Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Guard online


  • This topic is locked This topic is locked
7 replies to this topic

#1 knightrider1

knightrider1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 20 October 2011 - 09:44 AM

I was infected by what appeared to be the new version of AV Gauad Online and after going through the clean up process I still can't access the internet and some files, everytime i open ie it doesn't load. Each time I run the malwarebytes software it seems to pick something new up almost every other time. I ran the tdsskiller and each time it found nothing out of the ordinary. I went even further and have the dds logs that will be pasted below but one issue i had with the gmer program where it wouldn't let me check certain box fields as they were shaded out but i ran the scan anyway and it showed no modifcations to the pc,so i couldn't make an ark.txt file, not sure what to do at this point and hopefully someone can help, any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by danny at 3:56:08 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1726 [GMT -4:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\igfxext.exe
C:\PROGRA~2\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie9
uWindow Title = Windows Internet Explorer provided by AOL
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ooVoo Toolbar Helper: {92b514fd-a316-4736-99eb-2a6532d02e7d} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ooVoo Toolbar: {3d475351-3508-4de9-a7c0-b0ceb0859fbe} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
TB: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\danny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Best Buy pc app] C:\Users\danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [ooVooToolbarHelper] "C:\Program Files (x86)\ooVoo Toolbar\ToolbarHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [D37.exe] C:\Program Files (x86)\Internet Explorer\3479\D37.exe
mExplorerRun: [Kjkj] rundll32 "C:\windows\SysWOW64\javaw2.dll",Tduxuslqj
mExplorerRun: [YYOSAAMDAB] rundll32 "C:\windows\SysWOW64\imapin.dll",myfa
mExplorerRun: [QCFJMVLU] rundll32 "C:\windows\SysWOW64\ig4dev32I.dll",zfmcrke
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2423007D-01F6-457E-B619-9340D305DEFC} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2423007D-01F6-457E-B619-9340D305DEFC}\0554747495D20534F5E4564777F627B6F513 : DhcpNameServer = 192.168.1.1 167.206.251.130 167.206.251.129
TCP: Interfaces\{2423007D-01F6-457E-B619-9340D305DEFC}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{2423007D-01F6-457E-B619-9340D305DEFC}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{34C059DE-1048-47AF-9F62-2CA8E5104DD6} : DhcpNameServer = 167.206.251.129 167.206.251.130
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ooVoo Toolbar Helper: {92B514FD-A316-4736-99EB-2A6532D02E7D} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
BHO-X64: ooVoo Toolbar Helper - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
BHO-X64: ooVoo Video Chat - No File
