Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Skottelgoed

Skottelgoed

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 19 August 2012 - 01:10 PM

My computer seems to have slowed down a great deal after I downloaded a file. Firefox has slowed to a crawl, as well as chrome. Starting up takes considerably longer than usual and when I try to use Nod32 or Malwarebytes they both reach a point and just hang. Thank you in advance for your assistance and advice! I have taken the liberty of already creating a DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by User at 19:01:15 on 2012-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3933.532 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\User\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\igfxext.exe
C:\Users\User\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Users\User\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\User\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files (x86)\O2 Connection Manager\WaHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\Documents\eclipse\eclipse.exe
C:\Windows\system32\javaw.exe
C:\Users\User\AppData\Local\Android\android-sdk\platform-tools\adb.exe
C:\Windows\system32\conhost.exe
C:\Users\User\AppData\Local\Android\android-sdk\tools\emulator-arm.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uInternet Settings,ProxyServer = 193.1.40.28:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uURLSearchHooks: BitTorrentControl_v8 Toolbar: {caa5fb24-a8e4-49b7-b3d5-3afff7846b4b} - C:\Program Files (x86)\BitTorrentControl_v8\prxtbBitT.dll
mURLSearchHooks: Softonic VLC EN Toolbar: {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files (x86)\Softonic_VLC_EN\tbSoft.dll
mURLSearchHooks: BitTorrentControl_v8 Toolbar: {caa5fb24-a8e4-49b7-b3d5-3afff7846b4b} - C:\Program Files (x86)\BitTorrentControl_v8\prxtbBitT.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: BitTorrentControl_v8 Toolbar: {caa5fb24-a8e4-49b7-b3d5-3afff7846b4b} - C:\Program Files (x86)\BitTorrentControl_v8\prxtbBitT.dll
BHO: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Softonic VLC EN Toolbar: {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files (x86)\Softonic_VLC_EN\tbSoft.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Softonic VLC EN Toolbar: {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files (x86)\Softonic_VLC_EN\tbSoft.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: BitTorrentControl_v8 Toolbar: {caa5fb24-a8e4-49b7-b3d5-3afff7846b4b} - C:\Program Files (x86)\BitTorrentControl_v8\prxtbBitT.dll
TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "C:\Program Files (x86)\O2 Connection Manager\WaHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SDKTRA~1.LNK - C:\Sun\SDK\jdk\bin\javaw.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{31BA8D6F-CAB8-409A-B43D-F905FD3B8838} : NameServer = 62.40.32.33 8.8.8.8
TCP: Interfaces\{3D1C9114-52E6-4EBA-A604-4365B3FE410B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D1C9114-52E6-4EBA-A604-4365B3FE410B}\45869637F4E65684562756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D1C9114-52E6-4EBA-A604-4365B3FE410B}\74275656E6547676 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8169041E-980C-4811-BE4C-55AC4BAD1190} : NameServer = 62.40.32.33 8.8.8.8
