Virus AGAIN!

[jl1]

Thanks in advance for all the help given in the past. Once again, I've been infected. At first I thought it was the age of my laptop that caused the slowness and quirks, as regular scans with AVG, Malwarebytes and Super Antispyware (SAS) always indicate no issues. Then I tried to view youtube: what a nightmare. The site gets taken over by a thousand ads, fails to play the video, and redirects and reopens (after closing) the browser. I wrote it off to Youtube being screwed up by Google changes, but then I was able to view without problems on another computer. So I started up in safemode w/networking, updated Malwarebytes, AVG & SAS, and ran them. SAS indicated 4 adwares, but nothing was noted by MB or AVG. Then I downloaded combo fix and attempted to run it as I have in the past, but it seem to refuse to run! Any thoughts?
Toshiba L505 Satellite Laptop, Windows Vista (SP1), Internet Explorer
Also, the computer asks me to Stop running script? almost every time I click on something when on the internet.

 

[johnb35]

Do the following in order.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

3.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[jl1]

John B - Thanks for the prompt reply and, as always, your help, Since they're so long, I'll post in a few replies:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.27.09

Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
JLS :: JLS-LT [administrator]

8/27/2013 7:55:53 PM
mbam-log-2013-08-27 (19-55-53).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 385684
Time elapsed: 2 hour(s), 11 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CrossriderApp0035382.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0035382.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0035382.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0035382.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440344534482} (PUP.Optional.CrossRider) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550355535582} (PUP.Optional.CrossRider) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\hosts\hosts-bho.dll (PUP.Optional.CrossRider) -> No action taken.

(end)



Tdsskiller, AdwCleaner and HijackThis to follow in next reply...

 

[jl1]

TDSSKiller
21:40:53.0864 7228 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
21:40:54.0581 7228 ============================================================
21:40:54.0581 7228 Current date / time: 2013/08/28 21:40:54.0581
21:40:54.0581 7228 SystemInfo:
21:40:54.0581 7228
21:40:54.0581 7228 OS Version: 6.0.6001 ServicePack: 1.0
21:40:54.0581 7228 Product type: Workstation
21:40:54.0581 7228 ComputerName: JLS-LT
21:40:54.0581 7228 UserName: JLS
21:40:54.0581 7228 Windows directory: C:\Windows
21:40:54.0581 7228 System windows directory: C:\Windows
21:40:54.0581 7228 Processor architecture: Intel x86
21:40:54.0581 7228 Number of processors: 2
21:40:54.0581 7228 Page size: 0x1000
21:40:54.0581 7228 Boot type: Normal boot
21:40:54.0581 7228 ============================================================
21:40:55.0330 7228 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:40:55.0330 7228 ============================================================
21:40:55.0330 7228 \Device\Harddisk0\DR0:
21:40:55.0330 7228 MBR partitions:
21:40:55.0330 7228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F93800
21:40:55.0330 7228 ============================================================
21:40:55.0361 7228 C: <-> \Device\Harddisk0\DR0\Partition0
21:40:55.0361 7228 ============================================================
21:40:55.0361 7228 Initialize success
21:40:55.0361 7228 ============================================================
21:40:58.0934 4000 ============================================================
21:40:58.0934 4000 Scan started
21:40:58.0934 4000 Mode: Manual;
21:40:58.0934 4000 ============================================================
21:41:00.0603 4000 !SASCORE (01e81c84ad1d0acc61cf3cfd06632210) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:41:00.0603 4000 !SASCORE - ok
21:41:00.0837 4000 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:41:00.0837 4000 ACPI - ok
21:41:00.0962 4000 AdobeFlashPlayerUpdateSvc (476bb014f3f68c0c15eddd5b444da8ff) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:41:00.0962 4000 AdobeFlashPlayerUpdateSvc - ok
21:41:01.0040 4000 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:41:01.0040 4000 adp94xx - ok
21:41:01.0086 4000 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:41:01.0086 4000 adpahci - ok
21:41:01.0133 4000 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:41:01.0133 4000 adpu160m - ok
21:41:01.0164 4000 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:41:01.0164 4000 adpu320 - ok
21:41:01.0227 4000 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:41:01.0227 4000 AeLookupSvc - ok
21:41:01.0305 4000 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:41:01.0320 4000 AFD - ok
21:41:01.0383 4000 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
21:41:01.0383 4000 AgereModemAudio - ok
21:41:01.0523 4000 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
21:41:01.0539 4000 AgereSoftModem - ok
21:41:01.0570 4000 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:41:01.0570 4000 agp440 - ok
21:41:01.0632 4000 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:41:01.0648 4000 aic78xx - ok
21:41:01.0679 4000 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:41:01.0679 4000 ALG - ok
21:41:01.0726 4000 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:41:01.0726 4000 aliide - ok
21:41:01.0726 4000 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:41:01.0742 4000 amdagp - ok
21:41:01.0788 4000 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:41:01.0788 4000 amdide - ok
