Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Guard Online won' go away


  • This topic is locked This topic is locked
3 replies to this topic

#1 burningbush

burningbush

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 09 October 2011 - 12:08 PM

I followed, to the letter, the instructions at www.bleepingcomputer.com/virus-removal/remove-av-guard-online .

MBAM found a ton of malware and removed it, but after reboot, AV Guard was still taking over with aggressive popups.

So, I'm hoping you can assist me. If anyone can, it's you!

1. I'm having to run things like MBAM and GMER in Safe Mode, since AV Guard aggressively takes over in normal mode.
2. When I ran GMER, the only options available were Services, Registry, and Files; all others were greyed out and unchecked. Is this because I'm in Safe Mode?
3. In addition to the Attach and Ark files, I'm also attaching the MBAM log that was created prior to running DDS and GMER.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by user at 2:05:29 on 2011-10-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2891 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.huffingtonpost.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59010
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [rEAnOwDTDeg] C:\ProgramData\rEAnOwDTDeg.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ociDn4Hs7EgZhXe8234A] C:\Users\user\AppData\Roaming\jS2ibD3pn4Q6W7E\iJf8ZYwUlBPc1vo.exe
uRun: [ni2Fms7KR9XUlBP8234A] C:\Users\user\AppData\Roaming\jS2ibD3pn4Q6W7E\bJf8ZYkrBPci3Fs.exe
uRun: [dUVrlOBtxc1voFm8234A] C:\Users\user\AppData\Roaming\r3GQd7R9T\xltPu13naHW7Lgq.exe
uRun: [GxS3aW8hUByioH78234A] C:\Users\user\AppData\Roaming\QRhXUeIzyAv\rRTezAomJ8hUByu.exe
uRun: [GiWYznEUyp8Cxmf8234A] C:\Users\user\AppData\Roaming\m7LRhwVOzyAvo4H\FjeBPxu2Fma6KRh.exe
uRun: [VJ8hUtcD47gY8234A] C:\Users\user\AppData\Roaming\amEhPDGEXr\am8qN2G7XVuGfqw.exe
uRun: [lbXDjEnOd8234A] C:\Users\user\AppData\Roaming\XsYxoJwcp8e1GRe\QafUzup6qV0aTr1.exe
uRun: [YsQJ7dEK89YjeBP8234A] C:\Users\user\AppData\Roaming\ED4WLqIOP1\FJgYrtS3Fa5J.exe
uRun: [vH5sWJ7dEBpV2fN8234A] C:\Users\user\AppData\Roaming\JEZCVxDWhx3WZOv\jDdeSKrFLO3gPHk.exe
uRun: [ai0XEpuzXH8234A] C:\Users\user\AppData\Roaming\wNLoVK2CGuXDjDY\WXGzKvC6iVYQ2zU.exe
uRun: [h6GygnxT48234A] C:\Users\user\AppData\Roaming\wBPIqs3DPX\kSzj7oOgmyX6crL.exe
uRun: [dxqKbOZ5A8234A] C:\Users\user\AppData\Roaming\EeT8GSNtUZ6pi\mpAYQSkgmy.exe
uRun: [q0h4cXfprEnx8234A] C:\Users\user\AppData\Roaming\jS1v2o0rTsHDt\XUd2Vf4xhH1yqQx.exe
uRun: [G9nxC5AUdokKc8234A] C:\Users\user\AppData\Roaming\KRaSzj7oOgmyX6c\NWAVR62C61wJyjJ.exe
uRun: [GkKntgFtZFzqQxg8234A] C:\Users\user\AppData\Roaming\GdDlTaPRpB\vIJDe8pyUKDuk7A.exe
uRun: [nCduqGBR2VQy9FI8234A] C:\Users\user\AppData\Roaming\UGPR3zLDBRmcw8F\i7AYQbBRaPqm0Ym.exe
uRun: [QVrlONtxPULHbuI8234A] C:\Users\user\AppData\Roaming\Ujdcj7n0UKGuOIT\g1twf5SVYg7Gb0z.exe
uRun: [LO14W9YrP1n6EqU8234A] C:\Users\user\AppData\Roaming\dZAENdyKOaIGwDq\zswNpfe1GLI03dT.exe
uRun: [lcS1ivD3oH7LRhw8234A] C:\Users\user\AppData\Roaming\a3aKgCrtA2D6KEg\PCIltPciDo4HWL.exe
uRun: [SamH5sWJ7LRhw8234A] C:\Users\user\AppData\Roaming\a3aKgCrtA2D6KEg\PCIltPciDo4HWL.exe
uRun: [L7dEL8gRZhwVOt08234A] C:\Users\user\AppData\Roaming\a3aKgCrtA2D6KEg\PCIltPciDo4HWL.exe
uRun: [X0v4WLRZhwVOt0c8234A] C:\Users\user\AppData\Roaming\a3aKgCrtA2D6KEg\PCIltPciDo4HWL.exe
uRun: [y4aQH6sWKbt8FeQ8234A] C:\Users\user\AppData\Roaming\rO962rR6Sr8otf2\P93rEHcYsyRFrf.exe
uRun: [k6sWK7fEL30RmId8234A] C:\Users\user\AppData\Roaming\rO962rR6Sr8otf2\P93rEHcYsyRFrf.exe
uRun: [YXYkrAiGKgCrxS38234A] C:\Users\user\AppData\Roaming\S5Jd89XUlrNSm5J\UKLhqCryuSb3Ga6.exe
uRun: [biJU1EUvElv6jA58234A] C:\Users\user\AppData\Roaming\Rz4Z1JOFhAEI4Y\a8Iv6juWe2.exe
uRun: [o2obF3pmGLIvn7j8234A] C:\Users\user\AppData\Roaming\IGLr26qtp7C0\o7Ucm8ky4KV1Gfe.exe
uRun: [WvD2onF4pHQd8234A] C:\Users\user\AppData\Roaming\GSQhziQLet\WECNimLCtvmEYeP.exe
uRun: [FxA0uvS2iFna8234A] C:\Users\user\AppData\Roaming\KvoFpQ8TIv23maJ\vdWRL9hTXjCkB.exe
uRun: [fk0bGdRubG6fZCV8234A] C:\Users\user\AppData\Roaming\zYcWVoRyQU3huWz\I3T0skFh1Kyp.exe
uRun: [GubG6fZCVPciGaH8234A] C:\Users\user\AppData\Roaming\GQCFL0slGh\nJepwvKNpLk0bGd.exe
uRun: [kZqYCwUrBPySiDn8234A] C:\Users\user\AppData\Roaming\WI3T0skFh1KypWk\zbGdRubG6fZCV.exe
uRun: [jBPyS1ivDna5J8234A] C:\Users\user\AppData\Roaming\Ic6zFJqyS\uubG6fZCVPci.exe
uRun: [cjINvKhCr8234A] C:\Users\user\AppData\Roaming\fqhYCwVrBPc1v3F\SgZhwUltNc.exe
uRun: [SQ6KZjINvKhCrAi8234A] C:\Users\user\AppData\Roaming\pCwVrBPcS\ziv3FamJE8RhwVt.exe
uRun: [dINvKhCrAind8234A] C:\Users\user\AppData\Roaming\nwVrBPcS1\Ov3FamJELRhwVtc.exe
uRun: [KBHgUzDHZI8234A] C:\Users\user\AppData\Roaming\tVrBPyS1iD\jcmKTrAo5dRrvnd.exe
uRun: [Qt0cv3Fms7LRhXU8234A] C:\Users\user\AppData\Roaming\rkrNAc2DnaW7LTq\WIltP1Dn4HWf8ZY.exe
uRun: [k5Jd8RhwUltNcu28234A] C:\Users\user\AppData\Roaming\Bv3Fms7LRhXUlt1\fFmsd8RqXUltPci.exe
uRun: [f2Dna6KE9Z8234A] C:\Users\user\AppData\Roaming\rUtAomJ8X\OrAoGdLk03.exe
uRun: [TgRZqhYXwUeOtPy8234A] C:\Users\user\AppData\Roaming\vrOt1Do4HWf8Z\OkrBPcvo4HJE8Zh.exe
uRun: [CIVrzONtx0c8234A] C:\Users\user\AppData\Roaming\aZqhYXwkUeOt0c1\hbF4pG5sQ6E8R9T.exe
uRun: [LL8gTZqhYwU8234A] C:\Users\user\AppData\Roaming\QqhYXwkUVlBz0c1\YF4pmG5sQ6E8R9T.exe
uRun: [gfEL9gTZqYw8234A] C:\Users\user\AppData\Roaming\HXqjUCekIrOyAuS\GkVrzOtAciDpGaH.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DS1ivD3on4m5W78234A] C:\windows\system32\jgTZqhYCwUrOtPy.exe