TCP: Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: BitTorrentControl_v8 Toolbar: {caa5fb24-a8e4-49b7-b3d5-3afff7846b4b} - C:\Program Files (x86)\BitTorrentControl_v8\prxtbBitT.dll
BHO-X64: BitTorrentControl_v8 - No File
BHO-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Softonic VLC EN Toolbar: {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files (x86)\Softonic_VLC_EN\tbSoft.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Softonic VLC EN Toolbar: {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:\Program Files (x86)\Softonic_VLC_EN\tbSoft.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB-X64: BitTorrentControl_v8 Toolbar: {caa5fb24-a8e4-49b7-b3d5-3afff7846b4b} - C:\Program Files (x86)\BitTorrentControl_v8\prxtbBitT.dll
TB-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun-x64: [WatcherHelper] "C:\Program Files (x86)\O2 Connection Manager\WaHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2zfj3pe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365274&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365274&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2zfj3pe.default\extensions\{e6570cd8-9978-4621-b1f9-6a62436f0466}\plugins\np-mswmp.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-9 1030600]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-21 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-08-19 10:29:38 -------- d-----w- C:\Users\User\AppData\Local\{9ACCA2D9-A8A5-4AA9-9F0E-890D4D39CC38}
2012-08-18 18:12:53 -------- d-----w- C:\Users\User\AppData\Local\{D9938953-7639-4DF3-BCFE-B89CFA4FDF5F}
2012-08-18 18:12:22 -------- d-----w- C:\Users\User\AppData\Local\{776FACA5-6E1B-4FA3-BA71-B42990CBFB6D}
2012-08-17 20:35:37 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70EB9503-7D21-4A1E-947C-B53CE98A32E2}\mpengine.dll
2012-08-17 15:09:53 -------- d-----w- C:\Users\User\AppData\Local\{4872C5B3-F17D-40D2-B95F-BFEB48372BB0}
2012-08-17 15:09:24 -------- d-----w- C:\Users\User\AppData\Local\{D8F1EEB0-7C13-4A2D-BA7E-2EBECA25FBE0}
2012-08-16 19:00:59 -------- d-----w- C:\Users\User\AppData\Local\{088D178F-6C09-44C1-854B-4AEF1F8B3C02}
2012-08-16 19:00:34 -------- d-----w- C:\Users\User\AppData\Local\{D785F9AE-7478-4EE0-93E3-32F12F9EF0BA}
2012-08-16 03:02:32 -------- d-----w- C:\Users\User\AppData\Local\{9955526A-E066-4894-9A9E-98A86B6CAE4C}
2012-08-16 03:02:06 -------- d-----w- C:\Users\User\AppData\Local\{20142298-8BCB-4379-896F-4C7946A1B899}
2012-08-15 10:12:47 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 10:12:47 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 10:12:42 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 10:12:41 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 10:12:41 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 10:12:40 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 10:12:38 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 10:12:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 10:12:37 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 10:12:23 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 10:11:25 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 09:57:51 -------- d-----w- C:\Users\User\AppData\Local\{CE59A3B2-9D02-4047-A701-13B843533361}
2012-08-15 09:57:23 -------- d-----w- C:\Users\User\AppData\Local\{78DDF56A-4F5C-4523-90D2-0A436CA125CA}
