Inactive Need assist removing possible malware

[Rualani]

Having issues with too much CPU usage. I looked at your preliminary thread and got the tools and did some scans. Just wanting to see if I can get further info before I use logs.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Rualani]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8125

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/9/2011 10:57:03 PM
mbam-log-2011-11-09 (22-57-02).txt

Scan type: Quick scan
Objects scanned: 197010
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Rualani]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Derek at 14:09:14 on 2011-11-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1012 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Xobni\XobniService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [Facebook Update] "C:\Users\Derek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Derek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://ccacas3.indstate.edu/auth/taweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C}\2656C6B696E6E253434363 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C}\943555D2F49445D2E4755405 : DhcpNameServer = 139.102.7.102 139.102.48.35 139.102.15.40
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C}\A6F656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C}\B4569777F627B6 : DhcpNameServer = 76.85.229.110 76.85.229.111
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C}\C696E6B6379737 : DhcpNameServer = 76.85.229.110 76.85.229.111
TCP: Interfaces\{0FE2EB99-7C47-4CEC-868E-770E3CF9AB8C}\D6164747865677 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5F4C2A11-A1D1-4D2A-ACAD-6B3403249EE9} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
BHO-X64: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO-X64: StumbleUpon Launcher - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll
TB-X64: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\4zf10bn3.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\components\coFFNST.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Derek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\4zf10bn3.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-4-25 352656]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-9-27 745880]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-10 44768]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2010-12-24 312152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-9 366152]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-7-20 126904]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2009-10-12 46824]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-2-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1cacdd0a478f86f;Google Update Service (gupdate1cacdd0a478f86f);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-27 133104]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys --> C:\windows\system32\DRIVERS\motfilt.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-27 133104]
S3 motandroidusb;Mot ADB Interface Driver;C:\windows\system32\Drivers\motoandroid.sys --> C:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys --> C:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-4-13 103336]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-09 16:20:08 -------- d-----w- C:\Users\Derek\AppData\Roaming\Malwarebytes
2011-11-09 16:19:59 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-09 16:19:55 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-09 16:19:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 12:25:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BD6540F-2ED8-4EAB-A7DF-E2D6D23884D7}\offreg.dll
2011-11-08 12:25:11 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BD6540F-2ED8-4EAB-A7DF-E2D6D23884D7}\mpengine.dll
2011-11-06 08:32:39 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-11-06 08:31:30 -------- d-----w- C:\Intel
2011-11-06 08:20:03 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-06 08:20:03 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-11-01 17:15:25 69632 ------w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-11-01 17:15:25 -------- d-----w- C:\Program Files (x86)\alaplaya
2011-11-01 17:15:22 380928 ------w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-01 17:15:22 212992 ------w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-01 17:06:14 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2011-10-31 01:29:31 -------- d-----w- C:\Users\Derek\AppData\Local\{6C4D520C-35AB-444F-962A-D842C427333E}
2011-10-31 01:26:27 -------- d-----w- C:\Users\Derek\AppData\Local\{C29AAA90-14EC-4D92-8466-A798CBFF8AA9}
2011-10-31 01:26:23 -------- d-----w- C:\Users\Derek\AppData\Local\{2C317413-4B76-4214-AC82-74CFB68E2AE0}
2011-10-22 20:58:31 -------- d-----w- C:\Users\Derek\AppData\Local\WinZip
2011-10-22 20:57:06 -------- d-----w- C:\Users\Derek\.swt
2011-10-19 14:41:51 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-10-19 14:41:50 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2011-10-16 15:09:24 -------- d-----w- C:\Program Files\iPod
2011-10-16 15:09:23 -------- d-----w- C:\Program Files\iTunes
2011-10-16 15:06:15 -------- d-----w- C:\Program Files\Bonjour
2011-10-16 15:06:15 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-13 01:18:54 3138048 ----a-w- C:\windows\System32\win32k.sys
2011-10-13 01:12:33 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-10-13 01:12:33 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-10-13 01:12:33 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-10-13 01:12:33 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-10-13 01:08:56 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-10-13 01:08:56 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-10-13 01:08:55 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-10-13 01:08:55 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2011-10-06 14:46:08 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
.
============= FINISH: 14:10:45.50 ===============

 

[Rualani]

I couldn't get a log of gmer even in safe mode so I'm a bit lost there.