21:41:01.0835 4000 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:41:01.0835 4000 AmdK7 - ok
21:41:01.0851 4000 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:41:01.0851 4000 AmdK8 - ok
21:41:01.0866 4000 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:41:01.0866 4000 Appinfo - ok
21:41:01.0898 4000 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:41:01.0913 4000 arc - ok
21:41:01.0929 4000 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:41:01.0929 4000 arcsas - ok
21:41:01.0944 4000 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:01.0944 4000 AsyncMac - ok
21:41:02.0007 4000 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
21:41:02.0007 4000 atapi - ok
21:41:02.0038 4000 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:41:02.0054 4000 AudioEndpointBuilder - ok
21:41:02.0054 4000 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:41:02.0054 4000 Audiosrv - ok
21:41:02.0771 4000 AVGIDSAgent (4db93f4db7077801d2d82013506ac1d0) C:\Program Files\AVG\AVG2013\avgidsagent.exe
21:41:02.0802 4000 AVGIDSAgent - ok
21:41:03.0005 4000 AVGIDSDriver (4d7e34e36e586ea26f171a258341bd80) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
21:41:03.0021 4000 AVGIDSDriver - ok
21:41:03.0083 4000 AVGIDSHX (7c8e88549bcdaac965b1b724c175f7a9) C:\Windows\system32\DRIVERS\avgidshx.sys
21:41:03.0099 4000 AVGIDSHX - ok
21:41:03.0146 4000 AVGIDSShim (a426b2dc795531d99e2ee1952aec051a) C:\Windows\system32\DRIVERS\avgidsshimx.sys
21:41:03.0146 4000 AVGIDSShim - ok
21:41:03.0161 4000 Avgldx86 (2018c4e9a40b122408763a5635cf14d9) C:\Windows\system32\DRIVERS\avgldx86.sys
21:41:03.0161 4000 Avgldx86 - ok
21:41:03.0224 4000 Avglogx (e2b9cf2cf787c6978e7cc898e9684e48) C:\Windows\system32\DRIVERS\avglogx.sys
21:41:03.0224 4000 Avglogx - ok
21:41:03.0286 4000 Avgmfx86 (3f59750a3aa55c46663801e7c2fd1e2b) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:41:03.0302 4000 Avgmfx86 - ok
21:41:03.0364 4000 Avgrkx86 (edde28e993496ee1dc3f0937dff7bf28) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:41:03.0364 4000 Avgrkx86 - ok
21:41:03.0395 4000 Avgtdix (14370fb29526f593c04fa48b5d69f7f0) C:\Windows\system32\DRIVERS\avgtdix.sys
21:41:03.0395 4000 Avgtdix - ok
21:41:03.0473 4000 avgtp (311c5a8d894563cd2712cd297a34fafb) C:\Windows\system32\drivers\avgtpx86.sys
21:41:03.0473 4000 avgtp - ok
21:41:03.0770 4000 avgwd (48939d9f350aef9370f03a1e49a49be2) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
21:41:03.0770 4000 avgwd - ok
21:41:03.0863 4000 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:41:03.0863 4000 Beep - ok
21:41:03.0910 4000 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
21:41:03.0910 4000 BFE - ok
21:41:04.0035 4000 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
21:41:04.0035 4000 BITS - ok
21:41:04.0160 4000 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:41:04.0160 4000 blbdrive - ok
21:41:04.0222 4000 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:41:04.0222 4000 bowser - ok
21:41:04.0253 4000 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:41:04.0253 4000 BrFiltLo - ok
21:41:04.0300 4000 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:41:04.0300 4000 BrFiltUp - ok
21:41:04.0378 4000 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:41:04.0378 4000 Browser - ok
21:41:04.0409 4000 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:41:04.0409 4000 Brserid - ok
21:41:04.0440 4000 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:41:04.0440 4000 BrSerWdm - ok
21:41:04.0456 4000 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:41:04.0456 4000 BrUsbMdm - ok
21:41:04.0472 4000 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:41:04.0472 4000 BrUsbSer - ok
21:41:04.0503 4000 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:41:04.0503 4000 BTHMODEM - ok
21:41:04.0596 4000 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
21:41:04.0596 4000 camsvc - ok
21:41:04.0596 4000 catchme - ok
21:41:04.0612 4000 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:04.0612 4000 cdfs - ok
21:41:04.0690 4000 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:04.0706 4000 cdrom - ok
21:41:04.0737 4000 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:41:04.0737 4000 CertPropSvc - ok
21:41:04.0784 4000 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:41:04.0784 4000 circlass - ok
21:41:04.0815 4000 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
21:41:04.0815 4000 CLFS - ok
21:41:04.0893 4000 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:04.0893 4000 clr_optimization_v2.0.50727_32 - ok
21:41:04.0986 4000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:41:04.0986 4000 clr_optimization_v4.0.30319_32 - ok
21:41:05.0049 4000 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:05.0049 4000 CmBatt - ok
21:41:05.0080 4000 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:41:05.0080 4000 cmdide - ok
21:41:05.0111 4000 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:05.0127 4000 Compbatt - ok
21:41:05.0127 4000 COMSysApp - ok
21:41:05.0174 4000 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:41:05.0174 4000 ConfigFree Service - ok
21:41:05.0220 4000 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:41:05.0220 4000 cpudrv - ok
21:41:05.0220 4000 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:41:05.0220 4000 crcdisk - ok
21:41:05.0376 4000 CrossLoopService (e811aa921c33005b310826b8562161ac) C:\Users\JLS\AppData\Local\CrossLoop\CrossLoopService.exe
21:41:05.0392 4000 CrossLoopService - ok
21:41:05.0408 4000 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:41:05.0423 4000 Crusoe - ok
21:41:05.0454 4000 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
21:41:05.0454 4000 CryptSvc - ok