2012-08-14 09:44:40 -------- d-----w- C:\Users\User\AppData\Local\{6405C943-04F3-4452-A718-66736FECF8B8}
2012-08-14 09:44:12 -------- d-----w- C:\Users\User\AppData\Local\{6859320C-4B33-4ED5-BDA2-19ECD7966F27}
2012-08-13 10:48:11 -------- d-----w- C:\Users\User\AppData\Local\{CEAF42FF-B495-4F45-9DBA-5A3E0B8B1A85}
2012-08-13 10:46:47 -------- d-----w- C:\Users\User\AppData\Local\{69825B87-EC32-41F3-919D-F8B18B577113}
2012-08-12 09:47:54 -------- d-----w- C:\Users\User\AppData\Local\{5C74BC0A-A157-42E1-A7CC-67ABBD7794E4}
2012-08-12 09:47:25 -------- d-----w- C:\Users\User\AppData\Local\{59210C4C-3911-4568-AF9A-75DCAEFF6A12}
2012-08-11 10:38:35 -------- d-----w- C:\Users\User\AppData\Local\{396A5E19-E747-410D-8DD3-2E9D4C22138F}
2012-08-11 10:38:09 -------- d-----w- C:\Users\User\AppData\Local\{9A82645B-A6BC-4627-84DE-2F26EE1D2FEE}
2012-08-10 22:37:34 -------- d-----w- C:\Users\User\AppData\Local\{D5DDE172-64B0-4B31-9E0C-4207A3CF96D3}
2012-08-10 22:37:20 -------- d-----w- C:\Users\User\AppData\Local\{13430363-1B3A-4F4E-B3E4-2F9C71BF4EA4}
2012-08-10 10:36:31 -------- d-----w- C:\Users\User\AppData\Local\{82E661F7-B7A7-4955-AE12-7F7D48CC69F3}
2012-08-10 10:35:56 -------- d-----w- C:\Users\User\AppData\Local\{57A39640-AC14-4125-AE31-BD044A220C15}
2012-08-09 22:34:55 -------- d-----w- C:\Users\User\AppData\Local\{7B7ABD89-FEFE-4363-ABDD-E258C58DC676}
2012-08-09 22:34:30 -------- d-----w- C:\Users\User\AppData\Local\{92F2B557-F8B3-4DE9-9254-216763E23544}
2012-08-08 22:21:11 -------- d-----w- C:\Users\User\AppData\Local\{593CF274-2994-454F-ACDF-E627D4499860}
2012-08-08 22:20:34 -------- d-----w- C:\Users\User\AppData\Local\{F86D7A51-3C99-472A-BF8A-5F0EE60A90E7}
2012-08-08 10:19:37 -------- d-----w- C:\Users\User\AppData\Local\{A5B51B35-4CD8-4D5E-A77B-45BD86A772ED}
2012-08-08 10:19:00 -------- d-----w- C:\Users\User\AppData\Local\{41194C15-5438-46D7-B60F-95E2A13F4899}
2012-08-07 11:00:05 -------- d-----w- C:\Users\User\AppData\Local\{7CE0E479-E332-45B1-B531-E079259B63F5}
2012-08-06 22:14:49 -------- d-----w- C:\Users\User\AppData\Local\{1939E78E-0D1D-4798-B60B-F01D468FA18F}
2012-08-06 22:14:25 -------- d-----w- C:\Users\User\AppData\Local\{17124D73-996B-4F07-9D49-10D77A23DDDB}
2012-08-06 10:13:26 -------- d-----w- C:\Users\User\AppData\Local\{3BBF53A0-9BE6-4A8D-9ED6-92C8A5FF9064}
2012-08-06 10:12:58 -------- d-----w- C:\Users\User\AppData\Local\{F9BAEEA4-B924-4477-8C67-85D2226FA6E5}
2012-08-05 14:22:02 -------- d-----w- C:\Users\User\AppData\Local\{CF75564D-DA6B-4E4D-94AF-864F007A8D31}
2012-08-05 14:21:19 -------- d-----w- C:\Users\User\AppData\Local\{335535A0-FB20-45A2-8955-6C4E1B09F2BA}
2012-08-04 22:36:41 -------- d-----w- C:\Users\User\AppData\Local\{6E873D3E-1022-4D3E-BF65-2247A85EE922}
2012-08-04 22:36:13 -------- d-----w- C:\Users\User\AppData\Local\{E2499C24-5178-41A7-A844-90C32CCBB111}
2012-08-04 10:35:15 -------- d-----w- C:\Users\User\AppData\Local\{B3065F66-003F-46D3-9E19-2FE213563F38}
2012-08-04 10:34:48 -------- d-----w- C:\Users\User\AppData\Local\{2EF6BD22-CBD1-40F4-B0D0-DA2564C58A29}
2012-08-03 13:28:01 -------- d-----w- C:\Users\User\AppData\Local\{8024DA5C-8398-4971-A9E1-FDF130BEEB9E}
2012-08-03 13:27:36 -------- d-----w- C:\Users\User\AppData\Local\{BB77C3E0-3D24-421A-BDAD-F14D531E4064}
2012-08-03 01:26:59 -------- d-----w- C:\Users\User\AppData\Local\{3C605469-6E14-463A-B259-1452405D500C}