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: ooVoo Toolbar: {3D475351-3508-4de9-A7C0-B0CEB0859FBE} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll
TB-X64: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [ooVooToolbarHelper] "C:\Program Files (x86)\ooVoo Toolbar\ToolbarHelper.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [D37.exe] C:\Program Files (x86)\Internet Explorer\3479\D37.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\system32\DRIVERS\CSCrySec.sys --> C:\windows\system32\DRIVERS\CSCrySec.sys [?]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\windows\system32\DRIVERS\klbg.sys --> C:\windows\system32\DRIVERS\klbg.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-10-20 67584]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-18 366152]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 Updater Service for ooVoo Toolbar;Updater Service for ooVoo Toolbar;C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe [2011-7-29 267488]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2009-12-8 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-24 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-24 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-20 07:09:27 -------- d-----w- C:\Users\danny\AppData\Local\Safe mirror
2011-10-20 07:08:53 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-10-19 02:26:49 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-19 01:55:40 69120 --sha-r- C:\windows\SysWow64\ig4dev32I.dll
2011-10-19 01:55:39 69120 --sha-r- C:\windows\SysWow64\javaw2.dll
2011-10-19 01:55:39 69120 --sha-r- C:\windows\SysWow64\imapin.dll
2011-10-19 01:53:57 -------- d-----w- C:\Program Files (x86)\B41B6
2011-10-19 01:53:48 -------- d-----w- C:\ProgramData\WSTB
2011-10-19 01:45:39 -------- d-----w- C:\Program Files (x86)\Quick Web Player
2011-10-19 00:45:29 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E97FFC25-623A-4198-B08F-181E590195DC}\mpengine.dll
2011-10-18 11:36:58 -------- d-----w- C:\Users\danny\AppData\Roaming\Malwarebytes
2011-10-18 09:20:50 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 09:20:46 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-10-18 09:20:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-18 06:40:23 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-18 06:40:22 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-10-18 06:40:04 174368 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2011-10-18 06:40:04 141088 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2011-10-18 05:40:40 -------- d-----w- C:\Users\danny\AppData\Local\CrashDumps
2011-10-18 03:58:31 85048 ----a-w- C:\windows\System32\drivers\CSCrySec.sys
2011-10-18 03:58:31 66104 ----a-w- C:\windows\System32\drivers\CSVirtualDiskDrv.sys
2011-10-18 03:56:52 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2011-10-18 03:56:50 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-10-18 03:56:50 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-10-18 03:51:37 -------- d-----w- C:\windows\System32\SPReview