21:41:05.0517 4000 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:41:05.0517 4000 DcomLaunch - ok
21:41:05.0564 4000 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:41:05.0564 4000 DfsC - ok
21:41:05.0751 4000 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
21:41:05.0813 4000 DFSR - ok
21:41:05.0985 4000 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
21:41:06.0000 4000 Dhcp - ok
21:41:06.0094 4000 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:41:06.0094 4000 disk - ok
21:41:06.0125 4000 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
21:41:06.0125 4000 Dnscache - ok
21:41:06.0172 4000 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
21:41:06.0172 4000 dot3svc - ok
21:41:06.0219 4000 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:41:06.0219 4000 DPS - ok
21:41:06.0328 4000 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:41:06.0328 4000 drmkaud - ok
21:41:06.0375 4000 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:41:06.0375 4000 DXGKrnl - ok
21:41:06.0406 4000 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:41:06.0406 4000 E1G60 - ok
21:41:06.0453 4000 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:41:06.0453 4000 EapHost - ok
21:41:06.0515 4000 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:41:06.0515 4000 Ecache - ok
21:41:06.0624 4000 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe
21:41:06.0624 4000 ehRecvr - ok
21:41:06.0656 4000 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe
21:41:06.0656 4000 ehSched - ok
21:41:06.0671 4000 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll
21:41:06.0671 4000 ehstart - ok
21:41:06.0780 4000 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:41:06.0812 4000 elxstor - ok
21:41:06.0921 4000 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
21:41:06.0921 4000 EMDMgmt - ok
21:41:06.0952 4000 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:41:06.0968 4000 ErrDev - ok
21:41:07.0077 4000 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
21:41:07.0077 4000 EventSystem - ok
21:41:07.0264 4000 EvtEng (9d6a019dea917f305af23209fedd5f16) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:41:07.0280 4000 EvtEng - ok
21:41:07.0311 4000 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:41:07.0311 4000 exfat - ok
21:41:07.0358 4000 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:41:07.0373 4000 fastfat - ok
21:41:07.0389 4000 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:41:07.0389 4000 fdc - ok
21:41:07.0451 4000 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:41:07.0451 4000 fdPHost - ok
21:41:07.0451 4000 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:41:07.0451 4000 FDResPub - ok
21:41:07.0498 4000 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:41:07.0498 4000 FileInfo - ok
21:41:07.0514 4000 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:41:07.0529 4000 Filetrace - ok
21:41:07.0560 4000 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:41:07.0560 4000 flpydisk - ok
21:41:07.0592 4000 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:41:07.0592 4000 FltMgr - ok
21:41:07.0654 4000 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:41:07.0654 4000 FontCache3.0.0.0 - ok
21:41:07.0716 4000 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:41:07.0716 4000 Fs_Rec - ok
21:41:07.0732 4000 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
21:41:07.0732 4000 FwLnk - ok
21:41:07.0763 4000 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:41:07.0763 4000 gagp30kx - ok
21:41:07.0857 4000 GoogleDesktopManager-092308-165331 (9e37e0c528e1e3a79e215b6a4eea2143) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:41:07.0872 4000 GoogleDesktopManager-092308-165331 - ok
21:41:07.0935 4000 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
21:41:07.0950 4000 gpsvc - ok
21:41:08.0013 4000 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:41:08.0028 4000 gupdate - ok
21:41:08.0028 4000 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:41:08.0028 4000 gupdatem - ok
21:41:08.0106 4000 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:41:08.0106 4000 gusvc - ok
21:41:08.0200 4000 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:41:08.0216 4000 HdAudAddService - ok
21:41:08.0262 4000 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:41:08.0262 4000 HDAudBus - ok
21:41:08.0278 4000 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:41:08.0278 4000 HidBth - ok
21:41:08.0309 4000 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:41:08.0309 4000 HidIr - ok
21:41:08.0372 4000 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
21:41:08.0372 4000 hidserv - ok
21:41:08.0418 4000 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
21:41:08.0418 4000 HidUsb - ok
21:41:08.0450 4000 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:41:08.0450 4000 hkmsvc - ok
21:41:08.0481 4000 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:41:08.0481 4000 HpCISSs - ok
21:41:08.0543 4000 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
21:41:08.0543 4000 HTTP - ok
21:41:08.0621 4000 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:41:08.0621 4000 i2omp - ok
21:41:08.0652 4000 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:41:08.0668 4000 i8042prt - ok
21:41:08.0715 4000 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
21:41:08.0730 4000 iaStor - ok
21:41:08.0808 4000 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:41:08.0808 4000 iaStorV - ok
21:41:08.0902 4000 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:41:08.0902 4000 IDriverT - ok
21:41:08.0996 4000 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:41:09.0011 4000 idsvc - ok
21:41:09.0276 4000 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:41:09.0386 4000 igfx - ok