2012-08-03 01:26:39 -------- d-----w- C:\Users\User\AppData\Local\{45CB95A4-3AEA-4A99-AD4C-4418B6CDFFF2}
2012-08-02 20:55:17 -------- d-----w- C:\Users\User\AppData\Roaming\ooVoo Details
2012-08-02 20:54:49 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-08-02 20:54:38 -------- d-----w- C:\Users\User\AppData\Local\APN
2012-08-02 13:21:30 -------- d-----w- C:\Users\User\AppData\Local\{C180740B-F6DA-454E-A795-551B6A0B032D}
2012-08-02 13:18:51 -------- d-----w- C:\Users\User\AppData\Local\{E8C7E71B-2B18-4384-82C7-DAB5B85D114C}
2012-08-01 23:36:03 -------- d-----w- C:\Users\User\AppData\Local\{C57C7619-83B0-4698-93B8-FC6B2D5728EE}
2012-08-01 23:35:37 -------- d-----w- C:\Users\User\AppData\Local\{A9D8F258-F899-4757-A92D-5BA5F7815707}
2012-08-01 11:34:55 -------- d-----w- C:\Users\User\AppData\Local\{6D85A646-01BD-4505-94E1-128760AC68D5}
2012-08-01 11:34:29 -------- d-----w- C:\Users\User\AppData\Local\{B2C1B2CF-C75A-4CA8-A9EE-BA6D1391DDD0}
2012-07-31 23:33:46 -------- d-----w- C:\Users\User\AppData\Local\{6721CF18-1388-4E73-AE62-FF754221995B}
2012-07-31 23:33:21 -------- d-----w- C:\Users\User\AppData\Local\{4F729AD8-133E-4204-9993-9A901E697285}
2012-07-31 11:32:37 -------- d-----w- C:\Users\User\AppData\Local\{FF38FE8B-A77E-4491-B937-A1342840726C}
2012-07-31 11:32:08 -------- d-----w- C:\Users\User\AppData\Local\{89618DB0-5DFB-456D-AE53-7C1D42EEAE59}
2012-07-30 23:31:27 -------- d-----w- C:\Users\User\AppData\Local\{DE54BF13-FCC7-4F4B-83EA-A291207A723E}
2012-07-30 11:29:44 -------- d-----w- C:\Users\User\AppData\Local\{B9A1B948-CCF1-49E9-BF2C-6A2ED4C93C30}
2012-07-30 11:29:22 -------- d-----w- C:\Users\User\AppData\Local\{D542D0A4-9FB3-47E0-88D3-0438ABDCB54B}
2012-07-29 19:21:44 -------- d-----w- C:\Users\User\AppData\Local\{844FA819-75B4-49B1-AE36-A86A7314DFBE}
2012-07-29 19:21:17 -------- d-----w- C:\Users\User\AppData\Local\{67E68957-F1ED-4914-82AD-1BB6F44540F9}
2012-07-29 12:15:36 -------- d-----w- C:\Users\User\AppData\Local\{576E08BD-BB7F-4175-A497-0D7FE5904C7D}
2012-07-29 12:15:17 -------- d-----w- C:\Users\User\AppData\Local\{AD02CB99-61A4-4D4A-B6A8-7A2E83D9D328}
2012-07-28 23:56:41 -------- d-----w- C:\Users\User\.android
2012-07-28 23:53:31 -------- d-----w- C:\Users\User\AppData\Local\Android
2012-07-28 23:31:50 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-28 23:31:50 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-28 22:46:47 -------- d-----w- C:\Users\User\AppData\Local\{E5F6CACC-0BED-48E1-BDAA-7063A4192ED1}
2012-07-28 22:46:23 -------- d-----w- C:\Users\User\AppData\Local\{38222DC5-3DEA-459D-A76A-D01D07E829E5}
2012-07-28 10:46:05 -------- d-----w- C:\Users\User\AppData\Local\{52C0D38D-A41D-493C-A1B2-80E9AC8842D7}
2012-07-28 10:45:39 -------- d-----w- C:\Users\User\AppData\Local\{7AF12A93-C053-4A17-B207-21F8A35526E4}
2012-07-27 22:44:52 -------- d-----w- C:\Users\User\AppData\Local\{53076940-DF1E-4EFB-A915-87239623036D}
2012-07-27 22:42:59 -------- d-----w- C:\Users\User\AppData\Local\{5F7B777D-EF10-4E9A-884C-84043391AA78}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 00:21:51 -------- d-----w- C:\Users\User\AppData\Local\{0EAD521A-6467-4995-8EDF-A014AEC1F256}
2012-07-27 00:21:24 -------- d-----w- C:\Users\User\AppData\Local\{46CF09DA-F9BF-4CEE-B102-094719829F67}
2012-07-26 09:44:15 -------- d-----w- C:\Users\User\AppData\Local\{6CCA8C70-491A-4A7D-B9F3-B8EB24F36F59}
