Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Toshiba Laptop


  • Please log in to reply
21 replies to this topic

#1 Gary Sark

Gary Sark

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 May 2012 - 07:53 AM

Mod Edit: Split from different topic - Hamluis.

My toshiba laptop that uses windows 7 has a virus on it and i've downloaded some antivirus programs and the programs usually get rid of the viruses, but then when I restart the computer to complete the virus cleaning process my computer fails to reboot and I end up having to restore it to a point when it still has the virus on it. Someone please help me it affects my browsers I can't even google search because when i click on a link it redirects the page to another random website. The viruses names that come up when i try to clean it are trojans called Alureon and Sirefef.

*Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*



It just so happens that I have this same problem. My laptop is also a toshiba. My question is I have run all the virus checks and removals. It says i must reboot to finish removing the viruses. But I can't reboot, unless I do a restore to an earlier point. If I do that, will all the viruses return?

Edited by hamluis, 04 May 2012 - 05:38 PM.
PM sent new op - Hamluis.


BC AdBot (Login to Remove)

 


#2 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 May 2012 - 07:56 AM

just in case this is any help:

I have rebooted, however, it will not allow me to reboot normally. I have tried to reboot 3 or 4 times and will keep trying to reboot with Microsoft repair re-boot. My question is, if I try to reboot using the last sucessfuly login profile, will all the virus come back?Prior to rebooting, I ran two MS Tools:

I) Micro Soft Satety Scanner. It found 7 Trojans:
1) Win32/Alureon.FP Partially Removed(PR), Manual Steps Required; Restart Required (RR)
2) Win32/Sirefef.AB PR/RR
3) Win64/Sirefef.P PR/RR
4) Win64/Sirefef.U PR/RR
5) Win64/Sirefef.Y PR
6) Win64/Sirefef.J Removed
7) Win64/Sirefef.W Removed
II) Micro Soft Malicious Software Removal Tool
1) Trojan: Win32/Alureon.FP Partially Removed, Manula Steps Required, Restart Required

Again I did run Super Anti Spyware. Scan Results were 739 items, Mostly or ALL were Tracking Cookies. I don't think that this tool found the Trojans that MicroSoft found. Recently, MS Security found Waprox.A . BTW, at some point, MS Security Ensemble/Suite was removed from my computer. However, I did not do it myself.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:25 AM

Posted 04 May 2012 - 05:56 PM

With your type of infection....

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 May 2012 - 09:30 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 25
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:25 AM

Posted 04 May 2012 - 09:33 PM

You didn't read my previous reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 May 2012 - 10:17 PM

sorry, I am doing it now. I have DDS.txt and Attach.txt . right now, I am running the roootkit/malware dds.scr now. sorry for the misunderstanding

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:25 AM

Posted 04 May 2012 - 10:18 PM

No problem :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 07:05 AM

GMER ran all night, still not done. weird. the only check boxes i can select on GMER is services, registry, files (C drive) and ADS. so far only one item is listed in the box, HKLM SYSTEM\Current ControlSet\Control\Session Manager@PendingFileReName . Also, Microsoft Safety Scanner and Microsoft Malicious Software Removal Tool have both been runing 9 hours (in full mode and still are not complete) Safety Scanner has found 3 items (2 were found on quick scan earlier). MSRT has found nothing on full scan (found nothing on quick scan earlier). TIme elaspse is almost 10 hours. Not sure if this means anything. In the mean time MS Security Essentials continues to find the same virus, but wants me to reboot to finish the cleaning. However I can't really reboot. The last time I rebooted I had to reboot into the "last good reboot" configuration. All of the old restore points were no good. I created a restore point last night after doing a windows update. I was told to boot with Windows Safe mode, but I didnt' do that, because I was so surprised when it finally rebooted last night into "last good boot configuration." Not sure it makes much difference.

#9 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 07:07 AM

my plan is when Safety Scanner and MSRT are done to create a new "restore point." Try to finish up the GMER, put all the results here and wait for more help. The only other thing I can do is try to reboot but that is risky.

#10 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 07:20 AM

HOw do I know when GMER is done? Is it when the "STOP" button turns to "Scan"?

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:25 AM

Posted 05 May 2012 - 11:38 AM

Skip GMER and post DDS logs there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 01:56 PM

ok, will do now. GMER is still running. I 'll follow the directions now and post as directed/instructed.

