011-02-26 17:10:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C3360259-FD58-4237-917D-59D34952C091}
2011-02-25 21:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{D4E26959-7C7D-4D04-9D65-E2BA80E9A92D}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{51CD0EDB-B05E-454F-B768-6E3197A7FDCE}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{075B3438-B211-4114-BF20-FD06F7C97DCB}
2011-02-24 18:02:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11024713-CB6F-41CA-9A7B-26B61A5E9067}
2011-02-23 20:03:59 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{4E3C41AC-DBC9-4982-A2AD-D81145540128}
2011-02-23 06:30:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{DB0CA369-7626-4E89-B28B-DAAA2992F742}
2011-02-22 18:29:44 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{B6FD14B9-4CA5-4E88-BDBE-CCF75CFB0C8C}
2011-02-22 18:23:18 -------- d-----w- C:\windows\en
2011-02-22 18:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 18:20:00 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-02-22 18:20:00 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-02-22 18:19:59 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-02-22 18:19:59 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-02-22 18:18:10 3860992 ----a-w- C:\windows\System32\UIRibbon.dll
2011-02-22 18:18:10 2983424 ----a-w- C:\windows\SysWow64\UIRibbon.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\SysWow64\UIRibbonRes.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\System32\UIRibbonRes.dll
2011-02-22 18:17:04 206848 ----a-w- C:\windows\System32\mfps.dll
2011-02-22 18:17:03 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2011-02-22 18:17:03 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2011-02-22 18:17:03 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2011-02-22 18:17:03 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2011-02-22 18:17:02 4068864 ----a-w- C:\windows\System32\mf.dll
2011-02-22 18:17:02 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2011-02-22 18:16:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DSETUP.dll
2011-02-22 18:16:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DXSETUP.exe
2011-02-22 18:16:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\dsetup32.dll
2011-02-22 18:16:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DSETUP.dll
2011-02-22 18:16:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DXSETUP.exe
2011-02-22 18:16:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\dsetup32.dll
2011-02-22 18:16:24 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9c04cb531cbd2bc05\Silverlight.4.0.exe
2011-02-22 18:15:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\Windows Live
.
==================== Find3M ====================
.
2011-02-02 22:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-12-20 23:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 11:33:32.46 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2010 6:21:52 PM
System Uptime: 14/03/2011 10:57:31 AM (1 hours ago)
.
Motherboard: TOSHIBA | | KSKAA
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2534/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 37.363 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP71: 13/03/2011 6:32:26 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
AC3Filter 1.62b
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.2
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
D3DX10
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
eMusic Download Manager 4.1.3.1
Facebook Plug-In
Google Toolbar for Internet Explorer
Google Update Helper
HDMI Control Manager
HiJackThis
InterVideo WinDVD BD for TOSHIBA
Java™ 6 Update 14
JMicron Flash Media Controller Driver
Last.fm 1.5.4.27091
Malwarebytes' Anti-Malware
Medieval II Total War
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.15)
MP3 Player Recovery Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
NVIDIA PhysX
QuickTime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
Vuze
Warcraft III
Warcraft III: All Products
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
14/03/2011 11:29:09 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/03/2011 11:28:34 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
14/03/2011 1:09:51 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
13/03/2011 8:53:51 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
11/03/2011 11:59:31 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address 00-14-A5-A1-D2-84. Network operations on this system may be disrupted as a result.
10/03/2011 8:16:24 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
10/03/2011 1:36:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer AMIT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{16A0ACED-059F-434F-8459-856932185853}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 14 March 2011 - 11:37 AM

Hi again,


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report & a fresh dds.txt log. How's the system running?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 14 March 2011 - 01:54 PM

System seems to be running smoothly, no crashes to report. I'm going to try going back to Winamp (had been using WMP as a stopgap) and see if it's become more stable.

