TechSpot

BAD IMAGE WARNING

By pandorajill
Apr 26, 2013
  1. I have followed the steps that are posted here. Below is the following results.

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16476
    Run by Jill at 8:32:57 on 2013-04-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1913.423 [GMT 12:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Telecom Connection Manager\AssistantServices.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Telecom Connection Manager\UIExec.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=117064&tt=4412_7&babsrc=HP_ss&mntrId=308d1c3b0000000000004cedde93b31b
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://toshiba.msn.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://websearch.mocaflix.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Facebook Update] "c:\users\jill\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
    mRun: [KeNotify] "c:\program files\toshiba\utilities\KeNotify.exe" LPCM
    mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
    mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
    mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
    mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
    mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
    mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED
    mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
    mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
    mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
    mRun: [UIExec] "c:\program files\telecom connection manager\UIExec.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...UisxMS1TVDEyRk9JKzE"&"prod=55"&"ver=10.0.1424
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: c:\users\jill\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{90AD314A-B75C-425B-BDA8-BBD7AD45593E} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{90AD314A-B75C-425B-BDA8-BBD7AD45593E}\2545141303235375D2034493242443 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{90AD314A-B75C-425B-BDA8-BBD7AD45593E}\5446573616D60774D435 : DHCPNameServer = 192.168.0.10
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~1\wxdown~1\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jill\appdata\roaming\mozilla\firefox\profiles\0nr0irkn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={7E1CFE1C-4AE1-4045-8E5F-CE8C9A34E486}&mid=07bec428be0047d19870cd3c4e62934e-5e2174d158839c2364a97f7bfe9285afdd421164&lang=en&ds=AVG&pr=fr&d=2012-12-06 16:32:11&v=13.2.0.4&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jill\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\jill\appdata\roaming\mozilla\firefox\profiles\0nr0irkn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-03-12 09:35; {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}; c:\users\jill\appdata\roaming\mozilla\firefox\profiles\0nr0irkn.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=308d1c3b0000000000004cedde93b31b&q=
    FF - user.js: extensions.BabylonToolbar.id - 308d1c3b0000000000004cedde93b31b
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15647
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.817:12:11
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-6 33112]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-5 822624]
    R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek usb 2.0 card reader\RIconMan.exe [2011-5-27 1811456]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-27 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-27 701512]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.202\ccSvcHst.exe [2011-5-27 126392]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-2 508776]
    R2 UI Assistant Service;UI Assistant Service;c:\program files\telecom connection manager\AssistantServices.exe [2011-7-17 253264]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
    R3 CeKbFilter;CeKbFilter;c:\windows\system32\drivers\CeKbFilter.sys [2011-5-27 17520]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-27 22856]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-5-27 24064]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-27 280168]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-2 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-2 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-2 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-2 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-2 219496]
    R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-5-27 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 111960]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-17 9216]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-5-27 182304]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-30 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
    S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [2011-1-13 106752]
    S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2011-1-13 106752]
    S3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\drivers\zghsnmea.sys [2011-1-13 106752]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
    .
    =============== Created Last 30 ================
    .
    2013-04-26 20:30:56 54016 ----a-w- c:\windows\system32\drivers\cnjbl.sys
    2013-04-26 20:05:20 -------- d-----w- c:\users\jill\appdata\roaming\Malwarebytes
    2013-04-26 20:05:09 -------- d-----w- c:\programdata\Malwarebytes
    2013-04-26 20:05:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-04-26 20:05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-04-24 22:15:28 -------- d-----w- c:\users\jill\appdata\local\{34FEB2A7-EEB7-466C-929D-9AE491748E27}
    2013-04-23 20:09:42 -------- d-----w- c:\users\jill\appdata\local\{B3B942CB-1B98-4559-8A76-EF1B58508255}
    2013-04-23 19:09:06 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-19 23:51:48 -------- d-----w- c:\users\jill\appdata\local\{76D70AB5-1705-44DB-B450-E9E20492F662}
    2013-04-18 19:47:08 -------- d-----w- c:\users\jill\appdata\local\{3505AB25-1FB8-403E-9131-24D5B77AF6B1}
    2013-04-13 03:37:47 -------- d-----w- c:\users\jill\appdata\local\{632B6E8A-9DFB-44DF-AFBE-FDAE836541AB}
    2013-04-12 23:47:43 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
    2013-04-09 19:47:48 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-04-09 19:47:46 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-04-09 19:47:43 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-04-09 19:47:43 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-09 19:47:42 69632 ----a-w- c:\windows\system32\smss.exe
    2013-04-09 19:47:41 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-09 19:47:34 3217408 ----a-w- c:\windows\system32\mstscax.dll
    2013-04-09 19:47:32 36864 ----a-w- c:\windows\system32\tsgqec.dll
    2013-04-09 19:47:32 131584 ----a-w- c:\windows\system32\aaclient.dll
    2013-04-08 08:30:32 -------- d-----w- c:\users\jill\appdata\local\{8E858D4D-08F0-4EF7-9ABA-6D3E401700A2}
    2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
    2013-04-02 04:05:10 -------- d-----w- c:\programdata\McAfee Security Scan
    2013-03-30 22:59:30 -------- d-----w- c:\users\jill\appdata\local\{F7D082BE-7F5B-43E4-81B1-58E18A381675}
    .
    ==================== Find3M ====================
    .
    2013-03-13 03:26:13 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-13 03:26:13 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-02-20 18:01:25 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-20 18:01:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-19 05:27:23 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    .
    ============= FINISH: 8:34:47.42 ===============

    And

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.04.26.06
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Jill :: JILL-PC [administrator]
    Protection: Enabled
    27/04/2013 8:08:54 a.m.
    mbam-log-2013-04-27 (08-08-54).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 307996
    Time elapsed: 21 minute(s), 23 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 6
    C:\Users\Jill\AppData\Local\Temp\{46E7D982-2E26-183C-FAD7-66049D04FB74}\Addons\wxdownload_extension.exe (PUP.FakePlug) -> Quarantined and deleted successfully.
    C:\Users\Family\Downloads\installer_visualboy_advance.exe (PUP.Adbundler) -> Quarantined and deleted successfully.
    C:\Users\Jill\Downloads\SoftonicDownloader_for_windows-live-messenger.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
    C:\Users\Jill\Local Settings\Temporary Internet Files\Content.IE5\1U4JQ1B8\509494125f81e[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Jill\Local Settings\Temporary Internet Files\Content.IE5\1U4JQ1B8\50949d39032eb[1].exe (PUP.FakePlug) -> Quarantined and deleted successfully.
    C:\Users\Jill\Local Settings\Temporary Internet Files\Content.IE5\N3LN5185\50949d2738977[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.
    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    I still need Attach.txt part of DDS.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...