2012-07-26 09:44:02 -------- d-----w- C:\Users\User\AppData\Local\{84C021D2-50BC-465F-B8D5-ABBFFF6B182D}
2012-07-25 21:43:21 -------- d-----w- C:\Users\User\AppData\Local\{E1950B88-1758-4174-8623-78FA55588074}
2012-07-25 21:42:54 -------- d-----w- C:\Users\User\AppData\Local\{C4769317-5716-4CEF-BF39-69B3446F8A2E}
2012-07-25 09:41:18 -------- d-----w- C:\Users\User\AppData\Local\{F4FBDF16-9DE6-4CD6-9BF4-40D15F7DB5BF}
2012-07-25 09:40:41 -------- d-----w- C:\Users\User\AppData\Local\{620C0C34-81F2-47CE-B357-0E4A9C48F203}
2012-07-24 12:08:24 -------- d-----w- C:\Users\User\AppData\Local\{4B26A0BA-E4F0-4733-B400-C232B85E3C02}
2012-07-24 12:08:00 -------- d-----w- C:\Users\User\AppData\Local\{B24DFACF-8EAE-42C7-B7E4-4CE361970697}
2012-07-24 00:07:05 -------- d-----w- C:\Users\User\AppData\Local\{387B3DD2-DEA2-483C-A393-3F4D39B0ED2B}
2012-07-24 00:06:38 -------- d-----w- C:\Users\User\AppData\Local\{BC28C908-5645-4195-9AA4-B122A00D2FB2}
2012-07-23 12:05:54 -------- d-----w- C:\Users\User\AppData\Local\{AAA3F33F-4301-4D41-B922-40808015CE6E}
2012-07-23 12:05:29 -------- d-----w- C:\Users\User\AppData\Local\{32BF2675-E4AF-469E-8501-2E036A83B8DA}
2012-07-23 00:04:52 -------- d-----w- C:\Users\User\AppData\Local\{4FFC9939-7072-4929-AE30-A7AB82ABADF6}
2012-07-23 00:04:25 -------- d-----w- C:\Users\User\AppData\Local\{BC1658E6-82E6-46B3-98BF-93833930B0F4}
2012-07-22 12:03:41 -------- d-----w- C:\Users\User\AppData\Local\{DE00C288-D479-4D3D-AB89-EBD2D2E8CE18}
2012-07-22 12:03:13 -------- d-----w- C:\Users\User\AppData\Local\{0442DED6-9374-40B0-BDC4-AB1253B910BE}
2012-07-22 00:02:38 -------- d-----w- C:\Users\User\AppData\Local\{222C441C-42B8-49D4-B610-1A49A7A51A74}
2012-07-22 00:02:10 -------- d-----w- C:\Users\User\AppData\Local\{3929EE45-0169-407E-8D2E-7CD121ECFCCF}
2012-07-21 11:59:35 -------- d-----w- C:\Users\User\AppData\Local\{EF5E8458-C836-4B77-93EE-F06595600E9E}
2012-07-21 11:58:05 -------- d-----w- C:\Users\User\AppData\Local\{319EE82F-006B-443A-B0F9-D9DF2FA4EEA0}
2012-07-20 20:02:36 -------- d-----w- C:\Users\User\AppData\Local\{9EF64A98-7107-4D55-89C7-BC8F121FE5EC}
2012-07-20 20:02:10 -------- d-----w- C:\Users\User\AppData\Local\{E013BE9B-DB39-471D-8C4A-F5A72DB3C23D}
.
==================== Find3M ====================
.
2012-08-15 10:05:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 10:05:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 19:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 14:49:54 53 ----a-w- C:\Users\User\AppData\Roaming\mata.bat
2012-06-06 14:49:50 162 ----a-w- C:\Users\User\AppData\Roaming\mata2.bat
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:05:34.98 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:36 AM

Posted 23 August 2012 - 06:10 PM

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Skottelgoed

Skottelgoed
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 24 August 2012 - 06:46 PM

Hi Ctabyte,

Thank you for the reply, but I got it fixed! I appreciate your assistance in this matter though. Keep up the excellent work!

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:36 AM

Posted 24 August 2012 - 07:42 PM

good to hear

thanks for letting me know

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:36 AM

Posted 24 August 2012 - 07:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users