mRun: [sTZqjYCwkVlNx0c8234A] C:\windows\system32\wpnG4aQH6W7E9.exe
mRun: [BF4pmH5sQ78234A] C:\windows\system32\oVelOBtzPyAiDo.exe
mRun: [YEL8gTZqhCkVlBx8234A] C:\windows\system32\aucS1ibD3n4m6W7.exe
mRun: [TwjUCelIB8234A] C:\windows\system32\zG5sQJ6dE8R9T.exe
mRun: [AwkUVrlOBx0c8234A] C:\windows\system32\hG4amH6sW7E8TqY.exe
mRun: [zzONyxA0uSiFpGa8234A] C:\windows\system32\V6dWK8fRLhXjCkB.exe
mRun: [TOBtzP0yc1v2n4m8234A] C:\windows\system32\osWJ7dEL8RqYwUe.exe
mRun: [ZekIBrzONx0v2b38234A] C:\windows\system32\bG5aQJ6dW8R9TqU.exe
mRun: [VRZqhYXwkVlBz0c8234A] C:\windows\system32\NamH5sWJ7E8.exe
mRun: [kdWK7fRL9TqYeIr8234A] C:\windows\system32\BbF3pnG5aH.exe
mRun: [KJ7dEK8gR9YwUeI8234A] C:\windows\system32\czP0ycA1iDoFpHs.exe
mRun: [NK7fRL9gTqYeIrO8234A] C:\windows\system32\GvS2ibF3pGaHd.exe
mRun: [SgRZ9hYXwUeIt8234A] C:\windows\system32\h1ivD2onFpHsJdK.exe
mRun: [E9gTZqjYCkVlNx08234A] C:\windows\system32\uS2ibD3pn4Q6W7E.exe
mRun: [b8fRZ9hTXjClBzN8234A] C:\windows\system32\tpmG5sQJ6E.exe
mRun: [ujYCwkIVr8234A] C:\windows\system32\X4aQH6sWKfLgZ.exe
mRun: [jTXwjUCelB8234A] C:\windows\system32\QF4pmG5sQ6E8R9.exe
mRun: [TlOBtxP0ySiDoFa8234A] C:\windows\system32\p6sWJ7fELgZhCkV.exe
mRun: [q3pnG5aQHdKfLgX8234A] C:\windows\system32\TUCekIBrzNx0v2b.exe
mRun: [QL8gRZqhYwU8234A] C:\windows\system32\P1ivD3onFaHsJd.exe
mRun: [UjYCwkIVrOtPuS8234A] C:\windows\system32\a3pnG4aQHsKfLgZ.exe
mRun: [nQH6dWK7fLgXjCk8234A] C:\windows\system32\erzONyxA0v2b3n5.exe
mRun: [yPNyxA1uv2b3m58234A] C:\windows\system32\OdEK8fRZ9TwUeIr.exe
mRun: [kgRZqhYXwUeOtP8234A] C:\windows\system32\X1ivD3onFaHsJdL.exe
mRun: [QxP0ucS1iDoGaHs8234A] C:\windows\system32\j9gTZqjYCkVlN.exe
mRun: [fA0ucS2ib3n4Q6W8234A] C:\windows\system32\gjYCekIVrOt.exe
mRun: [N0uvS2ibFpGaHd8234A] C:\windows\system32\RRL9hTXqjCkBzNx.exe
mRun: [PXwjUCelIrP8234A] C:\windows\system32\RF4pG5sQJdKfZh.exe
mRun: [EobF4pmG5Q6E8R98234A] C:\windows\system32\uXwjUVelItPyAuD.exe
mRun: [ntzPNycA1v2b4m58234A] C:\windows\system32\vsJ7dEK8gZhXjVl.exe
mRun: [tZqhYXwkUeOz0c18234A] C:\windows\system32\vc1ivD34aHsJdLg.exe
mRun: [L3onF4amHsJ8234A] C:\windows\system32\ewkUVrlOBx0c1v.exe
mRun: [PP0ycS1ivoF8234A] C:\windows\system32\gfEL8gTZqYUrOt.exe
mRun: [k6sWK7fELgZjCkV8234A] C:\windows\system32\XONtxA0uc2b3n4Q.exe
mRun: [SVrlONtxPuSiDoG8234A] C:\windows\system32\qaQH6sK7fLgZjCk.exe
mRun: [jA0ucS2ib3n4Q6W8234A] C:\windows\system32\kjYCekIVrOt.exe
mRun: [BS2ibF3pn5Q6W7R8234A] C:\windows\system32\EhTXqjUCeIrOyAu.exe
mRun: [gelIBrzPNx1v2b8234A] C:\windows\system32\KG5sQJ6dE8R9TwU.exe
mRun: [jIBtzPNyc18234A] C:\windows\system32\QJ7dEK8gR9YwUe.exe
mRun: [WUVelOBtz0c1v2n8234A] C:\windows\system32\uamH5sWJ7E8RqYw.exe
mRun: [QwkUVrlOBx0c1v38234A] C:\windows\system32\jH6sWJ7fE8TqY.exe
mRun: [HCwkUVrlOtPySi8234A] C:\windows\system32\znG4amH6sJfLgZh.exe
mRun: [EgTZqhYCwUrOtPy8234A] C:\windows\system32\JS1ibD3on4m6WfL.exe
mRun: [exP0ucS1iDoGaHs8234A] C:\windows\system32\Y7fEL9gTZjCkVlN.exe
mRun: [mIVrlONtx0SiDoG8234A] C:\windows\system32\QfEL9gTZqYw.exe
mRun: [oCwkIVlONx0c1Do8234A] C:\windows\system32\BQH6sWK7fLgZj.exe
mRun: [OIVrlONtx0c1b3n8234A] C:\windows\system32\daQH6sWK7E9TqYw.exe
mRun: [RqjYCwkIVlNx0c8234A] C:\windows\system32\iD3pnG4aQ6W7E9T.exe
mRun: [UD3onF4am5W7E8R8234A] C:\windows\system32\TZqhYCwkUrOtPSi.exe
mRun: [ZJ7fEL8gTqYwUrO8234A] C:\windows\system32\nxP0ucS1iDoGaHs.exe
mRun: [g3onF4amHsJdLg8234A] C:\windows\system32\KYCwkUVrlBx0c1v.exe
mRun: [ED3onF4am5W7E8R8234A] C:\windows\system32\XgTZqhYCwUrOtSi.exe
mRun: [JaQH6sWK7E9TqYw8234A] C:\windows\system32\xVrzONtxAuSiDpG.exe
mRun: [ecS2ibD3pGaHsKf8234A] C:\windows\system32\U9gTXqjYCkVzNx0.exe
mRun: [mONtxA0uc2b3n4Q8234A] C:\windows\system32\tdWK7fRL9TqYeIr.exe
mRun: [VCekIBrzOyAuSiF8234A] C:\windows\system32\l6dWK8fRLhXj.exe
mRun: [bIBrzONyx0v2b38234A] C:\windows\system32\waQJ6dWK8R9TqUe.exe
mRun: [TTXqjUCekBzNx0v8234A] C:\windows\system32\pobF3pmG5Q6W8R9.exe
mRun: [uZ9hTXwjU8234A] C:\windows\system32\XbF4pmG5sJdKf.exe
mRun: [p5sWJ7dELgZh8234A] C:\windows\system32\FOBtxP0yc1v3n4m.exe
mRun: [nonG4amH6W7E8Tq8234A] C:\windows\system32\rCwkIVrlOtPuSiD.exe
mRun: [iaQH6sWK7E9TqYw8234A] C:\windows\system32\AVrzONtxAuSiDpG.exe
mRun: [HdWK8fRL9TqUeI8234A] C:\windows\system32\zNyxA1uvSoFpGaJ.exe
mRun: [gIBtzPNyc1v2b4m8234A] C:\windows\system32\tdEK8gRZ9YwUe.exe
mRun: [tamH5sWJ7E8RqYw8234A] C:\windows\system32\IVrlOBtxPySiDoF.exe
mRun: [owkIVrlONx0c1b8234A] C:\windows\system32\DG4aQH6sW7E9TqY.exe
mRun: [AZ9hTXwjU8234A] C:\windows\system32\mbF4pmG5sJdKf.exe
mRun: [CsWJ7dEL8RqYwUe8234A] C:\windows\system32\NBtxP0ycSiDoFaH.exe
mRun: [mgTXqjYCeI8234A] C:\windows\system32\PbF3pnG5aHdKfL.exe
mRun: [ARZ9hYXwjVlB8234A] C:\windows\system32\hivD2onF4m5Q7E8.exe
mRun: [QONtxA0uc2b3n4Q8234A] C:\windows\system32\jfRL9gTXqYeIr.exe
mRun: [jF4pmG5sQ6E8R9T8234A] C:\windows\system32\ZjUVelIBtPyAuDo.exe
mRun: [fYCwkUVrlBx0c1v8234A] C:\windows\system32\JonG4amH6W7E8Tq.exe
mRun: [kaQH6dWK7R9TqYe8234A] C:\windows\system32\iNyxA0uvSiFpG.exe
mRun: [RD2onF4pm5Q7E8R8234A] C:\windows\system32\ihYXwkUVeOtPyAi.exe
mRun: [vjYCwkIVrOtPuSi8234A] C:\windows\system32\b6sWK7fELgZ.exe
mRun: [xBrzPNyxAuS8234A] C:\windows\system32\R6dEK8fRZhXjCl.exe
mRun: [lcS1ivD3oFaHsJd8234A] C:\windows\system32\C8gTZqhYCkVlBx0.exe
mRun: [hfRL9hTXqUeIrOy8234A] C:\windows\system32\Z1uvS2obFpGaJdK.exe