2011-10-18 03:48:00 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2011-10-18 03:45:47 -------- d-----w- C:\windows\System32\EventProviders
2011-10-18 03:41:16 -------- d-----w- C:\Users\danny\AppData\Roaming\QJEg9XUVltNvoFm
2011-10-18 03:41:16 -------- d-----w- C:\Users\danny\AppData\Roaming\lsQJ6dEK8R9TweB
2011-10-18 03:39:44 -------- d-----w- C:\Users\danny\AppData\Roaming\QFKXN4dZjBAomWT
2011-10-18 03:38:58 -------- d-----w- C:\Users\danny\AppData\Roaming\NDt82rCqZE55adQ
2011-10-18 03:37:53 -------- d-----w- C:\Users\danny\AppData\Roaming\tCOzBA3p6J8B0
2011-10-18 03:37:16 -------- d-----w- C:\Users\danny\AppData\Roaming\HuzkjEmnDu0tOO
2011-10-18 03:37:11 -------- d-----w- C:\Users\danny\AppData\Roaming\FqKmuzkjE
2011-10-18 03:37:06 -------- d-----w- C:\Users\danny\AppData\Roaming\lUUZ63uNOxonv1u
2011-10-18 03:35:57 -------- d-----w- C:\Users\danny\AppData\Roaming\DXNmRIQTO2afYO
2011-10-18 03:34:59 -------- d-----w- C:\Users\danny\AppData\Roaming\Yi7PRcToVL
2011-10-18 03:33:42 -------- d-----w- C:\Users\danny\AppData\Roaming\ACZaBWPKARSxgpI
2011-10-18 03:33:31 -------- d-----w- C:\Users\danny\AppData\Roaming\CoSksicXQNIKSj
2011-10-18 03:33:27 -------- d-----w- C:\Users\danny\AppData\Roaming\j5GOEbkJSYptR3b
2011-10-18 03:33:24 -------- d-----w- C:\Users\danny\AppData\Roaming\BxOgoIkduq4NgoV
2011-10-18 03:33:06 -------- d-----w- C:\Users\danny\AppData\Roaming\aJ1q2jQPKA
2011-10-18 03:32:50 -------- d-----w- C:\Users\danny\AppData\Roaming\gpPlPwd30rjEmvP
2011-10-18 03:32:37 -------- d-----w- C:\Users\danny\AppData\Roaming\g1NcyH8hqjqzIwW
2011-10-18 03:32:31 -------- d-----w- C:\Users\danny\AppData\Roaming\KNBx0Gs54FiTE
2011-10-18 03:32:18 -------- d-----w- C:\Users\danny\AppData\Roaming\lzvbDcvpppGahUI
2011-10-18 03:32:12 -------- d-----w- C:\Users\danny\AppData\Roaming\Qd8ZTjINAv2Fp5J
2011-10-18 03:32:11 -------- d-----w- C:\Users\danny\AppData\Roaming\pWwybdqI17hkNtr
2011-10-18 03:32:09 -------- d-----w- C:\Users\danny\AppData\Roaming\Lp6RjVx2Gs9jCVl
2011-10-18 03:32:08 -------- d-----w- C:\Users\danny\AppData\Roaming\q6RjVx2Gs
2011-10-18 03:30:49 -------- d-----w- C:\Users\danny\AppData\Roaming\d3jVUkUChgKVwhg
2011-10-18 03:29:59 -------- d-----w- C:\Users\danny\AppData\Roaming\IZVunWZV0oWRUP2
2011-10-18 03:28:59 -------- d-----w- C:\Users\danny\AppData\Roaming\oV8cJjNiKx3T0ph
2011-10-18 03:27:54 -------- d-----w- C:\Users\danny\AppData\Roaming\JGQ67fqfmvA0tCT
2011-10-18 03:26:57 -------- d-----w- C:\Users\danny\AppData\Roaming\SBm90J9xsY1RxF8
2011-10-18 03:25:59 -------- d-----w- C:\Users\danny\AppData\Roaming\TBL1hbCS84CHVRv
2011-10-18 03:25:44 -------- d-----w- C:\Users\danny\AppData\Roaming\rtKN6STnBL1h
2011-10-18 03:25:43 -------- d-----w- C:\Users\danny\AppData\Roaming\WyZ0gShvRpw5yXn
2011-10-18 03:25:43 -------- d-----w- C:\Users\danny\AppData\Roaming\iyZ0gShvRpw5yXn
2011-10-18 03:25:41 -------- d-----w- C:\Users\danny\AppData\Roaming\ELSZvhDqiXSjGwd
2011-10-18 03:25:41 -------- d-----w- C:\Users\danny\AppData\Roaming\EC4VmV4k5C5NWAI
2011-10-18 03:25:29 -------- d-----w- C:\Users\danny\AppData\Roaming\A2YDUFYbXFjDwne