#13 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 01:58 PM

Here is the DDS.txt message

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Monique K Sarkessian at 23:54:49 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.2542 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
C:\Program Files (x86)\GoZone\GoZone_iSync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\explorer.exe
C:\Users\Monique K Sarkessian\Desktop\MSRT.exe
c:\1b4cf47c5d4ac354b174595a\mrtstub.exe
C:\windows\system32\MRT.exe
C:\Users\Monique K Sarkessian\Downloads\SecurityCheck.exe
C:\Users\Monique K Sarkessian\Downloads\msert.exe
C:\Users\Monique K Sarkessian\Downloads\msert.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Users\Monique K Sarkessian\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\MONIQU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\hueyPROTray.lnk - C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0BCBC76-CA54-4A7E-BCA9-CA270B2E98E2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun-x64: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Monique K Sarkessian\AppData\Roaming\Mozilla\Firefox\Profiles\4tvsox4e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 lxdx_device;lxdx_device;C:\windows\system32\lxdxcoms.exe -service --> C:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdxserv.exe [2011-11-2 29184]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-9-18 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-9-18 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-1-18 793048]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-11-24 6583160]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-11-24 528760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\SBFWIM.sys --> C:\windows\system32\DRIVERS\SBFWIM.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-9-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-22 654408]
S1 barbgwdo;barbgwdo;\??\C:\windows\system32\drivers\barbgwdo.sys --> C:\windows\system32\drivers\barbgwdo.sys [?]
S1 bnyazodi;bnyazodi;\??\C:\windows\system32\drivers\bnyazodi.sys --> C:\windows\system32\drivers\bnyazodi.sys [?]
S1 cgruafug;cgruafug;\??\C:\windows\system32\drivers\cgruafug.sys --> C:\windows\system32\drivers\cgruafug.sys [?]
S1 cuyucotb;cuyucotb;\??\C:\windows\system32\drivers\cuyucotb.sys --> C:\windows\system32\drivers\cuyucotb.sys [?]
S1 cybnluzc;cybnluzc;\??\C:\windows\system32\drivers\cybnluzc.sys --> C:\windows\system32\drivers\cybnluzc.sys [?]
S1 ddrnbomj;ddrnbomj;\??\C:\windows\system32\drivers\ddrnbomj.sys --> C:\windows\system32\drivers\ddrnbomj.sys [?]
S1 ebwjjfav;ebwjjfav;\??\C:\windows\system32\drivers\ebwjjfav.sys --> C:\windows\system32\drivers\ebwjjfav.sys [?]
S1 ejywgmjk;ejywgmjk;\??\C:\windows\system32\drivers\ejywgmjk.sys --> C:\windows\system32\drivers\ejywgmjk.sys [?]
S1 frftzliu;frftzliu;\??\C:\windows\system32\drivers\frftzliu.sys --> C:\windows\system32\drivers\frftzliu.sys [?]
S1 gzlcbmof;gzlcbmof;\??\C:\windows\system32\drivers\gzlcbmof.sys --> C:\windows\system32\drivers\gzlcbmof.sys [?]
S1 khkntfmz;khkntfmz;\??\C:\windows\system32\drivers\khkntfmz.sys --> C:\windows\system32\drivers\khkntfmz.sys [?]
S1 lhbniliu;lhbniliu;\??\C:\windows\system32\drivers\lhbniliu.sys --> C:\windows\system32\drivers\lhbniliu.sys [?]
S1 lkdrqumg;lkdrqumg;\??\C:\windows\system32\drivers\lkdrqumg.sys --> C:\windows\system32\drivers\lkdrqumg.sys [?]
S1 lwdfegon;lwdfegon;\??\C:\windows\system32\drivers\lwdfegon.sys --> C:\windows\system32\drivers\lwdfegon.sys [?]
S1 mgmtilwe;mgmtilwe;\??\C:\windows\system32\drivers\mgmtilwe.sys --> C:\windows\system32\drivers\mgmtilwe.sys [?]
S1 mzueewpk;mzueewpk;\??\C:\windows\system32\drivers\mzueewpk.sys --> C:\windows\system32\drivers\mzueewpk.sys [?]
S1 neegojfo;neegojfo;\??\C:\windows\system32\drivers\neegojfo.sys --> C:\windows\system32\drivers\neegojfo.sys [?]