21:41:09.0604 4000 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:41:09.0604 4000 iirsp - ok
21:41:09.0698 4000 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
21:41:09.0698 4000 IKEEXT - ok
21:41:09.0963 4000 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
21:41:10.0041 4000 IntcAzAudAddService - ok
21:41:10.0181 4000 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:41:10.0181 4000 intelide - ok
21:41:10.0197 4000 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:41:10.0197 4000 intelppm - ok
21:41:10.0306 4000 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:41:10.0306 4000 IntuitUpdateService - ok
21:41:10.0337 4000 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:41:10.0337 4000 IPBusEnum - ok
21:41:10.0400 4000 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:41:10.0400 4000 IpFilterDriver - ok
21:41:10.0415 4000 IpInIp - ok
21:41:10.0478 4000 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:41:10.0493 4000 IPMIDRV - ok
21:41:10.0540 4000 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:41:10.0540 4000 IPNAT - ok
21:41:10.0556 4000 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:41:10.0556 4000 IRENUM - ok
21:41:10.0587 4000 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:41:10.0587 4000 isapnp - ok
21:41:10.0634 4000 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:41:10.0634 4000 iScsiPrt - ok
21:41:10.0649 4000 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:41:10.0649 4000 iteatapi - ok
21:41:10.0680 4000 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:41:10.0680 4000 iteraid - ok
21:41:10.0712 4000 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:41:10.0712 4000 kbdclass - ok
21:41:10.0743 4000 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:41:10.0743 4000 kbdhid - ok
21:41:10.0774 4000 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:41:10.0774 4000 KeyIso - ok
21:41:10.0821 4000 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:41:10.0821 4000 KSecDD - ok
21:41:10.0899 4000 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:41:10.0914 4000 KtmRm - ok
21:41:10.0946 4000 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
21:41:10.0946 4000 LanmanServer - ok
21:41:11.0008 4000 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:41:11.0024 4000 LanmanWorkstation - ok
21:41:11.0086 4000 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:41:11.0086 4000 LightScribeService - ok
21:41:11.0117 4000 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:41:11.0117 4000 lltdio - ok
21:41:11.0164 4000 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:41:11.0164 4000 lltdsvc - ok
21:41:11.0211 4000 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:41:11.0211 4000 lmhosts - ok
21:41:11.0258 4000 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:41:11.0258 4000 LSI_FC - ok
21:41:11.0273 4000 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:41:11.0273 4000 LSI_SAS - ok
21:41:11.0289 4000 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:41:11.0289 4000 LSI_SCSI - ok
21:41:11.0320 4000 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:41:11.0320 4000 luafv - ok
21:41:11.0351 4000 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll
21:41:11.0351 4000 Mcx2Svc - ok
21:41:11.0382 4000 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:41:11.0382 4000 megasas - ok
21:41:11.0476 4000 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:41:11.0476 4000 MegaSR - ok
21:41:11.0492 4000 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:41:11.0492 4000 MMCSS - ok
21:41:11.0523 4000 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:41:11.0523 4000 Modem - ok
21:41:11.0554 4000 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:41:11.0554 4000 monitor - ok
21:41:11.0601 4000 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:41:11.0601 4000 mouclass - ok
21:41:11.0632 4000 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:41:11.0648 4000 mouhid - ok
21:41:11.0663 4000 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:41:11.0663 4000 MountMgr - ok
21:41:11.0694 4000 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:41:11.0694 4000 mpio - ok
21:41:11.0726 4000 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:41:11.0726 4000 mpsdrv - ok
21:41:11.0788 4000 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
21:41:11.0788 4000 MpsSvc - ok
21:41:11.0866 4000 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:41:11.0866 4000 Mraid35x - ok
21:41:11.0882 4000 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:41:11.0897 4000 MRxDAV - ok
21:41:12.0006 4000 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:41:12.0053 4000 mrxsmb - ok
21:41:12.0100 4000 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:41:12.0100 4000 mrxsmb10 - ok
21:41:12.0147 4000 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:41:12.0147 4000 mrxsmb20 - ok
21:41:12.0178 4000 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
21:41:12.0178 4000 msahci - ok
21:41:12.0209 4000 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:41:12.0209 4000 msdsm - ok
21:41:12.0240 4000 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:41:12.0240 4000 MSDTC - ok
21:41:12.0365 4000 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:41:12.0365 4000 Msfs - ok
21:41:12.0428 4000 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
21:41:12.0428 4000 msisadrv - ok
21:41:12.0443 4000 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:41:12.0459 4000 MSiSCSI - ok
21:41:12.0459 4000 msiserver - ok
21:41:12.0490 4000 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:41:12.0490 4000 MSKSSRV - ok
21:41:12.0490 4000 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:41:12.0490 4000 MSPCLOCK - ok
21:41:12.0506 4000 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:41:12.0521 4000 MSPQM - ok