mRun: [fXwkUVelOt8234A] C:\windows\system32\b4amH5sWJdLgZh.exe
mRun: [CrzONtxA0c2b3n48234A] C:\windows\system32\mH6dWK7fR9TqYeI.exe
mRun: [I4pmG5sQJdKfZhX8234A] C:\windows\system32\sUVelIBtzNc1v2b.exe
mRun: [akIVrlONtPuSiDo8234A] C:\windows\system32\F4aQH6sWKfLgZjC.exe
mRun: [drzPNyxA1v2b3m58234A] C:\windows\system32\IfRZ9hTXwUeI.exe
mRun: [WUVrlOBtx0c1v3n8234A] C:\windows\system32\VJ7fEL8gTqYw.exe
mRun: [hL9hTXqjUeIrOyA8234A] C:\windows\system32\kmG5aQJ6dKf.exe
mRun: [YfEL8gTZqYwUrOt8234A] C:\windows\system32\U3onG4amHsJ.exe
mRun: [XJ6dWK8fR9TqUeI8234A] C:\windows\system32\CvS2obF3pGa.exe
mRun: [KWK7fRL9gX8234A] C:\windows\system32\eA0uvS2ib3n5Q6.exe
mRun: [C4pmH5sQJdKgZhX8234A] C:\windows\system32\SOBtzP0yc1v2n.exe
mRun: [OQH6dWK7fLgXj8234A] C:\windows\system32\drzONyxA0v2b3n5.exe
mRun: [p5sQJ7dEKgZhXjV8234A] C:\windows\system32\FOBtzP0yc1v2n4m.exe
mRun: [t4aQH6sWKfLgZjC8234A] C:\windows\system32\OIVrzONtx0c2b3n.exe
mRun: [BfRZ9hTXwU8234A] C:\windows\system32\ovD2obF4pGsJdK.exe
mRun: [VCwkIVrlOtPuSiD8234A] C:\windows\system32\QnG4aQH6sKfLgZj.exe
mRun: [D1uvS2obFpGaJd8234A] C:\windows\system32\jRZ9hTXwjClBzNx.exe
mRun: [RBtzP0ycAiDoFpH8234A] C:\windows\system32\zEL8gRZqhXkVl.exe
mRun: [bG4amH6sW7E8TqY8234A] C:\windows\system32\t0ucS1ibDo.exe
mRun: [KCekIBrzOyAuS8234A] C:\windows\system32\vmG5aQJ6dKfLhXj.exe
mRun: [GsQJ6dEK8R9Tw8234A] C:\windows\system32\lBtzPNycAuDoFpG.exe
mRun: [R9hYXwjUVlBzNc8234A] C:\windows\system32\oD2onF4pm5Q7E8R.exe
mRun: [DD3onF4am5W7E8R8234A] C:\windows\system32\EkUVrlOBtPySi.exe
mRun: [hZqhYCwkUrOtPyS8234A] C:\windows\system32\ZbD3onG4aHsJfLg.exe
mRun: [W6sWJ7fELgZhCkV8234A] C:\windows\system32\yONtxP0uc1b3n4m.exe
mRun: [CxP0ycS1iDoFaHs8234A] C:\windows\system32\m7fEL8gTZhCkVlB.exe
mRun: [DOBtzP0yc1v2n4m8234A] C:\windows\system32\zZqhYXwkUe.exe
mRun: [rsQJ7dEK8R9YwUe8234A] C:\windows\system32\wlOBtzP0yAiDFpH.exe
mRun: [b0ycA1ivDoFpHsJ8234A] C:\windows\system32\twkUVelOBz.exe
mRun: [omH6sWJ7fLgZhCk8234A] C:\windows\system32\DrlONtxP0c1b3n4.exe
mRun: [YxP0yS1D3n4m5W78234A] C:\windows\system32\p7fEL8gTZhCkVlB.exe
mRun: [EH5sWJ7dE8RqYwU8234A] C:\windows\system32\ulOBtxP0ySiDoFa.exe
mRun: [C1ivD2onFps8234A] C:\windows\system32\HZqYXwkUVlBz0c.exe
mRun: [xfRL9gTXqYeIzNx8234A] C:\windows\system32\OA0uS2ibFpGaHdK.exe
mRun: [N4mH6sWJ7E8TqYw8234A] C:\windows\system32\HgTZqjYCwIPu1b3.exe
mRun: [SxA0uvS2ipGaHdK8234A] C:\windows\system32\xdWK8RL9hqUeIrO.exe
mRun: [aF4pmH5sQ7E8ZhX8234A] C:\windows\system32\GkUVelOBtPyAiDo.exe
mRun: [fA0uvS2ib3n5Q6W8234A] C:\windows\system32\YdWK8fRL9TqUeIr.exe
mRun: [YhYCwkUVrOtPySi8234A] C:\windows\system32\uG4amH6sW7E8.exe
mRun: [DgRZ9hYXwUeItPy8234A] C:\windows\system32\zmH5sQJ7dK.exe
mRun: [RpnG4aQH6W7E9Tq8234A] C:\windows\system32\iCekIVrzOtAuSiD.exe
mRun: [bD2onF4pmJdKgZh8234A] C:\windows\system32\fkUVelOBtPyAi.exe
mRun: [eycA1uvD2b4m5Q68234A] C:\windows\system32\b9YXjUVelBz.exe
mRun: [r6dWK7fRLgXjCkV8234A] C:\windows\system32\UONyxA0uv2b3n5Q.exe
mRun: [ImH5sWJ7dLgZhXk8234A] C:\windows\system32\drlOBtxP0c1v3n4.exe
mRun: [iYXwkUVelBz0c1v8234A] C:\windows\system32\AonF4amH5W7E8Rq.exe
mRun: [gEL8gRZqhXkVlBz8234A] C:\windows\system32\GUVrlOBtxySi4m7.exe
mRun: [YlOBtzP0yAiDoFp8234A] C:\windows\system32\p5sWJ7dELgZhXkV.exe
mRun: [PgRZ9hYXwUe8234A] C:\windows\system32\LvD2onF4pHsJdK.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D585C244-4939-4EB1-A86E-24A5EF34B85D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D585C244-4939-4EB1-A86E-24A5EF34B85D}\45962702E41602E4F676 : DhcpNameServer = 192.168.1.1 68.87.69.150 68.87.85.102
TCP: Interfaces\{FE01BEA6-A777-47E6-BE95-7C6A56BF44C8} : DhcpNameServer = 10.0.0.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DS1ivD3on4m5W78234A] C:\windows\system32\jgTZqhYCwUrOtPy.exe
mRun-x64: [sTZqjYCwkVlNx0c8234A] C:\windows\system32\wpnG4aQH6W7E9.exe
mRun-x64: [BF4pmH5sQ78234A] C:\windows\system32\oVelOBtzPyAiDo.exe
mRun-x64: [YEL8gTZqhCkVlBx8234A] C:\windows\system32\aucS1ibD3n4m6W7.exe
mRun-x64: [TwjUCelIB8234A] C:\windows\system32\zG5sQJ6dE8R9T.exe
mRun-x64: [AwkUVrlOBx0c8234A] C:\windows\system32\hG4amH6sW7E8TqY.exe
mRun-x64: [zzONyxA0uSiFpGa8234A] C:\windows\system32\V6dWK8fRLhXjCkB.exe
mRun-x64: [TOBtzP0yc1v2n4m8234A] C:\windows\system32\osWJ7dEL8RqYwUe.exe
mRun-x64: [ZekIBrzONx0v2b38234A] C:\windows\system32\bG5aQJ6dW8R9TqU.exe
mRun-x64: [VRZqhYXwkVlBz0c8234A] C:\windows\system32\NamH5sWJ7E8.exe
mRun-x64: [kdWK7fRL9TqYeIr8234A] C:\windows\system32\BbF3pnG5aH.exe
mRun-x64: [KJ7dEK8gR9YwUeI8234A] C:\windows\system32\czP0ycA1iDoFpHs.exe
mRun-x64: [NK7fRL9gTqYeIrO8234A] C:\windows\system32\GvS2ibF3pGaHd.exe
mRun-x64: [SgRZ9hYXwUeIt8234A] C:\windows\system32\h1ivD2onFpHsJdK.exe
mRun-x64: [E9gTZqjYCkVlNx08234A] C:\windows\system32\uS2ibD3pn4Q6W7E.exe
mRun-x64: [b8fRZ9hTXjClBzN8234A] C:\windows\system32\tpmG5sQJ6E.exe
mRun-x64: [ujYCwkIVr8234A] C:\windows\system32\X4aQH6sWKfLgZ.exe
mRun-x64: [jTXwjUCelB8234A] C:\windows\system32\QF4pmG5sQ6E8R9.exe
mRun-x64: [TlOBtxP0ySiDoFa8234A] C:\windows\system32\p6sWJ7fELgZhCkV.exe
mRun-x64: [q3pnG5aQHdKfLgX8234A] C:\windows\system32\TUCekIBrzNx0v2b.exe
mRun-x64: [QL8gRZqhYwU8234A] C:\windows\system32\P1ivD3onFaHsJd.exe
mRun-x64: [UjYCwkIVrOtPuS8234A] C:\windows\system32\a3pnG4aQHsKfLgZ.exe
mRun-x64: [nQH6dWK7fLgXjCk8234A] C:\windows\system32\erzONyxA0v2b3n5.exe
mRun-x64: [yPNyxA1uv2b3m58234A] C:\windows\system32\OdEK8fRZ9TwUeIr.exe