 

[Rualani]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/27/2010 12:24:45 PM
System Uptime: 11/9/2011 12:58:46 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 31.079 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP177: 11/1/2011 1:14:45 PM - Installed S4 League_EU
RP178: 11/1/2011 2:21:13 PM - Windows Update
RP179: 11/4/2011 4:20:56 PM - Windows Update
RP180: 11/6/2011 3:18:01 AM - Installed Java(TM) 6 Update 29
RP181: 11/8/2011 7:24:19 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.4
Advanced SystemCare 4
Akamai NetSession Interface Service
Amazon Links
Apple Application Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Blackhawk Striker 2
BS.Player FREE
Compatibility Pack for the 2007 Office system
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
DC Universe Online Live
Diablo II
Facebook Video Calling 1.0.0.8714
Faerie Solitaire
FATE Undiscovered Realms
ffdshow [rev 2527] [2008-12-19]
Free YouTube to MP3 Converter version 3.10.11.923
FreeApps
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
IObit Security 360
IObit Toolbar v4.7
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Label@Once 1.0
Magic The Gathering Tactics
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Monopoly
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The Vegas Heist
NetZero Launcher
Norton Safe Web Lite
NVIDIA PhysX
Polar Bowler
Quickbooks Financial Center
QuickTime
Raptr
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Rualani]

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-10 10:55:00
-----------------------------
10:55:00.211 OS Version: Windows x64 6.1.7601 Service Pack 1
10:55:00.211 Number of processors: 2 586 0x170A
10:55:00.214 ComputerName: DEREK-PC UserName: Derek
10:55:03.354 Initialize success
10:55:03.862 AVAST engine defs: 11111000
10:55:09.197 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:55:09.200 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
10:55:09.214 Disk 0 MBR read successfully
10:55:09.218 Disk 0 MBR scan
10:55:09.223 Disk 0 Windows VISTA default MBR code
10:55:09.228 Service scanning
10:55:17.699 Modules scanning
10:55:17.705 Disk 0 trace - called modules:
10:55:17.734 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
10:55:17.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ec060]
10:55:17.748 3 CLASSPNP.SYS[fffff8800162c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002d14050]
10:55:18.642 AVAST engine scan C:\windows
10:55:22.497 AVAST engine scan C:\windows\system32
10:57:50.004 AVAST engine scan C:\windows\system32\drivers
10:58:07.904 AVAST engine scan C:\Users\Derek
11:11:41.944 AVAST engine scan C:\ProgramData
11:14:39.547 Scan finished successfully
11:15:11.204 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Documents\MBR.dat"
11:15:11.211 The log file has been saved successfully to "C:\Users\Derek\Documents\aswMBR.txt"

 

[Rualani]