21:41:12.0552 4000 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:41:12.0552 4000 MsRPC - ok
21:41:12.0584 4000 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
21:41:12.0584 4000 mssmbios - ok
21:41:12.0599 4000 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:41:12.0599 4000 MSTEE - ok
21:41:12.0646 4000 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:41:12.0646 4000 Mup - ok
21:41:12.0693 4000 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
21:41:12.0708 4000 napagent - ok
21:41:12.0740 4000 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:41:12.0740 4000 NativeWifiP - ok
21:41:12.0833 4000 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
21:41:12.0833 4000 NDIS - ok
21:41:12.0880 4000 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:41:12.0880 4000 NdisTapi - ok
21:41:12.0880 4000 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:41:12.0896 4000 Ndisuio - ok
21:41:12.0911 4000 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:41:12.0911 4000 NdisWan - ok
21:41:12.0927 4000 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:41:12.0927 4000 NDProxy - ok
21:41:12.0974 4000 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:41:12.0974 4000 NetBIOS - ok
21:41:12.0989 4000 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:41:13.0005 4000 netbt - ok
21:41:13.0052 4000 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:41:13.0052 4000 Netlogon - ok
21:41:13.0114 4000 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:41:13.0130 4000 Netman - ok
21:41:13.0161 4000 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:41:13.0161 4000 netprofm - ok
21:41:13.0239 4000 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:41:13.0239 4000 NetTcpPortSharing - ok
21:41:13.0504 4000 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:41:13.0676 4000 NETw5v32 - ok
21:41:14.0643 4000 NETwNv32 (383712aec962b72bf6d368a4a64cfe09) C:\Windows\system32\DRIVERS\NETwNv32.sys
21:41:15.0064 4000 NETwNv32 - ok
21:41:15.0189 4000 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:41:15.0189 4000 nfrd960 - ok
21:41:15.0220 4000 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:41:15.0220 4000 NlaSvc - ok
21:41:15.0236 4000 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:41:15.0251 4000 Npfs - ok
21:41:15.0282 4000 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:41:15.0282 4000 nsi - ok
21:41:15.0329 4000 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:41:15.0329 4000 nsiproxy - ok
21:41:15.0423 4000 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:41:15.0438 4000 Ntfs - ok
21:41:15.0470 4000 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:41:15.0470 4000 ntrigdigi - ok
21:41:15.0485 4000 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:41:15.0485 4000 Null - ok
21:41:15.0501 4000 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:41:15.0516 4000 nvraid - ok
21:41:15.0548 4000 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:41:15.0548 4000 nvstor - ok
21:41:15.0579 4000 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:41:15.0579 4000 nv_agp - ok
21:41:15.0579 4000 NwlnkFlt - ok
21:41:15.0594 4000 NwlnkFwd - ok
21:41:15.0610 4000 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:41:15.0610 4000 ohci1394 - ok
21:41:15.0704 4000 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:41:15.0704 4000 ose - ok
21:41:15.0844 4000 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:41:15.0860 4000 p2pimsvc - ok
21:41:15.0860 4000 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:41:15.0875 4000 p2psvc - ok
21:41:15.0891 4000 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:41:15.0906 4000 Parport - ok
21:41:15.0953 4000 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:41:15.0953 4000 partmgr - ok
21:41:15.0969 4000 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:41:15.0969 4000 Parvdm - ok
21:41:16.0016 4000 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:41:16.0031 4000 PcaSvc - ok
21:41:16.0047 4000 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
21:41:16.0062 4000 pci - ok
21:41:16.0078 4000 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
21:41:16.0078 4000 pciide - ok
21:41:16.0109 4000 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:41:16.0109 4000 pcmcia - ok
21:41:16.0187 4000 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:41:16.0203 4000 PEAUTH - ok
21:41:16.0250 4000 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys
21:41:16.0250 4000 PGEffect - ok
21:41:16.0359 4000 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:41:16.0374 4000 pla - ok
21:41:16.0499 4000 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
21:41:16.0515 4000 PlugPlay - ok
21:41:16.0655 4000 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:41:16.0671 4000 PNRPAutoReg - ok
21:41:16.0686 4000 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:41:16.0686 4000 PNRPsvc - ok
21:41:16.0749 4000 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
21:41:16.0749 4000 PolicyAgent - ok
21:41:16.0827 4000 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:41:16.0827 4000 PptpMiniport - ok
21:41:16.0842 4000 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:41:16.0842 4000 Processor - ok
21:41:16.0889 4000 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
21:41:16.0889 4000 ProfSvc - ok
21:41:16.0920 4000 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:41:16.0920 4000 ProtectedStorage - ok
21:41:16.0952 4000 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:41:16.0967 4000 PSched - ok
21:41:17.0014 4000 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:41:17.0014 4000 PxHelp20 - ok
21:41:17.0092 4000 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:41:17.0108 4000 ql2300 - ok