mRun-x64: [kgRZqhYXwUeOtP8234A] C:\windows\system32\X1ivD3onFaHsJdL.exe
mRun-x64: [QxP0ucS1iDoGaHs8234A] C:\windows\system32\j9gTZqjYCkVlN.exe
mRun-x64: [fA0ucS2ib3n4Q6W8234A] C:\windows\system32\gjYCekIVrOt.exe
mRun-x64: [N0uvS2ibFpGaHd8234A] C:\windows\system32\RRL9hTXqjCkBzNx.exe
mRun-x64: [PXwjUCelIrP8234A] C:\windows\system32\RF4pG5sQJdKfZh.exe
mRun-x64: [EobF4pmG5Q6E8R98234A] C:\windows\system32\uXwjUVelItPyAuD.exe
mRun-x64: [ntzPNycA1v2b4m58234A] C:\windows\system32\vsJ7dEK8gZhXjVl.exe
mRun-x64: [tZqhYXwkUeOz0c18234A] C:\windows\system32\vc1ivD34aHsJdLg.exe
mRun-x64: [L3onF4amHsJ8234A] C:\windows\system32\ewkUVrlOBx0c1v.exe
mRun-x64: [PP0ycS1ivoF8234A] C:\windows\system32\gfEL8gTZqYUrOt.exe
mRun-x64: [k6sWK7fELgZjCkV8234A] C:\windows\system32\XONtxA0uc2b3n4Q.exe
mRun-x64: [SVrlONtxPuSiDoG8234A] C:\windows\system32\qaQH6sK7fLgZjCk.exe
mRun-x64: [jA0ucS2ib3n4Q6W8234A] C:\windows\system32\kjYCekIVrOt.exe
mRun-x64: [BS2ibF3pn5Q6W7R8234A] C:\windows\system32\EhTXqjUCeIrOyAu.exe
mRun-x64: [gelIBrzPNx1v2b8234A] C:\windows\system32\KG5sQJ6dE8R9TwU.exe
mRun-x64: [jIBtzPNyc18234A] C:\windows\system32\QJ7dEK8gR9YwUe.exe
mRun-x64: [WUVelOBtz0c1v2n8234A] C:\windows\system32\uamH5sWJ7E8RqYw.exe
mRun-x64: [QwkUVrlOBx0c1v38234A] C:\windows\system32\jH6sWJ7fE8TqY.exe
mRun-x64: [HCwkUVrlOtPySi8234A] C:\windows\system32\znG4amH6sJfLgZh.exe
mRun-x64: [EgTZqhYCwUrOtPy8234A] C:\windows\system32\JS1ibD3on4m6WfL.exe
mRun-x64: [exP0ucS1iDoGaHs8234A] C:\windows\system32\Y7fEL9gTZjCkVlN.exe
mRun-x64: [mIVrlONtx0SiDoG8234A] C:\windows\system32\QfEL9gTZqYw.exe
mRun-x64: [oCwkIVlONx0c1Do8234A] C:\windows\system32\BQH6sWK7fLgZj.exe
mRun-x64: [OIVrlONtx0c1b3n8234A] C:\windows\system32\daQH6sWK7E9TqYw.exe
mRun-x64: [RqjYCwkIVlNx0c8234A] C:\windows\system32\iD3pnG4aQ6W7E9T.exe
mRun-x64: [UD3onF4am5W7E8R8234A] C:\windows\system32\TZqhYCwkUrOtPSi.exe
mRun-x64: [ZJ7fEL8gTqYwUrO8234A] C:\windows\system32\nxP0ucS1iDoGaHs.exe
mRun-x64: [g3onF4amHsJdLg8234A] C:\windows\system32\KYCwkUVrlBx0c1v.exe
mRun-x64: [ED3onF4am5W7E8R8234A] C:\windows\system32\XgTZqhYCwUrOtSi.exe
mRun-x64: [JaQH6sWK7E9TqYw8234A] C:\windows\system32\xVrzONtxAuSiDpG.exe
mRun-x64: [ecS2ibD3pGaHsKf8234A] C:\windows\system32\U9gTXqjYCkVzNx0.exe
mRun-x64: [mONtxA0uc2b3n4Q8234A] C:\windows\system32\tdWK7fRL9TqYeIr.exe
mRun-x64: [VCekIBrzOyAuSiF8234A] C:\windows\system32\l6dWK8fRLhXj.exe
mRun-x64: [bIBrzONyx0v2b38234A] C:\windows\system32\waQJ6dWK8R9TqUe.exe
mRun-x64: [TTXqjUCekBzNx0v8234A] C:\windows\system32\pobF3pmG5Q6W8R9.exe
mRun-x64: [uZ9hTXwjU8234A] C:\windows\system32\XbF4pmG5sJdKf.exe
mRun-x64: [p5sWJ7dELgZh8234A] C:\windows\system32\FOBtxP0yc1v3n4m.exe
mRun-x64: [nonG4amH6W7E8Tq8234A] C:\windows\system32\rCwkIVrlOtPuSiD.exe
mRun-x64: [iaQH6sWK7E9TqYw8234A] C:\windows\system32\AVrzONtxAuSiDpG.exe
mRun-x64: [HdWK8fRL9TqUeI8234A] C:\windows\system32\zNyxA1uvSoFpGaJ.exe
mRun-x64: [gIBtzPNyc1v2b4m8234A] C:\windows\system32\tdEK8gRZ9YwUe.exe
mRun-x64: [tamH5sWJ7E8RqYw8234A] C:\windows\system32\IVrlOBtxPySiDoF.exe
mRun-x64: [owkIVrlONx0c1b8234A] C:\windows\system32\DG4aQH6sW7E9TqY.exe
mRun-x64: [AZ9hTXwjU8234A] C:\windows\system32\mbF4pmG5sJdKf.exe
mRun-x64: [CsWJ7dEL8RqYwUe8234A] C:\windows\system32\NBtxP0ycSiDoFaH.exe
mRun-x64: [mgTXqjYCeI8234A] C:\windows\system32\PbF3pnG5aHdKfL.exe
mRun-x64: [ARZ9hYXwjVlB8234A] C:\windows\system32\hivD2onF4m5Q7E8.exe
mRun-x64: [QONtxA0uc2b3n4Q8234A] C:\windows\system32\jfRL9gTXqYeIr.exe
mRun-x64: [jF4pmG5sQ6E8R9T8234A] C:\windows\system32\ZjUVelIBtPyAuDo.exe
mRun-x64: [fYCwkUVrlBx0c1v8234A] C:\windows\system32\JonG4amH6W7E8Tq.exe
mRun-x64: [kaQH6dWK7R9TqYe8234A] C:\windows\system32\iNyxA0uvSiFpG.exe
mRun-x64: [RD2onF4pm5Q7E8R8234A] C:\windows\system32\ihYXwkUVeOtPyAi.exe
mRun-x64: [vjYCwkIVrOtPuSi8234A] C:\windows\system32\b6sWK7fELgZ.exe
mRun-x64: [xBrzPNyxAuS8234A] C:\windows\system32\R6dEK8fRZhXjCl.exe
mRun-x64: [lcS1ivD3oFaHsJd8234A] C:\windows\system32\C8gTZqhYCkVlBx0.exe
mRun-x64: [hfRL9hTXqUeIrOy8234A] C:\windows\system32\Z1uvS2obFpGaJdK.exe
mRun-x64: [fXwkUVelOt8234A] C:\windows\system32\b4amH5sWJdLgZh.exe
mRun-x64: [CrzONtxA0c2b3n48234A] C:\windows\system32\mH6dWK7fR9TqYeI.exe
mRun-x64: [I4pmG5sQJdKfZhX8234A] C:\windows\system32\sUVelIBtzNc1v2b.exe
mRun-x64: [akIVrlONtPuSiDo8234A] C:\windows\system32\F4aQH6sWKfLgZjC.exe
mRun-x64: [drzPNyxA1v2b3m58234A] C:\windows\system32\IfRZ9hTXwUeI.exe
mRun-x64: [WUVrlOBtx0c1v3n8234A] C:\windows\system32\VJ7fEL8gTqYw.exe
mRun-x64: [hL9hTXqjUeIrOyA8234A] C:\windows\system32\kmG5aQJ6dKf.exe
mRun-x64: [YfEL8gTZqYwUrOt8234A] C:\windows\system32\U3onG4amHsJ.exe
mRun-x64: [XJ6dWK8fR9TqUeI8234A] C:\windows\system32\CvS2obF3pGa.exe
mRun-x64: [KWK7fRL9gX8234A] C:\windows\system32\eA0uvS2ib3n5Q6.exe
mRun-x64: [C4pmH5sQJdKgZhX8234A] C:\windows\system32\SOBtzP0yc1v2n.exe
mRun-x64: [OQH6dWK7fLgXj8234A] C:\windows\system32\drzONyxA0v2b3n5.exe
mRun-x64: [p5sQJ7dEKgZhXjV8234A] C:\windows\system32\FOBtzP0yc1v2n4m.exe
mRun-x64: [t4aQH6sWKfLgZjC8234A] C:\windows\system32\OIVrzONtx0c2b3n.exe
mRun-x64: [BfRZ9hTXwU8234A] C:\windows\system32\ovD2obF4pGsJdK.exe
mRun-x64: [VCwkIVrlOtPuSiD8234A] C:\windows\system32\QnG4aQH6sKfLgZj.exe
mRun-x64: [D1uvS2obFpGaJd8234A] C:\windows\system32\jRZ9hTXwjClBzNx.exe
mRun-x64: [RBtzP0ycAiDoFpH8234A] C:\windows\system32\zEL8gRZqhXkVl.exe
mRun-x64: [bG4amH6sW7E8TqY8234A] C:\windows\system32\t0ucS1ibDo.exe