The ESET scan located and removed/quarantined the following items:

C:\Users\JM Francheteau\AppData\Local\atefayoqevi.dll Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Users\JM Francheteau\AppData\Roaming\F58C788522DD78376126BE8E0022190E\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\JM Francheteau\AppData\Roaming\F58C788522DD78376126BE8E0022190E\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\sphlp.dll Win32/Bamital.ET trojan cleaned by deleting - quarantined

DDS log

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by JM Francheteau at 14:50:55.86 on 14/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4061.2319 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\JM Francheteau\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JMFRAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\xyv8zi3c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\JM Francheteau\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-11-7 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-10 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-11-7 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-7 215040]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-7 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-21 135664]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-1 140712]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-14 5435904]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-6 1255736]
.
=============== Created Last 30 ================
.
2011-03-14 17:32:29 -------- d-----w- C:\Program Files (x86)\ESET
2011-03-14 17:28:56 521448 ----a-w- C:\windows\System32\deployJava1.dll
2011-03-14 17:13:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-14 15:21:39 98816 ----a-w- C:\windows\sed.exe
2011-03-14 15:21:39 89088 ----a-w- C:\windows\MBR.exe
2011-03-14 15:21:39 256512 ----a-w- C:\windows\PEV.exe
2011-03-14 15:21:39 161792 ----a-w- C:\windows\SWREG.exe
2011-03-14 15:07:12 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{941845FA-49F4-49CE-92C3-43DC808DED42}
2011-03-13 19:29:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{60AF9E65-D0A1-4249-A3D7-1081358C5CEC}
2011-03-11 18:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{CBE1340A-265E-4DEF-BFD7-81CF7B7F5D74}
2011-03-11 06:29:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{67C01170-CF76-4940-BAEA-F7D629CA068F}
2011-03-10 18:28:42 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{5A82C854-5702-42E0-9033-F20ADA44F4AD}
2011-03-10 06:28:32 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A1165C2A-22E1-49C2-B313-D2E6DEDCE520}
2011-03-09 18:28:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C17BDDDD-11C2-4157-8D42-DF6F78335C03}
2011-03-09 06:27:34 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{8380B763-F2E6-4749-9235-B9A1BB02C0F6}
2011-03-08 16:49:19 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{A457A319-C708-4E7A-972C-D8690CC4CD47}
2011-03-07 16:00:37 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{AA67423F-B22C-4C31-960C-678DC1D38B5C}
2011-03-06 19:49:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3B06BA40-EA13-40DF-8677-4378CC194B32}
2011-03-06 05:14:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0E563A49-94AC-4F82-97F1-9BCBE4809CF6}
2011-03-05 17:13:56 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{9F83257D-A058-40E5-89A7-478F53D18B37}
2011-03-04 20:49:55 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{0619B3A6-3A87-4FDE-829E-2398E008231B}
2011-03-04 04:09:27 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{3E98DDC0-8C66-4DD3-B173-333F16ED5735}
2011-03-03 16:09:05 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11BE4876-681D-49CA-BFE4-491D78F41C2D}
2011-03-03 03:42:28 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{2AB524F9-7F7B-4007-A756-E3C59461C251}
2011-03-02 15:42:06 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{25697A05-5525-4C34-A34A-8C6192AE9D7B}
2011-03-02 03:15:17 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{180D6BA3-98F6-423E-986B-FAE5EFE3BB22}
2011-03-01 22:36:23 388096 ----a-r- C:\Users\JMFRAN~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 22:36:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-01 18:02:26 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88445CB2-E10F-4B52-89E6-E54477BEB8F8}\mpengine.dll
2011-03-01 15:14:43 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{46A8BADF-7CE9-4914-AFF4-9CF0EDBD8D1C}
2011-03-01 02:16:50 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{36DDBCFD-055F-41CF-817E-72040915F5E2}
2011-02-28 14:16:38 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C827D21C-103D-4B73-A735-41C31DD3FFF4}
2011-02-27 20:17:10 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{35410F18-E70B-4204-8AE7-D8F61DEFB217}
2011-02-26 17:10:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{C3360259-FD58-4237-917D-59D34952C091}
2011-02-25 21:29:52 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{D4E26959-7C7D-4D04-9D65-E2BA80E9A92D}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{51CD0EDB-B05E-454F-B768-6E3197A7FDCE}
2011-02-25 07:09:39 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{075B3438-B211-4114-BF20-FD06F7C97DCB}
2011-02-24 18:02:14 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{11024713-CB6F-41CA-9A7B-26B61A5E9067}
2011-02-23 20:03:59 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{4E3C41AC-DBC9-4982-A2AD-D81145540128}
2011-02-23 06:30:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{DB0CA369-7626-4E89-B28B-DAAA2992F742}
2011-02-22 18:29:44 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\{B6FD14B9-4CA5-4E88-BDBE-CCF75CFB0C8C}
2011-02-22 18:23:18 -------- d-----w- C:\windows\en
2011-02-22 18:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 18:20:00 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-02-22 18:20:00 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-02-22 18:19:59 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-02-22 18:19:59 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-02-22 18:18:10 3860992 ----a-w- C:\windows\System32\UIRibbon.dll
2011-02-22 18:18:10 2983424 ----a-w- C:\windows\SysWow64\UIRibbon.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\SysWow64\UIRibbonRes.dll
2011-02-22 18:18:10 1164800 ----a-w- C:\windows\System32\UIRibbonRes.dll
2011-02-22 18:17:04 206848 ----a-w- C:\windows\System32\mfps.dll
2011-02-22 18:17:03 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2011-02-22 18:17:03 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2011-02-22 18:17:03 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2011-02-22 18:17:03 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2011-02-22 18:17:02 4068864 ----a-w- C:\windows\System32\mf.dll
2011-02-22 18:17:02 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2011-02-22 18:16:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DSETUP.dll
2011-02-22 18:16:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\DXSETUP.exe
2011-02-22 18:16:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a56b8c511cbd2bc07\dsetup32.dll
2011-02-22 18:16:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DSETUP.dll
2011-02-22 18:16:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\DXSETUP.exe
2011-02-22 18:16:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a12b61b21cbd2bc06\dsetup32.dll
2011-02-22 18:16:24 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9c04cb531cbd2bc05\Silverlight.4.0.exe
2011-02-22 18:15:09 -------- d-----w- C:\Users\JMFRAN~1\AppData\Local\Windows Live
.
==================== Find3M ====================
.
2011-02-02 22:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-12-20 23:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 14:52:01.28 ===============