2011-10-18 03:25:28 -------- d-----w- C:\Users\danny\AppData\Roaming\tK2YDUFYbXFjDwn
2011-10-18 03:25:23 -------- d-----w- C:\Users\danny\AppData\Roaming\jEFiilW0LohSg3Y
2011-10-18 03:25:21 -------- d-----w- C:\Users\danny\AppData\Roaming\GJoccU6t7vR0E
2011-10-18 03:25:07 -------- d-----w- C:\Users\danny\AppData\Roaming\RCpIRotTHiPV84
2011-10-18 03:24:59 -------- d-----w- C:\Users\danny\AppData\Roaming\UHt8pxZnIKcZbB9
2011-10-18 03:24:57 -------- d-----w- C:\Users\danny\AppData\Roaming\g2qbRu9tHV4q4l
2011-10-18 03:24:49 -------- d-----w- C:\Users\danny\AppData\Roaming\KPOPO0AiG4
2011-10-18 03:24:43 -------- d-----w- C:\Users\danny\AppData\Roaming\qTS8yRxHknTF
2011-10-18 03:24:40 -------- d-----w- C:\Users\danny\AppData\Roaming\G9c7zWtWO6BpZ18
2011-10-18 03:24:32 -------- d-----w- C:\Users\danny\AppData\Roaming\gNT2j3CDYmVGZc9
2011-10-18 03:24:27 -------- d-----w- C:\Users\danny\AppData\Roaming\nmNT2j3CDYmV
2011-10-18 03:24:24 -------- d-----w- C:\Users\danny\AppData\Roaming\zkgQ2NBjOC
2011-10-18 03:24:12 -------- d-----w- C:\Users\danny\AppData\Roaming\qk4h1ZGuC730U9Q
2011-10-18 03:23:55 -------- d-----w- C:\Users\danny\AppData\Roaming\wNGqtoXN3E
2011-10-18 03:23:53 -------- d-----w- C:\Users\danny\AppData\Roaming\rSY4T2C5N7cZpx9
2011-10-18 03:23:52 -------- d-----w- C:\Users\danny\AppData\Roaming\ZiWwA6YxaI3XOod
2011-10-18 03:23:52 -------- d-----w- C:\Users\danny\AppData\Roaming\iCf1h0fvVGV6P9p
2011-10-18 03:23:49 -------- d-----w- C:\Users\danny\AppData\Roaming\c7cfxYplGqaN8uL
2011-10-18 03:23:33 -------- d-----w- C:\Users\danny\AppData\Roaming\xxoECSskofrahv8
2011-10-18 03:23:30 -------- d-----w- C:\Users\danny\AppData\Roaming\asRUSWYcmXS8y
2011-10-18 03:23:17 -------- d-----w- C:\Users\danny\AppData\Roaming\pseQk1QU26euJjx
2011-10-18 03:23:15 -------- d-----w- C:\Users\danny\AppData\Roaming\p5XuL0Ww1KV3
2011-10-18 03:23:13 -------- d-----w- C:\Users\danny\AppData\Roaming\f5XuL0Ww1K
2011-10-18 03:23:09 -------- d-----w- C:\Users\danny\AppData\Roaming\I5Rl37U04LO1
2011-10-18 03:21:58 -------- d-----w- C:\Users\danny\AppData\Roaming\CUBrrOBzBrxxA0O
2011-10-18 03:21:57 -------- d-----w- C:\Users\danny\AppData\Roaming\gl3LliZz7tgUA6O
2011-10-18 03:21:36 -------- d-----w- C:\Users\danny\AppData\Roaming\HixITWpb10NtBO
2011-10-18 03:21:30 -------- d-----w- C:\Users\danny\AppData\Roaming\rlX7abtkw
2011-10-18 03:21:27 -------- d-----w- C:\Users\danny\AppData\Roaming\T2tCLJFuz
2011-10-18 03:21:23 -------- d-----w- C:\Users\danny\AppData\Roaming\riYoXvj39vLi8y8
2011-10-18 03:21:14 -------- d-----w- C:\Users\danny\AppData\Roaming\sEa531POjZfdnSO
2011-10-18 03:21:14 -------- d-----w- C:\Users\danny\AppData\Roaming\HNrICTfs4D1NVqL
2011-10-18 03:21:11 -------- d-----w- C:\Users\danny\AppData\Roaming\F7s4iNrICTfs4D1
2011-10-18 03:20:58 -------- d-----w- C:\Users\danny\AppData\Roaming\WGDAyPBONu0PPNN
2011-10-18 03:19:23 -------- d-----w- C:\Users\danny\AppData\Roaming\ddYAnEkSHhxFLlv
2011-10-18 03:19:16 -------- d-----w- C:\Users\danny\AppData\Roaming\w4EXza9rbWe2swS
2011-10-14 03:46:14 -------- d-----w- C:\Users\danny\AppData\Roaming\URhwVIzy1Dbp5JE