21:41:17.0123 4000 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:41:17.0123 4000 ql40xx - ok
21:41:17.0170 4000 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:41:17.0170 4000 QWAVE - ok
21:41:17.0217 4000 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:41:17.0217 4000 QWAVEdrv - ok
21:41:17.0264 4000 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:41:17.0264 4000 RasAcd - ok
21:41:17.0295 4000 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:41:17.0295 4000 RasAuto - ok
21:41:17.0373 4000 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:41:17.0373 4000 Rasl2tp - ok
21:41:17.0388 4000 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
21:41:17.0404 4000 RasMan - ok
21:41:17.0451 4000 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:41:17.0451 4000 RasPppoe - ok
21:41:17.0482 4000 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:41:17.0482 4000 RasSstp - ok
21:41:17.0544 4000 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:41:17.0544 4000 rdbss - ok
21:41:17.0591 4000 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:41:17.0591 4000 RDPCDD - ok
21:41:17.0638 4000 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:41:17.0638 4000 rdpdr - ok
21:41:17.0654 4000 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:41:17.0654 4000 RDPENCDD - ok
21:41:17.0669 4000 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:41:17.0685 4000 RDPWD - ok
21:41:17.0794 4000 RealNetworks Downloader Resolver Service (b2d01290c0e0465aca54c2088e947823) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:41:17.0794 4000 RealNetworks Downloader Resolver Service - ok
21:41:17.0950 4000 RegSrvc (6987dc1dd7a7159752dfb1f6aabae062) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:41:17.0950 4000 RegSrvc - ok
21:41:17.0997 4000 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:41:18.0012 4000 RemoteAccess - ok
21:41:18.0075 4000 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
21:41:18.0075 4000 RemoteRegistry - ok
21:41:18.0106 4000 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:41:18.0106 4000 RpcLocator - ok
21:41:18.0168 4000 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:41:18.0168 4000 RpcSs - ok
21:41:18.0215 4000 RSELSVC - ok
21:41:18.0262 4000 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:41:18.0262 4000 rspndr - ok
21:41:18.0324 4000 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:41:18.0324 4000 RTL8169 - ok
21:41:18.0387 4000 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
21:41:18.0387 4000 RTSTOR - ok
21:41:18.0449 4000 SABKUTIL - ok
21:41:18.0465 4000 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:41:18.0465 4000 SamSs - ok
21:41:18.0496 4000 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:41:18.0496 4000 SASDIFSV - ok
21:41:18.0512 4000 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:41:18.0512 4000 SASKUTIL - ok
21:41:18.0590 4000 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:41:18.0590 4000 sbp2port - ok
21:41:18.0668 4000 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:41:18.0668 4000 SBSDWSCService - ok
21:41:18.0699 4000 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
21:41:18.0699 4000 SCardSvr - ok
21:41:18.0792 4000 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
21:41:18.0808 4000 Schedule - ok
21:41:18.0870 4000 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:41:18.0870 4000 SCPolicySvc - ok
21:41:18.0933 4000 ScsiAccess (54196cdac7e1d81d71c652e100b99e77) C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
21:41:18.0933 4000 ScsiAccess - ok
21:41:18.0948 4000 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:41:18.0964 4000 SDRSVC - ok
21:41:18.0995 4000 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:41:18.0995 4000 secdrv - ok
21:41:19.0026 4000 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:41:19.0026 4000 seclogon - ok
21:41:19.0058 4000 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:41:19.0058 4000 SENS - ok
21:41:19.0089 4000 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:41:19.0089 4000 Serenum - ok
21:41:19.0104 4000 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:41:19.0104 4000 Serial - ok
21:41:19.0120 4000 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:41:19.0120 4000 sermouse - ok
21:41:19.0167 4000 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:41:19.0167 4000 SessionEnv - ok
21:41:19.0229 4000 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:41:19.0229 4000 sffdisk - ok
21:41:19.0245 4000 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:41:19.0245 4000 sffp_mmc - ok
21:41:19.0245 4000 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:41:19.0245 4000 sffp_sd - ok
21:41:19.0260 4000 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:41:19.0260 4000 sfloppy - ok
21:41:19.0338 4000 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
21:41:19.0338 4000 ShellHWDetection - ok
21:41:19.0370 4000 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:41:19.0370 4000 sisagp - ok
21:41:19.0385 4000 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:41:19.0385 4000 SiSRaid2 - ok
21:41:19.0448 4000 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:41:19.0448 4000 SiSRaid4 - ok
21:41:19.0526 4000 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
21:41:19.0526 4000 SkypeUpdate - ok
21:41:19.0713 4000 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
21:41:19.0744 4000 slsvc - ok
21:41:19.0869 4000 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
21:41:19.0869 4000 SLUINotify - ok
21:41:19.0931 4000 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:41:19.0931 4000 Smb - ok
21:41:19.0994 4000 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:41:19.0994 4000 SNMPTRAP - ok
21:41:20.0040 4000 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:41:20.0040 4000 spldr - ok