S1 odfbgnfg;odfbgnfg;\??\C:\windows\system32\drivers\odfbgnfg.sys --> C:\windows\system32\drivers\odfbgnfg.sys [?]
S1 oovaaqpc;oovaaqpc;\??\C:\windows\system32\drivers\oovaaqpc.sys --> C:\windows\system32\drivers\oovaaqpc.sys [?]
S1 orwdisrq;orwdisrq;\??\C:\windows\system32\drivers\orwdisrq.sys --> C:\windows\system32\drivers\orwdisrq.sys [?]
S1 oylnjtmf;oylnjtmf;\??\C:\windows\system32\drivers\oylnjtmf.sys --> C:\windows\system32\drivers\oylnjtmf.sys [?]
S1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys --> C:\windows\system32\drivers\SbFw.sys [?]
S1 SbTis;SbTis;C:\windows\system32\drivers\sbtis.sys --> C:\windows\system32\drivers\sbtis.sys [?]
S1 sqbiibys;sqbiibys;\??\C:\windows\system32\drivers\sqbiibys.sys --> C:\windows\system32\drivers\sqbiibys.sys [?]
S1 thajcdyi;thajcdyi;\??\C:\windows\system32\drivers\thajcdyi.sys --> C:\windows\system32\drivers\thajcdyi.sys [?]
S1 tpjvrfnj;tpjvrfnj;\??\C:\windows\system32\drivers\tpjvrfnj.sys --> C:\windows\system32\drivers\tpjvrfnj.sys [?]
S1 upfpayoe;upfpayoe;\??\C:\windows\system32\drivers\upfpayoe.sys --> C:\windows\system32\drivers\upfpayoe.sys [?]
S1 utagbpyi;utagbpyi;\??\C:\windows\system32\drivers\utagbpyi.sys --> C:\windows\system32\drivers\utagbpyi.sys [?]
S1 vdrhlegy;vdrhlegy;\??\C:\windows\system32\drivers\vdrhlegy.sys --> C:\windows\system32\drivers\vdrhlegy.sys [?]
S1 vlahtuzj;vlahtuzj;\??\C:\windows\system32\drivers\vlahtuzj.sys --> C:\windows\system32\drivers\vlahtuzj.sys [?]
S1 vsduwfru;vsduwfru;\??\C:\windows\system32\drivers\vsduwfru.sys --> C:\windows\system32\drivers\vsduwfru.sys [?]
S1 wmmxkjsc;wmmxkjsc;\??\C:\windows\system32\drivers\wmmxkjsc.sys --> C:\windows\system32\drivers\wmmxkjsc.sys [?]
S1 wwkosvjm;wwkosvjm;\??\C:\windows\system32\drivers\wwkosvjm.sys --> C:\windows\system32\drivers\wwkosvjm.sys [?]
S1 xsaqznjj;xsaqznjj;\??\C:\windows\system32\drivers\xsaqznjj.sys --> C:\windows\system32\drivers\xsaqznjj.sys [?]
S1 yygujcar;yygujcar;\??\C:\windows\system32\drivers\yygujcar.sys --> C:\windows\system32\drivers\yygujcar.sys [?]
S1 zdvfkrrd;zdvfkrrd;\??\C:\windows\system32\drivers\zdvfkrrd.sys --> C:\windows\system32\drivers\zdvfkrrd.sys [?]
S1 zplogtdg;zplogtdg;\??\C:\windows\system32\drivers\zplogtdg.sys --> C:\windows\system32\drivers\zplogtdg.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S2 vetmonnt;VMAUDIO;C:\windows\system32\svchost.exe -k netsvcs [2011-7-26 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\windows\system32\DRIVERS\sbfwim.sys --> C:\windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-05 03:50:55 50000 ----a-w- C:\windows\System32\drivers\wmmxkjsc.sys
2012-05-05 03:50:30 50000 ----a-w- C:\windows\System32\drivers\ddrnbomj.sys
2012-05-05 03:49:51 50000 ----a-w- C:\windows\System32\drivers\cgruafug.sys
2012-05-05 03:49:27 50000 ----a-w- C:\windows\System32\drivers\khkntfmz.sys
2012-05-05 03:47:27 50000 ----a-w- C:\windows\System32\drivers\tpjvrfnj.sys
2012-05-05 03:46:15 50000 ----a-w- C:\windows\System32\drivers\upfpayoe.sys
2012-05-05 03:43:21 50000 ----a-w- C:\windows\System32\drivers\oylnjtmf.sys
2012-05-05 03:41:55 50000 ----a-w- C:\windows\System32\drivers\yygujcar.sys
2012-05-05 03:40:11 50000 ----a-w- C:\windows\System32\drivers\thajcdyi.sys
2012-05-05 03:39:39 50000 ----a-w- C:\windows\System32\drivers\lwdfegon.sys
2012-05-05 03:36:41 50000 ----a-w- C:\windows\System32\drivers\lkdrqumg.sys
2012-05-05 03:36:18 50000 ----a-w- C:\windows\System32\drivers\utagbpyi.sys
2012-05-05 03:35:55 50000 ----a-w- C:\windows\System32\drivers\wwkosvjm.sys
2012-05-05 03:35:31 50000 ----a-w- C:\windows\System32\drivers\bnyazodi.sys
2012-05-05 03:34:24 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7676B6C-D82C-4734-9B98-4092CDA41686}\offreg.dll
2012-05-05 03:33:59 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7676B6C-D82C-4734-9B98-4092CDA41686}\mpengine.dll