2011-10-14 03:45:42 -------- d-----w- C:\Users\danny\AppData\Roaming\ThBuG8jzS58euQT
2011-10-14 03:45:16 -------- d-----w- C:\Users\danny\AppData\Roaming\eQd8ZYjeBNAvo4Q
2011-10-14 03:44:52 -------- d-----w- C:\Users\danny\AppData\Roaming\Rb35JWf9Xje
2011-10-14 03:44:37 -------- d-----w- C:\Users\danny\AppData\Roaming\HUCelIBzNxuSoFG
2011-10-14 03:44:28 -------- d-----w- C:\Users\danny\AppData\Roaming\EG5aQH6dW7R9TqY
2011-10-14 03:44:15 -------- d-----w- C:\Users\danny\AppData\Roaming\CucS1ibD3n4ms7E
2011-10-14 03:44:02 -------- d-----w- C:\Users\danny\AppData\Roaming\Kpm5JE8R9YjeIzN
2011-10-14 03:43:47 -------- d-----w- C:\Users\danny\AppData\Roaming\ldLgqYwVlBPyAi2
2011-10-14 03:43:38 -------- d-----w- C:\Users\danny\AppData\Roaming\zpmH5sQJ7E8R9Yw
2011-10-14 03:39:25 -------- d-----w- C:\Users\danny\AppData\Roaming\dyci2Fp5QEg9Yje
2011-10-14 03:39:24 -------- d-----w- C:\Users\danny\AppData\Roaming\RkrBPci3G67EgZY
2011-10-14 03:39:23 -------- d-----w- C:\Users\danny\AppData\Roaming\jbo4HWf8ZYkrBPc
2011-10-14 03:39:22 -------- d-----w- C:\Users\danny\AppData\Roaming\SCIrONtAc2
2011-10-14 03:39:22 -------- d-----w- C:\Users\danny\AppData\Roaming\ICIrONtAc2Dn
2011-10-14 03:39:20 -------- d-----w- C:\Users\danny\AppData\Roaming\dGQdKRhwC
2011-10-14 03:39:07 -------- d-----w- C:\Users\danny\AppData\Roaming\BIHOJxWBslmU3X0
2011-10-14 03:39:06 -------- d-----w- C:\Users\danny\AppData\Roaming\WWxRSZDqDZiRAKN
2011-10-14 03:39:01 -------- d-----w- C:\Users\danny\AppData\Roaming\QsJE89XUeItPyAu
2011-10-14 03:37:57 -------- d-----w- C:\Users\danny\AppData\Roaming\CImwv8OaCb9P6Cv
2011-10-14 03:36:58 -------- d-----w- C:\Users\danny\AppData\Roaming\psQd6aGmp4d5pic
2011-10-14 03:35:57 -------- d-----w- C:\Users\danny\AppData\Roaming\mDbp5sd8ZTjeBzy
2011-10-14 03:34:53 -------- d-----w- C:\Users\danny\AppData\Roaming\CGaGammFnnFpn4
2011-10-14 03:33:59 -------- d-----w- C:\Users\danny\AppData\Roaming\YBc3mJgYez
2011-10-14 03:32:57 -------- d-----w- C:\Users\danny\AppData\Roaming\Op8eus9rod
2011-10-14 03:32:53 -------- d-----w- C:\Users\danny\AppData\Roaming\lpqiZuTbRojaygb
2011-10-14 03:32:52 -------- d-----w- C:\Users\danny\AppData\Roaming\spEYBumKwzS
2011-10-14 03:32:51 -------- d-----w- C:\Users\danny\AppData\Roaming\SIbsqO1adYO1pEY
2011-10-14 03:32:51 -------- d-----w- C:\Users\danny\AppData\Roaming\IIbsqO1adYO1pEY
2011-10-14 03:32:47 -------- d-----w- C:\Users\danny\AppData\Roaming\ZlbfVSHRODJXPFR
2011-10-14 03:32:45 -------- d-----w- C:\Users\danny\AppData\Roaming\jRzpEISWC0
2011-10-14 03:32:45 -------- d-----w- C:\Users\danny\AppData\Roaming\cxfyZbY3hDhb
2011-10-14 03:32:36 -------- d-----w- C:\Users\danny\AppData\Roaming\we2WC06ZOvWY0
2011-10-14 03:32:19 -------- d-----w- C:\Users\danny\AppData\Roaming\wshNiFEqlcFH4
2011-10-14 03:32:16 -------- d-----w- C:\Users\danny\AppData\Roaming\vjfwzDFKTOc5Q
2011-10-14 03:30:53 -------- d-----w- C:\Users\danny\AppData\Roaming\slUX9EjeOyxSoQs
2011-10-14 03:30:39 -------- d-----w- C:\Users\danny\AppData\Roaming\PUdAkmuAiNUVlUX
2011-10-14 03:30:39 -------- d-----w- C:\Users\danny\AppData\Roaming\b04gIDQhzbTSdeu
