Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap. Likely a difficult TDSS/Rootkit infection.


  • This topic is locked This topic is locked
2 replies to this topic

#1 bwyrock

bwyrock

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 27 September 2011 - 09:14 AM

Hope everyone is well and not too overwhelmed with posts!

Alright, so I'm trying to fix my boss's computer. Google is redirecting to junk sites. Internet speed is crawling. IE crashes constantly; Chrome is just horribly slow. Ran TDSSKiller, it detected nothing. When trying to diagnose the problem in the first place, I ran Ad-Aware and it detected some junk and either deleted or quarantined it, but the problem persists. And I'll be damned if I'm going to let this thing win.



Here's the Ad-Aware scan log, if it helps:


Logfile created: 9/22/2011 10:11:05
Ad-Aware version: 9.5.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Megan

*********************** Definitions database information ***********************
Lavasoft definition file: 150.577
Genotype definition file version: 2011/09/01 12:38:06
Extended engine definition file: 10538.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 151017
Objects detected: 42


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 5
Folders.........: 0
LSPs............: 0
Cookies.........: 37
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0
Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
Description: *casalemedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409152 Family ID: 0
Description: *adlegend* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409170 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0
Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0
Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0
Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0
Description: *overture* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408834 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Quarantined items:
Description: c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\fzg8ckj5\ex[2].htm Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 91d0d38f61fc48cfd31f19ebf48cee7d
Description: c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\fzg8ckj5\ex[2].htm Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 91d0d38f61fc48cfd31f19ebf48cee7d
Description: c:\windows\temp\gdfstr.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 91d0d38f61fc48cfd31f19ebf48cee7d
Description: c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\fzg8ckj5\ex[3].htm Family Name: Win32.TrojanDropper.Injector Engine: 1 Clean status: Success Item ID: 0 Family ID: 6048712 MD5: 5e96dc3e68d65896f0f1469873e0fff9
Description: c:\windows\temp\kjghsad.exe Family Name: Win32.TrojanDropper.Injector Engine: 1 Clean status: Success Item ID: 0 Family ID: 6048712 MD5: 5e96dc3e68d65896f0f1469873e0fff9

Scan and cleaning complete: Finished correctly after 9764 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu Sep 22 09:38:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu Sep 22 15:38:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu Sep 22 21:38:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu Sep 22 03:38:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu Sep 22 09:38:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: MEGAN-PC
Processor name: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 5
Processor speed: ~2527MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9477, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 1278570496 bytes
Physical memory total: 4079665152 bytes
Virtual memory available: 1873145856 bytes
Virtual memory total: 2147352576 bytes
Memory load: 68%
Microsoft (build 7600)
Windows startup mode:

Running processes:
PID: 324 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 472 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 668 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 684 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 692 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 788 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 864 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 924 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 972 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 340 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 500 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 368 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1028 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1160 name: C:\Windows\System32\wlanext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1168 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1348 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1400 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1472 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1520 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1592 name: C:\Program Files\Citrix\Secure Access Client\nsverctl.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1628 name: C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1704 name: C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1728 name: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1752 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1796 name: C:\Windows\System32\ThpSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1820 name: C:\Windows\System32\TODDSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1848 name: C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1948 name: C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1992 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1172 name: C:\Program Files\Intel\WiFi\bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2052 name: C:\Program Files\TOSHIBA\TECO\TecoService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2360 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2504 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1284 name: C:\Windows\System32\taskhost.exe owner: Megan domain: Megan-PC
PID: 2552 name: C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe owner: Megan domain: Megan-PC
PID: 660 name: C:\Windows\System32\dwm.exe owner: Megan domain: Megan-PC
PID: 772 name: C:\Windows\explorer.exe owner: Megan domain: Megan-PC
PID: 2852 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2496 name: C:\Windows\System32\hkcmd.exe owner: Megan domain: Megan-PC
PID: 2996 name: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe owner: Megan domain: Megan-PC
PID: 264 name: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe owner: Megan domain: Megan-PC
PID: 244 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: Megan domain: Megan-PC
PID: 1944 name: C:\Windows\System32\ThpSrv.exe owner: Megan domain: Megan-PC
PID: 3028 name: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe owner: Megan domain: Megan-PC
PID: 3084 name: C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe owner: Megan domain: Megan-PC
PID: 3100 name: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe owner: Megan domain: Megan-PC
PID: 3116 name: C:\Program Files\TOSHIBA\TECO\Teco.exe owner: Megan domain: Megan-PC
PID: 3236 name: C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe owner: Megan domain: Megan-PC
PID: 3268 name: C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe owner: Megan domain: Megan-PC
PID: 3396 name: C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe owner: Megan domain: Megan-PC
PID: 3452 name: C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe owner: Megan domain: Megan-PC
PID: 3564 name: C:\Program Files\Citrix\Secure Access Client\nsload.exe owner: Megan domain: Megan-PC
PID: 3632 name: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe owner: Megan domain: Megan-PC
PID: 3932 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: Megan domain: Megan-PC
PID: 3952 name: C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe owner: Megan domain: Megan-PC
PID: 3996 name: C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe owner: Megan domain: Megan-PC
PID: 4004 name: C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe owner: Megan domain: Megan-PC
PID: 4040 name: C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe owner: Megan domain: Megan-PC
PID: 1736 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: Megan domain: Megan-PC
PID: 4100 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4456 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4780 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 4992 name: C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2172 name: C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4676 name: C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4812 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4212 name: C:\Windows\splwow64.exe owner: Megan domain: Megan-PC
PID: 1540 name: C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5264 name: C:\Windows\System32\wuauclt.exe owner: Megan domain: Megan-PC
PID: 5344 name: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5384 name: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5416 name: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe owner: Megan domain: Megan-PC
PID: 5752 name: C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe owner: Megan domain: Megan-PC
PID: 4516 name: C:\Windows\SysWOW64\PING.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 5172 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 6488 name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe owner: Megan domain: Megan-PC
PID: 396 name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe owner: Megan domain: Megan-PC
PID: 6068 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Megan domain: Megan-PC
PID: 4412 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 6980 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Megan domain: Megan-PC
PID: 3680 name: C:\Windows\SysWOW64\rundll32.exe owner: Megan domain: Megan-PC
PID: 6012 name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe owner: Megan domain: Megan-PC
PID: 2728 name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe owner: Megan domain: Megan-PC

Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: KeNotify
imagepath: C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
Name: HWSetup
imagepath: C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
Name: SVPWUTIL
imagepath: C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
Name: ToshibaServiceStation
imagepath: "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
Name: TWebCamera
imagepath: "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
Name: TSleepSrv
imagepath: %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Name: NortonOnlineBackupReminder
imagepath: "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
Name: ToshibaAppPlace
imagepath: "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
Name: QuickTime Task
imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
imagepath: C:\Program Files (x86)\Citrix\Secure Access Client\nsload.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
imagepath: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: AudioSrv
displayname: Windows Audio
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: DMAgent
displayname: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: EvtEng
displayname: Intel® PROSet/Wireless Event Log
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: HomeGroupProvider
displayname: HomeGroup Provider
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: IviRegMgr
displayname: IviRegMgr
Name: KeyIso
displayname: CNG Key Isolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: LMS
displayname: Intel® Management and Security Application Local Management Service
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: Norton PC Checkup Application Launcher
displayname: Toshiba Laptop Checkup Application Launcher
Name: nsi
displayname: Network Store Interface Service
Name: nsverctl
displayname: Citrix Secure Access Client Service
Name: p2pimsvc
displayname: Peer Networking Identity Manager
Name: p2psvc
displayname: Peer Networking Grouping
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PCCUJobMgr
displayname: Common Client Job Manager Service
Name: PlugPlay
displayname: Plug and Play
Name: PNRPsvc
displayname: Peer Name Resolution Protocol
Name: Power
displayname: Power
Name: ProfSvc
displayname: User Profile Service
Name: PSI_SVC_2
displayname: Protexis Licensing V2
Name: RegSrvc
displayname: Intel® PROSet/Wireless Registry Service
Name: RpcEptMapper
displayname: RPC Endpoint Mapper
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: Themes
displayname: Themes
Name: Thpsrv
displayname: TOSHIBA HDD Protection
Name: TMachInfo
displayname: TMachInfo
Name: TODDSrv
displayname: TOSHIBA Optical Disc Drive Service
Name: TosCoSrv
displayname: TOSHIBA Power Saver
Name: TOSHIBA eco Utility Service
displayname: TOSHIBA eco Utility Service
Name: TOSHIBA HDD SSD Alert Service
displayname: TOSHIBA HDD SSD Alert Service
Name: TPCHSrv
displayname: TPCH Service
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: UNS
displayname: Intel® Management & Security Application User Notification Service
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: WdiServiceHost
displayname: Diagnostic Service Host
Name: WiMAXAppSrv
displayname: Intel® PROSet/Wireless WiMAX Service
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
