21:41:20.0103 4000 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
21:41:20.0103 4000 Spooler - ok
21:41:20.0165 4000 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:41:20.0165 4000 srv - ok
21:41:20.0196 4000 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:41:20.0212 4000 srv2 - ok
21:41:20.0228 4000 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:41:20.0228 4000 srvnet - ok
21:41:20.0290 4000 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:41:20.0290 4000 SSDPSRV - ok
21:41:20.0321 4000 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:41:20.0321 4000 SstpSvc - ok
21:41:20.0352 4000 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
21:41:20.0368 4000 stisvc - ok
21:41:20.0399 4000 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
21:41:20.0399 4000 swenum - ok
21:41:20.0462 4000 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
21:41:20.0477 4000 swprv - ok
21:41:20.0508 4000 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:41:20.0508 4000 Symc8xx - ok
21:41:20.0524 4000 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:41:20.0524 4000 Sym_hi - ok
21:41:20.0540 4000 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:41:20.0540 4000 Sym_u3 - ok
21:41:20.0586 4000 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys
21:41:20.0602 4000 SynTP - ok
21:41:20.0696 4000 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
21:41:20.0696 4000 SysMain - ok
21:41:20.0774 4000 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:41:20.0774 4000 TabletInputService - ok
21:41:20.0852 4000 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
21:41:20.0852 4000 TapiSrv - ok
21:41:20.0867 4000 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:41:20.0867 4000 TBS - ok
21:41:20.0945 4000 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
21:41:20.0945 4000 Tcpip - ok
21:41:20.0961 4000 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
21:41:20.0976 4000 Tcpip6 - ok
21:41:20.0992 4000 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:41:20.0992 4000 tcpipreg - ok
21:41:21.0023 4000 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:41:21.0039 4000 tdcmdpst - ok
21:41:21.0070 4000 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:41:21.0086 4000 TDPIPE - ok
21:41:21.0101 4000 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:41:21.0101 4000 TDTCP - ok
21:41:21.0132 4000 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:41:21.0132 4000 tdx - ok
21:41:21.0164 4000 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
21:41:21.0164 4000 TermDD - ok
21:41:21.0210 4000 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
21:41:21.0226 4000 TermService - ok
21:41:21.0273 4000 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
21:41:21.0273 4000 Themes - ok
21:41:21.0304 4000 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:41:21.0304 4000 THREADORDER - ok
21:41:21.0382 4000 TMachInfo (fb8448d1b0da00d70c28adf9282b31bb) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:41:21.0398 4000 TMachInfo - ok
21:41:21.0444 4000 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
21:41:21.0444 4000 TNaviSrv - ok
21:41:21.0476 4000 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
21:41:21.0476 4000 TODDSrv - ok
21:41:21.0538 4000 TosCoSrv (5557e7f940cbcf09be43379f551f6689) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:41:21.0538 4000 TosCoSrv - ok
21:41:21.0585 4000 TOSHIBA eco Utility Service (4d689051684eb542187395dc14f28a7f) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:41:21.0585 4000 TOSHIBA eco Utility Service - ok
21:41:21.0819 4000 TOSHIBA HDD SSD Alert Service (b792d35b8bdc5fc4106808ff5c7770ab) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:41:21.0819 4000 TOSHIBA HDD SSD Alert Service - ok
21:41:21.0897 4000 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:41:21.0897 4000 tos_sps32 - ok
21:41:21.0990 4000 TPCHSrv (507759e00572524834940dae5caff007) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:41:21.0990 4000 TPCHSrv - ok
21:41:22.0084 4000 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:41:22.0084 4000 TrkWks - ok
21:41:22.0162 4000 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
21:41:22.0162 4000 TrustedInstaller - ok
21:41:22.0193 4000 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:41:22.0193 4000 tssecsrv - ok
21:41:22.0224 4000 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:41:22.0224 4000 tunmp - ok
21:41:22.0240 4000 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
21:41:22.0240 4000 tunnel - ok
21:41:22.0256 4000 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:41:22.0256 4000 TVALZ - ok
21:41:22.0287 4000 TVALZFL (009aecd4c19209b09669a6615ea1e889) C:\Windows\system32\DRIVERS\TVALZFL.sys
21:41:22.0287 4000 TVALZFL - ok
21:41:22.0334 4000 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:41:22.0334 4000 uagp35 - ok
21:41:22.0349 4000 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
21:41:22.0365 4000 udfs - ok
21:41:22.0427 4000 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:41:22.0427 4000 UI0Detect - ok
21:41:22.0474 4000 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:41:22.0474 4000 uliagpkx - ok
21:41:22.0490 4000 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:41:22.0505 4000 uliahci - ok
21:41:22.0536 4000 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:41:22.0536 4000 UlSata - ok
21:41:22.0552 4000 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:41:22.0552 4000 ulsata2 - ok
21:41:22.0583 4000 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:41:22.0583 4000 umbus - ok
21:41:22.0630 4000 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:41:22.0646 4000 upnphost - ok
21:41:22.0677 4000 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