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2010 6:21:52 PM
System Uptime: 14/03/2011 1:25:32 PM (1 hours ago)
.
Motherboard: TOSHIBA | | KSKAA
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2508/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 36.848 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP71: 13/03/2011 6:32:26 PM - Scheduled Checkpoint
RP72: 14/03/2011 1:21:54 PM - Removed Java™ 6 Update 14
RP73: 14/03/2011 1:27:29 PM - Installed Java™ 6 Update 24 (64-bit)
.
==== Installed Programs ======================
.
AC3Filter 1.62b
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
D3DX10
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
eMusic Download Manager 4.1.3.1
ESET Online Scanner v3
Facebook Plug-In
Google Toolbar for Internet Explorer
Google Update Helper
HDMI Control Manager
HiJackThis
InterVideo WinDVD BD for TOSHIBA
JMicron Flash Media Controller Driver
Last.fm 1.5.4.27091
Malwarebytes' Anti-Malware
Medieval II Total War
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.15)
MP3 Player Recovery Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
NVIDIA PhysX
QuickTime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
Vuze
Warcraft III
Warcraft III: All Products
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
14/03/2011 11:29:09 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/03/2011 11:28:34 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
14/03/2011 1:09:51 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
13/03/2011 8:53:51 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
11/03/2011 11:59:31 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address 00-14-A5-A1-D2-84. Network operations on this system may be disrupted as a result.
10/03/2011 8:16:24 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
10/03/2011 1:36:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer AMIT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{16A0ACED-059F-434F-8459-856932185853}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 14 March 2011 - 02:54 PM

Good. If no other issues appear see a list of the final steps below.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 14 March 2011 - 05:12 PM

Unfortunately I've had another crash, same problem as before except that I was using iTunes rather than winamp. The sound became extremely slowed down until it finally degenerated into a blaring noise, after which the computer froze and I got a BSOD. This is the first BSOD I've had since Feb 24, according to the log. Here's the crash data:

==================================================
Dump File : 031411-35537-01.dmp
Crash Time : 14/03/2011 5:56:59 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`091b9320
Parameter 2 : fffff880`05dfdf90
Parameter 3 : ffffffff`c000009a
Parameter 4 : 00000000`00000004
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5cef8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\windows\Minidump\031411-35537-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 1,512,576
==================================================

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 15 March 2011 - 01:06 AM

Hi,

That looks like possible driver problem. Have you installed any hardware drivers (i.e. for graphics card) around the time BSODs started appearing?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 15 March 2011 - 10:01 AM

I have not, though on a few of the BSOD's there's been mention of my nvidia display drivers. I don't know what this would have to do with my use of Winamp or iTunes though, unless it's an issue related to resources.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 AM

Posted 15 March 2011 - 02:24 PM

Hi,

You could try latest display drivers to see if those help with the problem resolving.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 SixOClock

SixOClock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 17 March 2011 - 11:18 AM

Just posting to say that I've updated my drivers, and will let you know if/when I next get a BSOD. Also, thanks so much for your help thus far!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users