2011-10-14 03:30:30 -------- d-----w- C:\Users\danny\AppData\Roaming\b6qObWYx37XtvmK
2011-10-14 03:30:16 -------- d-----w- C:\Users\danny\AppData\Roaming\xvWk1sC3CiR0Wts
2011-10-14 03:30:04 -------- d-----w- C:\Users\danny\AppData\Roaming\XOpRA6YAWIiHjGL
2011-10-14 03:30:04 -------- d-----w- C:\Users\danny\AppData\Roaming\rkvEPF9UvX1G
2011-10-14 03:30:04 -------- d-----w- C:\Users\danny\AppData\Roaming\r0i35dgYVNuinQK
2011-10-14 03:30:01 -------- d-----w- C:\Users\danny\AppData\Roaming\XUA7V38ypT
2011-10-14 03:30:00 -------- d-----w- C:\Users\danny\AppData\Roaming\vpGaHsKE9TjCIrN
2011-10-14 03:30:00 -------- d-----w- C:\Users\danny\AppData\Roaming\qtFLu7ebKNaqy6C
2011-10-14 03:30:00 -------- d-----w- C:\Users\danny\AppData\Roaming\aIGgPHC0sq
2011-10-14 03:28:58 -------- d-----w- C:\Users\danny\AppData\Roaming\lQd8RhwCIzy1op5
2011-10-14 03:27:53 -------- d-----w- C:\Users\danny\AppData\Roaming\L07lHrFXSdC1EI5
2011-10-14 03:26:58 -------- d-----w- C:\Users\danny\AppData\Roaming\gtWOa5xYEmB9Hm4
2011-10-14 03:25:35 -------- d-----w- C:\Users\danny\AppData\Roaming\UjcfPJOarQz9bhG
2011-10-14 03:25:35 -------- d-----w- C:\Users\danny\AppData\Roaming\djcfPJOarQz9bhG
2011-10-14 03:25:26 -------- d-----w- C:\Users\danny\AppData\Roaming\JknXSWkDdIusO5l
2011-10-14 03:25:23 -------- d-----w- C:\Users\danny\AppData\Roaming\dridjxnRe0Gfw1s
2011-10-14 03:25:21 -------- d-----w- C:\Users\danny\AppData\Roaming\oKx6kvYxWkidjv
2011-10-14 03:25:17 -------- d-----w- C:\Users\danny\AppData\Roaming\KU2Cv9uKrQ
2011-10-14 03:25:12 -------- d-----w- C:\Users\danny\AppData\Roaming\RfGSkhEoBZ5A9Dr
2011-10-14 03:25:03 -------- d-----w- C:\Users\danny\AppData\Roaming\vIQki8N7OFZydl4
2011-10-14 03:25:03 -------- d-----w- C:\Users\danny\AppData\Roaming\sKB2ZALxmY17tH
2011-10-14 03:24:48 -------- d-----w- C:\Users\danny\AppData\Roaming\COTHSUEotRmuYEm
2011-10-14 03:24:46 -------- d-----w- C:\Users\danny\AppData\Roaming\jlZHvPjWiOTmcws
2011-10-14 03:24:45 -------- d-----w- C:\Users\danny\AppData\Roaming\h0CdoyeLaurLFPh
2011-10-14 03:24:44 -------- d-----w- C:\Users\danny\AppData\Roaming\tyj6SU841BT6crL
2011-10-14 03:24:42 -------- d-----w- C:\Users\danny\AppData\Roaming\KuefDIgHAlTd3
2011-10-14 03:24:39 -------- d-----w- C:\Users\danny\AppData\Roaming\exqQxYH1j4U4wfm
2011-10-14 03:24:27 -------- d-----w- C:\Users\danny\AppData\Roaming\gr7cq4OEAY5
2011-10-14 03:24:17 -------- d-----w- C:\Users\danny\AppData\Roaming\qmQ8TItSosRYxDQ
2011-10-14 03:24:15 -------- d-----w- C:\Users\danny\AppData\Roaming\bkQVL0f0LAR
2011-10-14 03:24:06 -------- d-----w- C:\Users\danny\AppData\Roaming\Q3m5aH7ZkIAin6
2011-10-14 03:22:58 -------- d-----w- C:\Users\danny\AppData\Roaming\WKoC5r6N7cgShFU
2011-10-14 03:22:58 -------- d-----w- C:\Users\danny\AppData\Roaming\sKoC5r6N7cgShF
2011-10-14 03:22:34 -------- d-----w- C:\Users\danny\AppData\Roaming\HjzDEUu7rvJ
2011-10-14 03:22:14 -------- d-----w- C:\Users\danny\AppData\Roaming\zIBNt00oJRjrB
2011-10-14 03:21:51 -------- d-----w- C:\Users\danny\AppData\Roaming\Gja2rE4Se9