ComboFix 11-11-10.02 - Derek 11/10/2011 12:30:22.3.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1385 [GMT -5:00]
Running from: c:\users\Derek\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Derek\AppData\Roaming\RIFT\rift.cfg
c:\users\Derek\Documents\~WRL2736.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 17:38 . 2011-11-10 17:38 -------- d-----w- c:\users\Mcx1-DEREK-PC\AppData\Local\temp
2011-11-10 17:38 . 2011-11-10 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 19:55 . 2011-11-09 19:55 -------- d-----w- c:\users\Derek\AppData\Local\Akamai
2011-11-09 16:20 . 2011-11-09 16:20 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes
2011-11-09 16:19 . 2011-11-09 16:19 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 16:19 . 2011-11-09 16:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 16:19 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 15:36 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:36 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:36 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 12:25 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BD6540F-2ED8-4EAB-A7DF-E2D6D23884D7}\mpengine.dll
2011-11-06 08:32 . 2011-11-06 08:32 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-11-06 08:32 . 2011-11-06 08:32 -------- d-----w- c:\users\Derek\AppData\Roaming\SystemRequirementsLab
2011-11-06 08:31 . 2011-11-06 08:31 -------- d-----w- C:\Intel
2011-11-06 08:20 . 2011-11-06 08:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-06 08:20 . 2011-10-03 10:06 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-06 08:20 . 2011-10-03 10:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-01 17:15 . 2011-11-01 17:15 -------- d-----w- c:\program files (x86)\alaplaya
2011-11-01 17:15 . 2003-08-15 20:02 69632 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-11-01 17:15 . 2003-08-15 20:01 380928 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-01 17:15 . 2003-08-15 19:57 212992 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-01 17:06 . 2011-11-10 17:16 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-10-22 20:58 . 2011-10-22 20:58 -------- d-----w- c:\programdata\WinZip
2011-10-22 20:58 . 2011-10-22 20:58 -------- d-----w- c:\users\Derek\AppData\Local\WinZip
2011-10-22 20:57 . 2011-10-22 20:57 -------- d-----w- c:\users\Derek\.swt
2011-10-19 14:41 . 2011-10-19 14:41 -------- d-----w- c:\program files (x86)\Application Updater
2011-10-19 14:41 . 2011-10-19 14:41 -------- d-----w- c:\program files (x86)\IObit Toolbar
2011-10-16 15:06 . 2011-10-16 15:06 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-16 15:06 . 2011-10-16 15:06 -------- d-----w- c:\program files\Bonjour
2011-10-16 14:54 . 2011-10-16 14:54 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-13 01:12 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 01:12 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 01:12 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 01:12 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 01:08 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 01:08 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 01:08 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 01:08 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 14:46 . 2011-06-23 07:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2011-05-13 06:13 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-05-13 06:13 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-05-13 06:13 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-13 06:13 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-05-13 06:13 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-05-13 06:13 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-05-13 06:13 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-05-13 06:13 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-05-13 06:13 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_17.17.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-20 09:18 . 2011-11-10 17:18 47170 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-10 15:51 52116 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-10 17:18 52116 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-28 08:05 . 2011-11-10 17:18 17888 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3889960051-1611695843-1849996370-1001_UserData.bin
- 2011-11-10 17:15 . 2011-11-10 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-10 17:39 . 2011-11-10 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-10 17:15 . 2011-11-10 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-10 17:39 . 2011-11-10 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-11-10 16:59 393752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-10 17:25 393752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-08 399736]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2011-11-07 53160]
"Facebook Update"="c:\users\Derek\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Akamai NetSession Interface"="c:\users\Derek\AppData\Local\Akamai\netsession_win.exe" [2011-11-08 3295320]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-28 894304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 gupdate1cacdd0a478f86f;Google Update Service (gupdate1cacdd0a478f86f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 133104]
R2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-05-23 126904]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2009-10-12 46824]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 EraserUtilDrvI10;EraserUtilDrvI10;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 133104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-04-13 103336]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Derek\AppData\Local\Temp\005FD33.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3889960051-1611695843-1849996370-1001Core.job
- c:\users\Derek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:40]
.
2011-11-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3889960051-1611695843-1849996370-1001UA.job
- c:\users\Derek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:40]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 17:12]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 17:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Derek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://ccacas3.indstate.edu/auth/taweb.cab
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\4zf10bn3.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Derek\AppData\Local\Temp\005FD33.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{5093EB4C-3E93-40AB-9266-B607BA87BDC8}"=hex:51,66,7a,6c,4c,1d,38,12,22,e8,80,
54,a1,70,c5,05,ed,70,f5,47,bf,d9,f9,dc
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{145B29F4-A56B-4B90-BBAC-45784EBEBBB7}"=hex:51,66,7a,6c,4c,1d,38,12,9a,2a,48,
10,59,eb,fe,0e,c4,ba,06,38,4b,e0,ff,a3
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ee,46,90,e4,2e,61,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,ac,20,a5,52,27,85,48,8e,33,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,ac,20,a5,52,27,85,48,8e,33,5c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\00\18\13\1f0\0b"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-10 12:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-10 17:44
.
Pre-Run: 71,759,572,992 bytes free
Post-Run: 71,665,000,448 bytes free
.
- - End Of File - - 032965E395ECD12DC93FE1580E517918

 

[Rualani]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/10/2011 at 12:55:28.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe
C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe


Rkill completed on 11/10/2011 at 12:55:58.

 

[Rualani]

Combofix had to be run in safe mode and rebooted in safe mode to work. Also it still spikes randomnly to like 40% on cpu usage when nothing is running O.o. Don't get me started on games lol.

 

[Broni]

Uninstall Advanced SystemCare 4.

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

===================================================================

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

 

[Rualani]

K here's the Attached file. Er is that system idle right?

 

[Broni]

Yeah, something is going on there.

Check Primary and Secondary IDE settings: Device Manager -> IDE ATA/ATAPI controllers -> Primary or Secondary IDE Channel -> Properties -> Advanced Settings. Look at the Current Transfer Mode field.
See, if it's in PIO mode instead of DMA mode.

 

[Rualani]

When i navigate i get Device manager => IDE ATA/ATAPI controllers => Intel(R) ICH9M-E/M SATA AHCI Controller => (General,Driver,Details,Resources). I can't find an advanced options section O.O. You can look up properties under "details" though.

 

[Broni]

That's fine.

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Rualani]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

---------On side note had to press enter to copy it.----------

 

[Broni]

All scans come up rather clean so I don't think we're dealing with any infection there.

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck!

 

[Rualani]

Thank you for your time. TTFN

 

[Broni]

You're very welcome

I suspect either overheating or some hardware issue.