mRun-x64: [KCekIBrzOyAuS8234A] C:\windows\system32\vmG5aQJ6dKfLhXj.exe
mRun-x64: [GsQJ6dEK8R9Tw8234A] C:\windows\system32\lBtzPNycAuDoFpG.exe
mRun-x64: [R9hYXwjUVlBzNc8234A] C:\windows\system32\oD2onF4pm5Q7E8R.exe
mRun-x64: [DD3onF4am5W7E8R8234A] C:\windows\system32\EkUVrlOBtPySi.exe
mRun-x64: [hZqhYCwkUrOtPyS8234A] C:\windows\system32\ZbD3onG4aHsJfLg.exe
mRun-x64: [W6sWJ7fELgZhCkV8234A] C:\windows\system32\yONtxP0uc1b3n4m.exe
mRun-x64: [CxP0ycS1iDoFaHs8234A] C:\windows\system32\m7fEL8gTZhCkVlB.exe
mRun-x64: [DOBtzP0yc1v2n4m8234A] C:\windows\system32\zZqhYXwkUe.exe
mRun-x64: [rsQJ7dEK8R9YwUe8234A] C:\windows\system32\wlOBtzP0yAiDFpH.exe
mRun-x64: [b0ycA1ivDoFpHsJ8234A] C:\windows\system32\twkUVelOBz.exe
mRun-x64: [omH6sWJ7fLgZhCk8234A] C:\windows\system32\DrlONtxP0c1b3n4.exe
mRun-x64: [YxP0yS1D3n4m5W78234A] C:\windows\system32\p7fEL8gTZhCkVlB.exe
mRun-x64: [EH5sWJ7dE8RqYwU8234A] C:\windows\system32\ulOBtxP0ySiDoFa.exe
mRun-x64: [C1ivD2onFps8234A] C:\windows\system32\HZqYXwkUVlBz0c.exe
mRun-x64: [xfRL9gTXqYeIzNx8234A] C:\windows\system32\OA0uS2ibFpGaHdK.exe
mRun-x64: [N4mH6sWJ7E8TqYw8234A] C:\windows\system32\HgTZqjYCwIPu1b3.exe
mRun-x64: [SxA0uvS2ipGaHdK8234A] C:\windows\system32\xdWK8RL9hqUeIrO.exe
mRun-x64: [aF4pmH5sQ7E8ZhX8234A] C:\windows\system32\GkUVelOBtPyAiDo.exe
mRun-x64: [fA0uvS2ib3n5Q6W8234A] C:\windows\system32\YdWK8fRL9TqUeIr.exe
mRun-x64: [YhYCwkUVrOtPySi8234A] C:\windows\system32\uG4amH6sW7E8.exe
mRun-x64: [DgRZ9hYXwUeItPy8234A] C:\windows\system32\zmH5sQJ7dK.exe
mRun-x64: [RpnG4aQH6W7E9Tq8234A] C:\windows\system32\iCekIVrzOtAuSiD.exe
mRun-x64: [bD2onF4pmJdKgZh8234A] C:\windows\system32\fkUVelOBtPyAi.exe
mRun-x64: [eycA1uvD2b4m5Q68234A] C:\windows\system32\b9YXjUVelBz.exe
mRun-x64: [r6dWK7fRLgXjCkV8234A] C:\windows\system32\UONyxA0uv2b3n5Q.exe
mRun-x64: [ImH5sWJ7dLgZhXk8234A] C:\windows\system32\drlOBtxP0c1v3n4.exe
mRun-x64: [iYXwkUVelBz0c1v8234A] C:\windows\system32\AonF4amH5W7E8Rq.exe
mRun-x64: [gEL8gRZqhXkVlBz8234A] C:\windows\system32\GUVrlOBtxySi4m7.exe
mRun-x64: [YlOBtzP0yAiDoFp8234A] C:\windows\system32\p5sWJ7dELgZhXkV.exe
mRun-x64: [PgRZ9hYXwUe8234A] C:\windows\system32\LvD2onF4pHsJdK.exe
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 UsbFltr;WayTech USB Filter Driver;C:\windows\system32\Drivers\UsbFltr.sys --> C:\windows\system32\Drivers\UsbFltr.sys [?]
S0 RapportKE64;RapportKE64;C:\windows\system32\Drivers\RapportKE64.sys --> C:\windows\system32\Drivers\RapportKE64.sys [?]
S1 RapportCerberus_29574;RapportCerberus_29574;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys [2011-8-3 386128]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-9-25 55056]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-9-25 61712]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 135664]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-4-20 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-09 08:39:20 -------- d-----w- C:\Users\user\AppData\Roaming\tpnG5aQH6W7R9Tq
2011-10-09 08:39:19 -------- d-----w- C:\Users\user\AppData\Roaming\ZCIrNxuSb
2011-10-09 08:39:04 -------- d-----w- C:\Users\user\AppData\Roaming\uF4pmH5sQ7E8R9Y
2011-10-09 08:39:03 -------- d-----w- C:\Users\user\AppData\Roaming\PxP0ycS1iDoFaHs
2011-10-09 08:37:58 -------- d-----w- C:\Users\user\AppData\Roaming\xmfevaqzvaRYzun
2011-10-09 08:37:54 -------- d-----w- C:\Users\user\AppData\Roaming\Z38e05LV2sqtnfw
2011-10-09 08:37:52 -------- d-----w- C:\Users\user\AppData\Roaming\jwAQwAG9Pp
2011-10-09 08:37:46 -------- d-----w- C:\Users\user\AppData\Roaming\tgCrxDHgecFJY
2011-10-09 08:37:39 -------- d-----w- C:\Users\user\AppData\Roaming\vQRUOS57jOSp6
2011-10-09 08:37:32 -------- d-----w- C:\Users\user\AppData\Roaming\ayJk3g0KOaYoqiR
2011-10-09 08:37:31 -------- d-----w- C:\Users\user\AppData\Roaming\NkD9OoLlDEl
2011-10-09 08:37:18 -------- d-----w- C:\Users\user\AppData\Roaming\jpI5enCGlJtJtQB
2011-10-09 08:37:03 -------- d-----w- C:\Users\user\AppData\Roaming\B9HozwEa3SOhJ41
2011-10-09 08:37:02 -------- d-----w- C:\Users\user\AppData\Roaming\hW3tZ5DPUR4m
2011-10-09 08:37:02 -------- d-----w- C:\Users\user\AppData\Roaming\BNjfaixX7FuNIZW
2011-10-09 08:36:57 -------- d-----w- C:\Users\user\AppData\Roaming\LDzVKKpbSOT
2011-10-09 08:36:55 -------- d-----w- C:\Users\user\AppData\Roaming\gNlCjjTd52cNjf
2011-10-09 08:36:42 -------- d-----w- C:\Users\user\AppData\Roaming\pFt9GxT5AwfF
2011-10-09 08:36:39 -------- d-----w- C:\Users\user\AppData\Roaming\rACdbtk8m1I9
2011-10-09 08:36:03 -------- d-----w- C:\Users\user\AppData\Roaming\OlF8l28IbXcfr
2011-10-09 08:36:01 -------- d-----w- C:\Users\user\AppData\Roaming\zrDde2EevdIphAH
2011-10-09 08:35:52 -------- d-----w- C:\Users\user\AppData\Roaming\kRIvQTzFKC05TAa
2011-10-09 08:35:51 -------- d-----w- C:\Users\user\AppData\Roaming\tlcbQRjrv5LIuQX
2011-10-09 08:35:43 -------- d-----w- C:\Users\user\AppData\Roaming\dAFHRYOSGKZIxi4
2011-10-09 08:35:40 -------- d-----w- C:\Users\user\AppData\Roaming\LVx14dYBimKwzD5
2011-10-09 08:35:38 -------- d-----w- C:\Users\user\AppData\Roaming\a9YrAiGsLjVx1n6
2011-10-09 08:26:15 -------- d-----w- C:\Program Files (x86)\Runtime Software
2011-10-09 07:39:48 -------- d-----w- C:\Users\user\AppData\Roaming\tVrBPyS1iD
2011-10-09 07:38:58 -------- d-----w- C:\Users\user\AppData\Roaming\a3aKgCrtA2D6KEg
2011-10-09 07:37:59 -------- d-----w- C:\Users\user\AppData\Roaming\GdDlTaPRpB
2011-10-09 07:36:58 -------- d-----w- C:\Users\user\AppData\Roaming\KgaSVg4cw8GxCsi