2012-05-05 03:32:25 50000 ----a-w- C:\windows\System32\drivers\mzueewpk.sys
2012-05-05 03:30:54 50000 ----a-w- C:\windows\System32\drivers\vsduwfru.sys
2012-05-05 03:26:56 50000 ----a-w- C:\windows\System32\drivers\sqbiibys.sys
2012-05-05 03:23:14 50000 ----a-w- C:\windows\System32\drivers\ejywgmjk.sys
2012-05-05 03:21:31 50000 ----a-w- C:\windows\System32\drivers\vdrhlegy.sys
2012-05-05 03:19:42 -------- d-----w- C:\1b4cf47c5d4ac354b174595a
2012-05-05 03:13:48 50000 ----a-w- C:\windows\System32\drivers\ebwjjfav.sys
2012-05-05 03:11:25 50000 ----a-w- C:\windows\System32\drivers\neegojfo.sys
2012-05-05 03:11:00 50000 ----a-w- C:\windows\System32\drivers\xsaqznjj.sys
2012-05-05 03:10:37 50000 ----a-w- C:\windows\System32\drivers\cuyucotb.sys
2012-05-05 03:09:27 50000 ----a-w- C:\windows\System32\drivers\orwdisrq.sys
2012-05-05 03:06:45 50000 ----a-w- C:\windows\System32\drivers\zplogtdg.sys
2012-05-05 03:05:36 50000 ----a-w- C:\windows\System32\drivers\oovaaqpc.sys
2012-05-05 03:05:01 50000 ----a-w- C:\windows\System32\drivers\zdvfkrrd.sys
2012-05-05 02:59:33 50000 ----a-w- C:\windows\System32\drivers\odfbgnfg.sys
2012-05-05 02:57:47 50000 ----a-w- C:\windows\System32\drivers\vlahtuzj.sys
2012-05-05 02:50:12 50000 ----a-w- C:\windows\System32\drivers\mgmtilwe.sys
2012-05-05 02:46:44 50000 ----a-w- C:\windows\System32\drivers\gzlcbmof.sys
2012-05-05 02:46:17 50000 ----a-w- C:\windows\System32\drivers\cybnluzc.sys
2012-05-05 02:42:48 50000 ----a-w- C:\windows\System32\drivers\barbgwdo.sys
2012-05-05 02:41:25 50000 ----a-w- C:\windows\System32\drivers\lhbniliu.sys
2012-05-05 02:37:38 50000 ----a-w- C:\windows\System32\drivers\frftzliu.sys
2012-05-05 02:34:59 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\adaware
2012-05-05 02:34:11 94296 ----a-w- C:\windows\System32\drivers\sbtis.sys
2012-05-05 02:33:49 84568 ----a-w- C:\windows\System32\drivers\SbFwIm.sys
2012-05-05 02:33:07 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-05 02:32:42 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FAFBDE0-826E-45AC-94BF-7AC6BE2C63B0}\gapaengine.dll
2012-05-05 02:32:08 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\adawarebp
2012-05-05 02:31:53 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-05-04 01:10:06 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\SUPERAntiSpyware.com
2012-05-04 01:09:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-04 01:09:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-03 23:48:30 -------- d-----w- C:\a092862794172fd6ec
2012-05-03 23:25:07 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-05-03 23:24:49 -------- d-----w- C:\ProgramData\Virtualized Applications
2012-05-03 02:12:58 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\Secunia PSI
2012-05-03 02:12:36 -------- d-----w- C:\Program Files (x86)\Secunia
2012-05-03 02:12:29 50000 ----a-w- C:\windows\System32\drivers\duexozdx.sys
2012-05-03 01:54:39 50000 ----a-w- C:\windows\System32\drivers\hpzlhxtn.sys
2012-05-03 01:42:14 50000 ----a-w- C:\windows\System32\drivers\zrtmdstx.sys
2012-05-02 04:11:27 -------- d-----w- C:\Program Files (x86)\Shutterfly
2012-04-28 01:04:59 45904 ----a-w- C:\windows\System32\sbbd(3891).exe
2012-04-28 01:04:47 60504 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-04-28 01:04:08 253528 ----a-w- C:\windows\System32\drivers\SbFw.sys
2012-04-27 00:19:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-27 00:08:21 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\Systweak
2012-04-26 22:53:02 50000 ----a-w- C:\windows\System32\drivers\kssgogcr.sys
2012-04-26 21:27:49 50000 ----a-w- C:\windows\System32\drivers\nunkamql.sys
2012-04-26 19:01:01 50000 ----a-w- C:\windows\System32\drivers\edaslgkg.sys
2012-04-26 18:38:50 50000 ----a-w- C:\windows\System32\drivers\jnmemfsj.sys