Here's the DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Megan at 9:11:57 on 2011-09-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1309 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: adfabonppr Object: {26d02f99-ae5b-4533-ad67-e23b4b20d60d} - C:\windows\$BLSTUN$\qgnnv.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: brumabonpgrm Object: {795f4311-02c9-4b7b-a9bb-78d4fe68a98d} - C:\windows\$BLSTUN$\lmatn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Sunbelt Software Update] C:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.exe
dRun: [AppleServiceBackup] rundll32.exe "C:\ProgramData\AppleServiceBackup.dll",DllRegisterServer
dRun: [AbEVEEVRbhjjV.exe] C:\ProgramData\AbEVEEVRbhjjV.exe
dRun: [QIjLeJwkSi.exe] C:\ProgramData\QIjLeJwkSi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{4BDE33D3-A8B9-4E98-8828-6B962F53F055} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{4BDE33D3-A8B9-4E98-8828-6B962F53F055}\336363533516E64607960756272546 : DhcpNameServer = 216.54.2.10 216.54.2.11
TCP: Interfaces\{4BDE33D3-A8B9-4E98-8828-6B962F53F055}\742796075697723702341666560244F677E647F677E6 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: adfabonppr Object: {26D02F99-AE5B-4533-AD67-E23B4B20D60D} - C:\windows\$BLSTUN$\qgnnv.dll
BHO-X64: Z-opti Browser Enhancer - No File
BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: brumabonpgrm Object: {795F4311-02C9-4B7B-A9BB-78D4FE68A98D} - C:\windows\$BLSTUN$\lmatn.dll
BHO-X64: Context-Ads Browser Enhancer - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cag;Citrix cag plugin for Access Gateway;C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2010-3-9 93824]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-5-24 123320]
R2 nsverctl;Citrix Secure Access Client Service;C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [2010-3-18 154776]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-5-24 126392]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-24 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 ctxva51;Citrix Virtual Adapter;C:\windows\system32\DRIVERS\ctxva51.sys --> C:\windows\system32\DRIVERS\ctxva51.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-22 17152]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-24 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-26 18:53:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{535DFED3-4B82-4F71-BD50-9329DD072849}\offreg.dll
2011-09-26 11:36:41 -------- d--h--w- C:\Users\Megan\AppData\Local\ElevatedDiagnostics
2011-09-26 11:27:29 -------- d--h--w- C:\Program Files (x86)\Surf Canyon
2011-09-26 11:27:26 -------- d--h--w- C:\Program Files (x86)\PriceGong
2011-09-26 11:27:22 -------- d--h--w- C:\windows\$BLSTUN$
2011-09-26 11:27:11 504832 ---ha-w- C:\ProgramData\QIjLeJwkSi.exe
2011-09-26 01:22:52 747356 ----a-w- C:\windows\System32\PerfStringBackup.TMP
2011-09-24 20:13:11 457728 ---ha-w- C:\ProgramData\AbEVEEVRbhjjV.exe
2011-09-23 17:21:02 -------- d--h--w- C:\Program Files\CCleaner
2011-09-23 08:34:44 -------- d--h--w- C:\OpenCloud Security
2011-09-23 08:29:44 9049936 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{535DFED3-4B82-4F71-BD50-9329DD072849}\mpengine.dll
2011-09-23 02:00:14 98816 ---ha-w- C:\ProgramData\AppleServiceBackup.dll
2011-09-23 01:14:24 -------- d--h--w- C:\Program Files (x86)\UEFI WinFlash
2011-09-22 21:04:50 0 ---ha-w- C:\Users\Megan\AppData\Local\BIT104A.tmp
2011-09-22 16:54:00 16432 ---ha-w- C:\windows\System32\lsdelete.exe
2011-09-22 13:50:10 55384 ---ha-w- C:\windows\System32\drivers\SBREDrv.sys
2011-09-22 13:37:57 69376 ---ha-w- C:\windows\System32\drivers\Lbd.sys