2011-10-09 07:36:14 -------- d-----w- C:\Users\user\AppData\Roaming\JEZCVxDWhx3WZOv
2011-10-09 07:36:13 -------- d-----w- C:\Users\user\AppData\Roaming\wNLoVK2CGuXDjDY
2011-10-09 07:36:08 -------- d-----w- C:\Users\user\AppData\Roaming\ED4WLqIOP1
2011-10-09 07:36:07 -------- d-----w- C:\Users\user\AppData\Roaming\xb5WLXIOuF5dRXe
2011-10-09 07:36:04 -------- d-----w- C:\Users\user\AppData\Roaming\tfjlcnsgUxvaWgY
2011-10-09 07:32:28 3042304 ----a-w- C:\windows\SysWow64\LvD2onF4pHsJdK.exe
2011-10-09 07:32:18 3042304 ----a-w- C:\windows\SysWow64\p5sWJ7dELgZhXkV.exe
2011-10-09 07:32:08 3042304 ----a-w- C:\windows\SysWow64\GUVrlOBtxySi4m7.exe
2011-10-09 07:31:58 3042304 ----a-w- C:\windows\SysWow64\AonF4amH5W7E8Rq.exe
2011-10-09 07:31:49 3042304 ----a-w- C:\windows\SysWow64\drlOBtxP0c1v3n4.exe
2011-10-09 07:31:36 3042304 ----a-w- C:\windows\SysWow64\UONyxA0uv2b3n5Q.exe
2011-10-09 07:31:25 3042304 ----a-w- C:\windows\SysWow64\b9YXjUVelBz.exe
2011-10-09 07:31:15 3042304 ----a-w- C:\windows\SysWow64\fkUVelOBtPyAi.exe
2011-10-09 07:30:58 3042304 ----a-w- C:\windows\SysWow64\iCekIVrzOtAuSiD.exe
2011-10-09 07:30:42 3042304 ----a-w- C:\windows\SysWow64\zmH5sQJ7dK.exe
2011-10-09 07:30:25 3042304 ----a-w- C:\windows\SysWow64\uG4amH6sW7E8.exe
2011-10-09 07:30:09 3042304 ----a-w- C:\windows\SysWow64\YdWK8fRL9TqUeIr.exe
2011-10-09 07:29:35 3042304 ----a-w- C:\windows\SysWow64\xdWK8RL9hqUeIrO.exe
2011-10-09 07:29:17 3042304 ----a-w- C:\windows\SysWow64\HgTZqjYCwIPu1b3.exe
2011-10-09 07:29:01 3042304 ----a-w- C:\windows\SysWow64\OA0uS2ibFpGaHdK.exe
2011-10-09 07:28:49 3042304 ----a-w- C:\windows\SysWow64\HZqYXwkUVlBz0c.exe
2011-10-09 07:28:29 3042304 ----a-w- C:\windows\SysWow64\p7fEL8gTZhCkVlB.exe
2011-10-09 07:28:09 3042304 ----a-w- C:\windows\SysWow64\DrlONtxP0c1b3n4.exe
2011-10-09 07:28:00 3042304 ----a-w- C:\windows\SysWow64\twkUVelOBz.exe
2011-10-09 07:27:51 3042304 ----a-w- C:\windows\SysWow64\wlOBtzP0yAiDFpH.exe
2011-10-09 07:27:41 3042304 ----a-w- C:\windows\SysWow64\zZqhYXwkUe.exe
2011-10-09 07:27:31 3042304 ----a-w- C:\windows\SysWow64\m7fEL8gTZhCkVlB.exe
2011-10-09 07:27:20 3042304 ----a-w- C:\windows\SysWow64\yONtxP0uc1b3n4m.exe
2011-10-09 07:27:11 3042304 ----a-w- C:\windows\SysWow64\ZbD3onG4aHsJfLg.exe
2011-10-09 07:27:02 3042304 ----a-w- C:\windows\SysWow64\EkUVrlOBtPySi.exe
2011-10-09 07:26:53 3042304 ----a-w- C:\windows\SysWow64\oD2onF4pm5Q7E8R.exe
2011-10-09 07:26:44 3042304 ----a-w- C:\windows\SysWow64\lBtzPNycAuDoFpG.exe
2011-10-09 07:26:35 3042304 ----a-w- C:\windows\SysWow64\vmG5aQJ6dKfLhXj.exe
2011-10-09 07:26:27 3042304 ----a-w- C:\windows\SysWow64\t0ucS1ibDo.exe
2011-10-09 07:26:18 3042304 ----a-w- C:\windows\SysWow64\zEL8gRZqhXkVl.exe
2011-10-09 07:26:10 3042304 ----a-w- C:\windows\SysWow64\jRZ9hTXwjClBzNx.exe
2011-10-09 07:26:02 3042304 ----a-w- C:\windows\SysWow64\QnG4aQH6sKfLgZj.exe
2011-10-09 07:25:55 3042304 ----a-w- C:\windows\SysWow64\ovD2obF4pGsJdK.exe
2011-10-09 07:25:47 3042304 ----a-w- C:\windows\SysWow64\OIVrzONtx0c2b3n.exe
2011-10-09 07:25:40 3042304 ----a-w- C:\windows\SysWow64\FOBtzP0yc1v2n4m.exe
2011-10-09 07:25:32 3042304 ----a-w- C:\windows\SysWow64\drzONyxA0v2b3n5.exe
2011-10-09 07:25:25 3042304 ----a-w- C:\windows\SysWow64\SOBtzP0yc1v2n.exe
2011-10-09 07:25:17 3042304 ----a-w- C:\windows\SysWow64\eA0uvS2ib3n5Q6.exe
2011-10-09 07:25:10 3042304 ----a-w- C:\windows\SysWow64\NBtxP0ycSiDoFaH.exe
2011-10-09 07:25:02 3042304 ----a-w- C:\windows\SysWow64\CvS2obF3pGa.exe
2011-10-09 07:24:55 3042304 ----a-w- C:\windows\SysWow64\U3onG4amHsJ.exe
2011-10-09 07:24:48 3042304 ----a-w- C:\windows\SysWow64\kmG5aQJ6dKf.exe
2011-10-09 07:24:40 3042304 ----a-w- C:\windows\SysWow64\VJ7fEL8gTqYw.exe
2011-10-09 07:24:33 3042304 ----a-w- C:\windows\SysWow64\IfRZ9hTXwUeI.exe
2011-10-09 07:24:25 3042304 ----a-w- C:\windows\SysWow64\F4aQH6sWKfLgZjC.exe
2011-10-09 07:24:17 3042304 ----a-w- C:\windows\SysWow64\sUVelIBtzNc1v2b.exe
2011-10-09 07:24:10 3042304 ----a-w- C:\windows\SysWow64\mH6dWK7fR9TqYeI.exe
2011-10-09 07:24:02 3042304 ----a-w- C:\windows\SysWow64\b4amH5sWJdLgZh.exe
2011-10-09 07:23:54 3042304 ----a-w- C:\windows\SysWow64\Z1uvS2obFpGaJdK.exe
2011-10-09 07:23:47 3042304 ----a-w- C:\windows\SysWow64\C8gTZqhYCkVlBx0.exe
2011-10-09 07:23:39 3042304 ----a-w- C:\windows\SysWow64\R6dEK8fRZhXjCl.exe
2011-10-09 07:23:31 3042304 ----a-w- C:\windows\SysWow64\b6sWK7fELgZ.exe
2011-10-09 07:23:24 3042304 ----a-w- C:\windows\SysWow64\ihYXwkUVeOtPyAi.exe
2011-10-09 07:23:16 3042304 ----a-w- C:\windows\SysWow64\iNyxA0uvSiFpG.exe
2011-10-09 07:23:08 3042304 ----a-w- C:\windows\SysWow64\JonG4amH6W7E8Tq.exe
2011-10-09 07:23:00 3042304 ----a-w- C:\windows\SysWow64\ZjUVelIBtPyAuDo.exe
2011-10-09 07:22:52 3042304 ----a-w- C:\windows\SysWow64\jfRL9gTXqYeIr.exe
2011-10-09 07:22:45 3042304 ----a-w- C:\windows\SysWow64\hivD2onF4m5Q7E8.exe
2011-10-09 07:22:37 3042304 ----a-w- C:\windows\SysWow64\PbF3pnG5aHdKfL.exe
2011-10-09 07:22:29 3042304 ----a-w- C:\windows\SysWow64\aOBtxP0yc1v3n4m.exe
2011-10-09 07:22:21 3042304 ----a-w- C:\windows\SysWow64\mbF4pmG5sJdKf.exe
2011-10-09 07:22:13 3042304 ----a-w- C:\windows\SysWow64\DG4aQH6sW7E9TqY.exe
2011-10-09 07:22:05 3042304 ----a-w- C:\windows\SysWow64\IVrlOBtxPySiDoF.exe
2011-10-09 07:21:56 3042304 ----a-w- C:\windows\SysWow64\tdEK8gRZ9YwUe.exe
2011-10-09 07:21:39 3042304 ----a-w- C:\windows\SysWow64\AVrzONtxAuSiDpG.exe