2011-10-14 03:21:43 -------- d-----w- C:\Users\danny\AppData\Roaming\fyXJuYK3xYdbrhH
2011-10-14 03:21:36 -------- d-----w- C:\Users\danny\AppData\Roaming\PJ1w5xqaPYH1jJ
2011-10-14 03:21:35 -------- d-----w- C:\Users\danny\AppData\Roaming\sjmcq5AUdFuCEay
2011-10-14 03:21:33 -------- d-----w- C:\Users\danny\AppData\Roaming\XIW2kWugFB8oId2
2011-10-14 03:21:33 -------- d-----w- C:\Users\danny\AppData\Roaming\NIT6cCsiXJvl8n2
2011-10-14 03:21:25 -------- d-----w- C:\Users\danny\AppData\Roaming\DP7tJN8xL2jGOEi
2011-10-14 03:21:20 -------- d-----w- C:\Users\danny\AppData\Roaming\EZ18NsI5BdATa0h
2011-10-14 03:21:18 -------- d-----w- C:\Users\danny\AppData\Roaming\sl4YuEBmqvR
2011-10-14 03:21:17 -------- d-----w- C:\Users\danny\AppData\Roaming\aQkiLt5l4YuEBmq
2011-10-14 03:21:16 -------- d-----w- C:\Users\danny\AppData\Roaming\k6zJIaVDZSgyE0d
2011-10-14 03:21:08 -------- d-----w- C:\Users\danny\AppData\Roaming\qPskv7VDEIb8B3g
2011-10-14 03:20:58 -------- d-----w- C:\Users\danny\AppData\Roaming\y3g0d0QebZx6r7r
2011-10-14 03:20:58 -------- d-----w- C:\Users\danny\AppData\Roaming\m0d0QebZx6r7r
2011-10-14 03:20:51 -------- d-----w- C:\Users\danny\AppData\Roaming\Nqy5X0HZt4q0Hq0
2011-10-14 03:20:51 -------- d-----w- C:\Users\danny\AppData\Roaming\kv6qy5X0HZt4q0H
2011-10-14 02:19:02 3138048 ----a-w- C:\windows\System32\win32k.sys
2011-10-10 01:03:47 -------- d-----we C:\windows\system64
.
==================== Find3M ====================
.
2011-10-18 04:17:29 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-10-18 04:17:28 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
.
============= FINISH: 3:56:47.30 ===============

BC AdBot (Login to Remove)

 


#2 knightrider1

knightrider1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 20 October 2011 - 10:45 AM

just ran the gmer program again and 2 things came up, i've just attached the txt file.

Attached Files

  • Attached File  ark.txt   370bytes   2 downloads


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 25 October 2011 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424303 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 30 October 2011 - 09:50 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

Topic opened again at request of OP

Edited by Platypus, 30 October 2011 - 11:27 PM.
Re-open requested


#5 knightrider1

knightrider1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 31 October 2011 - 12:55 AM

i have posted everything i can get with all the tools/utilities that i downloaded but nothing seems to work, it only seems to work in safe mode for some reason where i can access the internet.

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:56 AM

Posted 31 October 2011 - 02:49 AM

Greetings knightrider1 and Welcome to the forums,
May I see the Attach.txt log please?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:56 AM

Posted 03 November 2011 - 06:09 PM

Still with us knightrider1?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:08:56 AM

Posted 06 November 2011 - 08:49 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users