2012-04-26 10:22:55 50000 ----a-w- C:\windows\System32\drivers\xdvlcrql.sys
2012-04-25 22:03:01 50000 ----a-w- C:\windows\System32\drivers\ymnqfadm.sys
2012-04-25 16:15:54 50000 ----a-w- C:\windows\System32\drivers\jgmpnkzl.sys
2012-04-23 10:07:36 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-23 10:06:35 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-23 10:06:33 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-04-23 01:15:53 -------- d-----w- C:\011b12d496168078328a
2012-04-23 00:50:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-23 00:50:33 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-22 23:48:04 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\Malwarebytes
2012-04-22 23:47:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-22 23:47:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 22:59:26 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-04-22 22:58:20 -------- d-----we C:\windows\system64
2012-04-22 22:57:44 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\XACT
2012-04-20 10:30:20 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B784CBE6-25A5-428C-830C-34AAAF5EBC37}\mpengine.dll
2012-04-19 03:57:15 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-04-19 03:57:10 -------- d-----w- C:\Users\Monique K Sarkessian\Corel
2012-04-19 01:04:10 8769696 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:08:54 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 12:59:47 -------- d-----w- C:\Program Files\iPod
2012-04-15 12:59:46 -------- d-----w- C:\Program Files\iTunes
2012-04-11 11:06:59 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-11 11:06:58 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 11:06:57 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-11 11:01:25 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-11 11:01:25 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-11 11:01:25 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-11 11:01:25 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-11 11:01:24 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-11 11:01:24 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-11 11:01:24 220672 ----a-w- C:\windows\System32\wintrust.dll
.
==================== Find3M ====================
.
2012-05-05 03:04:56 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
2012-03-21 00:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-20 22:19:20 836115 ----a-w- C:\ProgramData\SPLE042.tmp
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-02-14 16:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 23:55:42.02 ===============

#14 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 02:07 PM

OK, I am trying to attatch the file caleed Attach.txt, however I am having difficulty is figuring out how to get the browse button to show up. I'll keep on looking

#15 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 05 May 2012 - 02:31 PM

I still can't find the attachment capability. Here is the output of Microsoft Safety Scanner
==========
Trojan:Win32/Alureon.FP - partially remove, manual steps required, restart required
Trojan:Win32/Sirefef.AB - partially remove, restart required
Trojan:Win32/Waprox.A - partially remove, restart required
Trojan:Win64/Sirefef.J - partially remove, restart required
Trojan:Win64/Sirefef.P - partially remove, restart required
Trojan:Win64/Sirefef.U - partially remove, restart required
Trojan:Win64/Sirefef.W - partially remove, restart required
Exploit:JS/Blacole.DG - Removed
Trojan:Win64/Sirefef.Y - Remove

Here are the results of Malicious Software Removal Tool (MS)
Trojan:Win32/Alureon.FP - Partially removed, manual steps required, restart Required

GMER has finished. so i will need to figure out how to post these files.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users