2011-10-09 07:21:30 3042304 ----a-w- C:\windows\SysWow64\rCwkIVrlOtPuSiD.exe
2011-10-09 07:21:21 3042304 ----a-w- C:\windows\SysWow64\FOBtxP0yc1v3n4m.exe
2011-10-09 07:21:13 3042304 ----a-w- C:\windows\SysWow64\XbF4pmG5sJdKf.exe
2011-10-09 07:21:04 3042304 ----a-w- C:\windows\SysWow64\pobF3pmG5Q6W8R9.exe
2011-10-09 07:20:55 3042304 ----a-w- C:\windows\SysWow64\waQJ6dWK8R9TqUe.exe
2011-10-09 07:20:45 3042304 ----a-w- C:\windows\SysWow64\l6dWK8fRLhXj.exe
2011-10-09 07:20:36 3042304 ----a-w- C:\windows\SysWow64\tdWK7fRL9TqYeIr.exe
2011-10-09 07:20:26 3042304 ----a-w- C:\windows\SysWow64\U9gTXqjYCkVzNx0.exe
2011-10-09 07:20:17 3042304 ----a-w- C:\windows\SysWow64\xVrzONtxAuSiDpG.exe
2011-10-09 07:20:08 3042304 ----a-w- C:\windows\SysWow64\XgTZqhYCwUrOtSi.exe
2011-10-09 07:19:58 3042304 ----a-w- C:\windows\SysWow64\KYCwkUVrlBx0c1v.exe
2011-10-09 07:19:48 3042304 ----a-w- C:\windows\SysWow64\nxP0ucS1iDoGaHs.exe
2011-10-09 07:19:39 3042304 ----a-w- C:\windows\SysWow64\TZqhYCwkUrOtPSi.exe
2011-10-09 07:19:29 3042304 ----a-w- C:\windows\SysWow64\ETZqYCwkIrOtPuS.exe
2011-10-09 07:19:19 3042304 ----a-w- C:\windows\SysWow64\iD3pnG4aQ6W7E9T.exe
2011-10-09 07:19:09 3042304 ----a-w- C:\windows\SysWow64\daQH6sWK7E9TqYw.exe
2011-10-09 07:18:59 3042304 ----a-w- C:\windows\SysWow64\BQH6sWK7fLgZj.exe
2011-10-09 07:18:50 3042304 ----a-w- C:\windows\SysWow64\QfEL9gTZqYw.exe
2011-10-09 07:18:40 3042304 ----a-w- C:\windows\SysWow64\Y7fEL9gTZjCkVlN.exe
2011-10-09 07:18:30 3042304 ----a-w- C:\windows\SysWow64\JS1ibD3on4m6WfL.exe
2011-10-09 07:18:21 3042304 ----a-w- C:\windows\SysWow64\znG4amH6sJfLgZh.exe
2011-10-09 07:18:11 3042304 ----a-w- C:\windows\SysWow64\jH6sWJ7fE8TqY.exe
2011-10-09 07:18:02 3042304 ----a-w- C:\windows\SysWow64\uamH5sWJ7E8RqYw.exe
2011-10-09 07:17:53 3042304 ----a-w- C:\windows\SysWow64\QJ7dEK8gR9YwUe.exe
2011-10-09 07:17:44 3042304 ----a-w- C:\windows\SysWow64\KG5sQJ6dE8R9TwU.exe
2011-10-09 07:17:35 3042304 ----a-w- C:\windows\SysWow64\EhTXqjUCeIrOyAu.exe
2011-10-09 07:17:26 3042304 ----a-w- C:\windows\SysWow64\kjYCekIVrOt.exe
2011-10-09 07:17:17 3042304 ----a-w- C:\windows\SysWow64\qaQH6sK7fLgZjCk.exe
2011-10-09 07:17:07 3042304 ----a-w- C:\windows\SysWow64\XONtxA0uc2b3n4Q.exe
2011-10-09 07:16:58 3042304 ----a-w- C:\windows\SysWow64\gfEL8gTZqYUrOt.exe
2011-10-09 07:16:49 3042304 ----a-w- C:\windows\SysWow64\ewkUVrlOBx0c1v.exe
2011-10-09 07:16:40 3042304 ----a-w- C:\windows\SysWow64\vc1ivD34aHsJdLg.exe
2011-10-09 07:16:30 3042304 ----a-w- C:\windows\SysWow64\vsJ7dEK8gZhXjVl.exe
2011-10-09 07:16:21 3042304 ----a-w- C:\windows\SysWow64\uXwjUVelItPyAuD.exe
2011-10-09 07:16:12 3042304 ----a-w- C:\windows\SysWow64\RF4pG5sQJdKfZh.exe
2011-10-09 07:16:03 3042304 ----a-w- C:\windows\SysWow64\RRL9hTXqjCkBzNx.exe
2011-10-09 07:15:54 3042304 ----a-w- C:\windows\SysWow64\gjYCekIVrOt.exe
2011-10-09 07:15:45 3042304 ----a-w- C:\windows\SysWow64\j9gTZqjYCkVlN.exe
2011-10-09 07:15:36 3042304 ----a-w- C:\windows\SysWow64\X1ivD3onFaHsJdL.exe
2011-10-09 07:15:28 3042304 ----a-w- C:\windows\SysWow64\OdEK8fRZ9TwUeIr.exe
2011-10-09 07:15:19 3042304 ----a-w- C:\windows\SysWow64\erzONyxA0v2b3n5.exe
2011-10-09 07:15:11 3042304 ----a-w- C:\windows\SysWow64\a3pnG4aQHsKfLgZ.exe
2011-10-09 07:15:02 3042304 ----a-w- C:\windows\SysWow64\P1ivD3onFaHsJd.exe
2011-10-09 07:14:55 3042304 ----a-w- C:\windows\SysWow64\TUCekIBrzNx0v2b.exe
2011-10-09 07:14:47 3042304 ----a-w- C:\windows\SysWow64\p6sWJ7fELgZhCkV.exe
2011-10-09 07:14:39 3042304 ----a-w- C:\windows\SysWow64\QF4pmG5sQ6E8R9.exe
2011-10-09 07:14:32 3042304 ----a-w- C:\windows\SysWow64\X4aQH6sWKfLgZ.exe
2011-10-09 07:14:24 3042304 ----a-w- C:\windows\SysWow64\tpmG5sQJ6E.exe
2011-10-09 07:14:17 3042304 ----a-w- C:\windows\SysWow64\uS2ibD3pn4Q6W7E.exe
2011-10-09 07:14:09 3042304 ----a-w- C:\windows\SysWow64\h1ivD2onFpHsJdK.exe
2011-10-09 07:14:02 3042304 ----a-w- C:\windows\SysWow64\GvS2ibF3pGaHd.exe
2011-10-09 07:13:54 3042304 ----a-w- C:\windows\SysWow64\czP0ycA1iDoFpHs.exe
2011-10-09 07:13:47 3042304 ----a-w- C:\windows\SysWow64\BbF3pnG5aH.exe
2011-10-09 07:13:40 3042304 ----a-w- C:\windows\SysWow64\NamH5sWJ7E8.exe
2011-10-09 07:13:32 3042304 ----a-w- C:\windows\SysWow64\bG5aQJ6dW8R9TqU.exe
2011-10-09 07:13:25 3042304 ----a-w- C:\windows\SysWow64\osWJ7dEL8RqYwUe.exe
2011-10-09 07:13:17 3042304 ----a-w- C:\windows\SysWow64\V6dWK8fRLhXjCkB.exe
2011-10-09 07:13:10 3042304 ----a-w- C:\windows\SysWow64\hG4amH6sW7E8TqY.exe
2011-10-09 07:13:02 3042304 ----a-w- C:\windows\SysWow64\zG5sQJ6dE8R9T.exe
2011-10-09 07:12:55 3042304 ----a-w- C:\windows\SysWow64\aucS1ibD3n4m6W7.exe
2011-10-09 07:12:46 3042304 ----a-w- C:\windows\SysWow64\oVelOBtzPyAiDo.exe
2011-10-09 07:12:38 3042304 ----a-w- C:\windows\SysWow64\xrzPNyxA1v2b3m5.exe
2011-10-09 07:12:30 3042304 ----a-w- C:\windows\SysWow64\wpnG4aQH6W7E9.exe
2011-10-09 07:12:21 3042304 ----a-w- C:\windows\SysWow64\jgTZqhYCwUrOtPy.exe
2011-10-09 06:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-08 06:51:41 -------- d-----w- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
2011-10-08 06:51:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-08 06:40:17 -------- d-----w- C:\ProgramData\Hitman Pro
2011-10-08 03:07:07 -------- d-----w- C:\Users\user\AppData\Roaming\AmwD8NGXvKrngu7
2011-10-08 03:07:06 -------- d-----w- C:\Users\user\AppData\Roaming\qh1EtphA6kFL
2011-10-08 03:06:59 -------- d-----w- C:\Users\user\AppData\Roaming\LX3C5VQxE0TSLyJ