2011-09-22 13:37:51 -------- d--h--w- C:\Program Files (x86)\Lavasoft
2011-09-22 06:58:25 -------- d-----we C:\windows\system64
2011-09-17 19:15:33 -------- d--h--w- C:\Users\Megan\AppData\Local\Citrix
2011-09-17 19:14:43 -------- d--h--w- C:\ProgramData\Citrix
2011-09-17 19:14:43 -------- d--h--w- C:\Program Files\Common Files\Deterministic Networks
2011-09-17 19:14:43 -------- d--h--w- C:\Program Files\Citrix
2011-09-17 19:14:39 -------- d--h--w- C:\Users\Megan\AppData\Roaming\ICAClient
2011-09-17 19:14:37 -------- d--h--w- C:\Program Files (x86)\Citrix
2011-09-16 13:46:19 -------- d--h--w- C:\Users\Megan\AppData\Local\KodakGallery
2011-09-13 00:46:47 -------- d--h--w- C:\Program Files (x86)\Common Files\Kodak
2011-09-13 00:45:49 -------- d--h--w- C:\Program Files (x86)\Common Files\MSSoap
2011-09-13 00:45:48 -------- d--h--w- C:\Program Files (x86)\Kodak
2011-09-13 00:44:38 -------- d--h--w- C:\ProgramData\Kodak
2011-09-09 00:26:23 -------- d--h--w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-09-09 00:19:31 -------- d--h--w- C:\ProgramData\Symantec
2011-09-06 19:14:26 -------- d--h--w- C:\Users\Megan\AppData\Roaming\Flickr
2011-09-06 19:14:26 -------- d--h--w- C:\Users\Megan\AppData\Local\Flickr
2011-09-06 19:00:05 -------- d--h--w- C:\Program Files (x86)\Flickr Uploadr
2011-09-06 17:42:10 -------- d--h--w- C:\Users\Megan\AppData\Local\Apple Computer
2011-09-06 17:42:06 34152 ---ha-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-09-06 17:42:06 126312 ---ha-w- C:\windows\System32\GEARAspi64.dll
2011-09-06 17:42:06 107368 ---ha-w- C:\windows\SysWow64\GEARAspi.dll
2011-09-06 17:41:57 -------- d--h--w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-09-06 17:41:57 -------- d--h--w- C:\Program Files\iTunes
2011-09-06 17:41:57 -------- d--h--w- C:\Program Files\iPod
2011-09-06 17:41:57 -------- d--h--w- C:\Program Files (x86)\iTunes
2011-09-06 17:39:52 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-06 17:39:52 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-06 17:39:52 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-06 17:39:52 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-06 17:39:52 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-06 17:39:50 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-06 17:39:50 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-06 17:39:26 -------- d--h--w- C:\Users\Megan\AppData\Local\Apple
2011-09-02 20:18:28 -------- d--h--w- C:\Program Files (x86)\uTorrent
2011-09-02 20:17:38 -------- d--h--w- C:\Users\Megan\AppData\Roaming\uTorrent
2011-09-02 20:17:38 -------- d--h--w- C:\Users\Megan\AppData\Local\uTorrent
2011-09-01 10:54:23 -------- d--h--w- C:\Users\Megan\AppData\Roaming\com.Shutterfly.ExpressUploader
2011-09-01 10:54:20 -------- d--h--w- C:\Program Files (x86)\Shutterfly
2011-08-28 20:05:46 -------- d--h--w- C:\Users\Megan\AppData\Local\Adobe
.
==================== Find3M ====================
.
2011-08-20 18:45:38 404640 ---ha-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ---ha-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ---ha-w- C:\windows\SysWow64\QuickTime.qts
.
============= FINISH: 9:13:12.87 ===============



Hopefully this is enough information.
What you guys do is awesome. Thanks so much for your help and have a wonderful day!

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 02 October 2011 - 09:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420691 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 07 October 2011 - 09:20 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users