2011-10-08 03:06:39 -------- d-----w- C:\Users\user\AppData\Roaming\ZAWrnYDwb807ln9
2011-10-08 03:06:37 -------- d-----w- C:\Users\user\AppData\Roaming\mpXvfNaknV
2011-10-08 03:06:27 -------- d-----w- C:\Users\user\AppData\Roaming\RXIxFdeubmqI2W
2011-10-08 03:06:21 -------- d-----w- C:\Users\user\AppData\Roaming\kNK1hbeQxEikQcZ
2011-10-08 03:05:11 -------- d-----w- C:\Users\user\AppData\Roaming\zvD3onF4aHRwUeO
2011-10-08 03:05:11 -------- d-----w- C:\Users\user\AppData\Roaming\u8ZYwVOt0SiDoFa
2011-10-08 03:05:10 -------- d-----w- C:\Users\user\AppData\Roaming\uktis9IcD
2011-10-08 03:05:10 -------- d-----w- C:\Users\user\AppData\Roaming\qbo4HWJE8qCUrBx
2011-10-08 03:05:07 -------- d-----w- C:\Users\user\AppData\Roaming\pf6YtiHZr1m8eKl
2011-10-08 03:05:05 -------- d-----w- C:\Users\user\AppData\Roaming\KXymgeFEjxJqyf6
2011-10-08 03:05:00 -------- d-----w- C:\Users\user\AppData\Roaming\pQ6KRgXYerOx
2011-10-08 03:03:53 -------- d-----w- C:\Users\user\AppData\Roaming\Re2WeSWe27VDfr3
2011-10-08 03:03:46 -------- d-----w- C:\Users\user\AppData\Roaming\EHkbLPsVoXvKz5j
2011-10-08 03:03:39 -------- d-----w- C:\Users\user\AppData\Roaming\fh18yaC2E0WV3gz
2011-10-08 03:03:39 -------- d-----w- C:\Users\user\AppData\Roaming\Eh18yaC2E0WV3gz
2011-10-08 03:03:38 -------- d-----w- C:\Users\user\AppData\Roaming\SNjWblgpNT5ACsu
2011-10-08 03:03:27 -------- d-----w- C:\Users\user\AppData\Roaming\VDYokHBJyRvj
2011-10-08 03:03:22 -------- d-----w- C:\Users\user\AppData\Roaming\Pft6Iohvgcg1gvT
2011-10-08 03:03:17 -------- d-----w- C:\Users\user\AppData\Roaming\Pkv7V28zF8Io8B
2011-10-08 03:03:03 -------- d-----w- C:\Users\user\AppData\Roaming\GkcmZlu5RIo6qOi
2011-10-08 03:03:02 -------- d-----w- C:\Users\user\AppData\Roaming\ykcmZlu5RIo6qOi
2011-10-08 03:02:53 -------- d-----w- C:\Users\user\AppData\Roaming\Gb7wyHZP5YudloR
2011-10-08 03:02:52 -------- d-----w- C:\Users\user\AppData\Roaming\pP2sZlcFJZCyoaL
2011-10-08 03:02:24 -------- d-----w- C:\Users\user\AppData\Roaming\nyA2bp5Wf9XYeVO
2011-10-08 03:02:23 -------- d-----w- C:\Users\user\AppData\Roaming\YvD2obF4p5Qd8
2011-10-08 03:02:05 -------- d-----w- C:\Users\user\AppData\Roaming\famH6sWJ7E
2011-10-08 03:01:56 -------- d-----w- C:\Users\user\AppData\Roaming\UkIVrlONtPuSiDo
2011-10-08 03:01:54 -------- d-----w- C:\Users\user\AppData\Roaming\UIBrzONyx0v2pG
2011-10-08 03:01:49 -------- d-----w- C:\Users\user\AppData\Roaming\wAu2FGQdKRTjCIr
2011-10-08 03:01:39 -------- d-----w- C:\Users\user\AppData\Roaming\XeBPyAvo3m
2011-10-08 03:01:34 -------- d-----w- C:\Users\user\AppData\Roaming\GdWK8fRL9T
2011-10-08 01:37:20 -------- d-----w- C:\ProgramData\WSTB
2011-10-06 23:49:42 -------- d-----w- C:\Users\user\AppData\Roaming\RzONyxA0uSiFpGQ
2011-10-06 23:49:41 -------- d-----w- C:\Users\user\AppData\Roaming\aTXqjUCekB
2011-10-06 22:11:59 -------- d-----w- C:\Users\user\AppData\Roaming\a5aQJ6dWKfLhXjC
2011-10-06 22:11:58 -------- d-----w- C:\Users\user\AppData\Roaming\FIBrzPNyx1v2b3m
2011-10-06 21:56:19 -------- d-----w- C:\Users\user\AppData\Roaming\EycA1uvD2b
2011-10-06 21:56:19 -------- d-----w- C:\Users\user\AppData\Roaming\DgRZ9hYXwUeItP
2011-10-06 21:15:36 -------- d-----w- C:\Users\user\AppData\Roaming\nVrzONtxAuSiDpG
2011-10-06 21:15:35 -------- d-----w- C:\Users\user\AppData\Roaming\rQH6dWK7fLgXjCk
2011-10-06 17:20:08 -------- d-----w- C:\Users\user\AppData\Roaming\XllOtxxP0ycSiv3
2011-10-06 17:20:08 -------- d-----w- C:\Users\user\AppData\Roaming\HnFF44amH5s
2011-10-06 17:19:58 -------- d-----w- C:\Users\user\AppData\Roaming\SEEEL88gTZqYCkU
2011-10-06 17:19:58 -------- d-----w- C:\Users\user\AppData\Roaming\o000yccS1iv3oF
2011-10-06 17:15:44 -------- d-----we C:\windows\system64
2011-09-22 14:11:39 -------- d-----w- C:\Program Files\Bonjour
2011-09-22 14:11:39 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-22 14:10:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-09-26 02:00:08 64272 ----a-w- C:\windows\System32\drivers\RapportKE64.sys
2011-09-18 15:40:34 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 00:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-15 03:52:01 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-07-12 18:34:00 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
.
============= FINISH: 2:07:05.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 14 October 2011 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Did you set this proxy server?
If not please check with your Internet Provider and make sure if you need it or not.
uInternet Settings,ProxyServer = http=127.0.0.1:59010

If not required remove it.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:59010 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Next,

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the log for my review.

Let me know what problem persists.

#3 burningbush

burningbush
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 14 October 2011 - 11:38 AM

Hi,

This was a friend's machine, and they decided last night to do a complete system rebuild.

I'm a little sorry they went this way; I was looking forward to working with you on this.

Thanks for your time.

Edited by burningbush, 14 October 2011 - 11:40 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 15 October 2011 - 08:00 AM

Thank you for the feed back.

This topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users