21:41:22.0692 4000 usbccgp - ok
21:41:22.0708 4000 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:41:22.0708 4000 usbcir - ok
21:41:22.0770 4000 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys
21:41:22.0770 4000 usbehci - ok
21:41:22.0802 4000 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys
21:41:22.0802 4000 usbhub - ok
21:41:22.0833 4000 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:41:22.0833 4000 usbohci - ok
21:41:22.0880 4000 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:41:22.0880 4000 usbprint - ok
21:41:22.0926 4000 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:41:22.0926 4000 usbscan - ok
21:41:22.0958 4000 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:41:22.0958 4000 USBSTOR - ok
21:41:22.0989 4000 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys
21:41:22.0989 4000 usbuhci - ok
21:41:23.0020 4000 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:41:23.0020 4000 usbvideo - ok
21:41:23.0207 4000 uvnc_service (52bcdda1f4668d077efff78594fa296e) C:\Users\JLS\AppData\Local\CrossLoop\winvnc.exe
21:41:23.0223 4000 uvnc_service - ok
21:41:23.0348 4000 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
21:41:23.0348 4000 UxSms - ok
21:41:23.0379 4000 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
21:41:23.0379 4000 vds - ok
21:41:23.0426 4000 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:41:23.0426 4000 vga - ok
21:41:23.0457 4000 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:41:23.0457 4000 VgaSave - ok
21:41:23.0488 4000 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:41:23.0488 4000 viaagp - ok
21:41:23.0504 4000 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:41:23.0504 4000 ViaC7 - ok
21:41:23.0519 4000 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:41:23.0519 4000 viaide - ok
21:41:23.0582 4000 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
21:41:23.0582 4000 volmgr - ok
21:41:23.0660 4000 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:41:23.0660 4000 volmgrx - ok
21:41:23.0706 4000 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:41:23.0706 4000 volsnap - ok
21:41:23.0800 4000 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:41:23.0800 4000 vsmraid - ok
21:41:23.0909 4000 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
21:41:23.0925 4000 VSS - ok
21:41:24.0159 4000 vToolbarUpdater15.5.0 (eb94a2c1f99e9e1634683b916f4eb1a2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
21:41:24.0159 4000 vToolbarUpdater15.5.0 - ok
21:41:24.0299 4000 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
21:41:24.0299 4000 W32Time - ok
21:41:24.0346 4000 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:41:24.0346 4000 WacomPen - ok
21:41:24.0393 4000 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:24.0393 4000 Wanarp - ok
21:41:24.0393 4000 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:24.0393 4000 Wanarpv6 - ok
21:41:24.0455 4000 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
21:41:24.0471 4000 wcncsvc - ok
21:41:24.0486 4000 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:41:24.0486 4000 WcsPlugInService - ok
21:41:24.0518 4000 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:41:24.0518 4000 Wd - ok
21:41:24.0564 4000 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:41:24.0580 4000 Wdf01000 - ok
21:41:24.0642 4000 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:41:24.0642 4000 WdiServiceHost - ok
21:41:24.0642 4000 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:41:24.0642 4000 WdiSystemHost - ok
21:41:24.0674 4000 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
21:41:24.0689 4000 WebClient - ok
21:41:24.0752 4000 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:41:24.0767 4000 Wecsvc - ok
21:41:24.0798 4000 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:41:24.0798 4000 wercplsupport - ok
21:41:24.0830 4000 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
21:41:24.0830 4000 WerSvc - ok
21:41:24.0970 4000 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:41:24.0986 4000 WinDefend - ok
21:41:25.0001 4000 WinHttpAutoProxySvc - ok
21:41:25.0095 4000 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
21:41:25.0095 4000 Winmgmt - ok
21:41:25.0157 4000 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:41:25.0173 4000 WinRM - ok
21:41:25.0282 4000 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
21:41:25.0282 4000 Wlansvc - ok
21:41:25.0329 4000 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:41:25.0329 4000 WmiAcpi - ok
21:41:25.0391 4000 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
21:41:25.0391 4000 wmiApSrv - ok
21:41:25.0500 4000 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:41:25.0500 4000 WMPNetworkSvc - ok
21:41:25.0563 4000 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
21:41:25.0563 4000 WPCSvc - ok
21:41:25.0578 4000 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
21:41:25.0578 4000 WPDBusEnum - ok
21:41:25.0625 4000 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:41:25.0625 4000 WpdUsb - ok
21:41:25.0797 4000 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:41:25.0812 4000 WPFFontCache_v0400 - ok
21:41:25.0828 4000 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:41:25.0828 4000 ws2ifsl - ok
21:41:25.0859 4000 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
21:41:25.0875 4000 wscsvc - ok
21:41:25.0875 4000 WSearch - ok
21:41:25.0984 4000 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:41:26.0015 4000 wuauserv - ok
21:41:26.0124 4000 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:26.0124 4000 WUDFRd - ok
21:41:26.0187 4000 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:41:26.0187 4000 wudfsvc - ok
21:41:26.0312 4000 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:41:26.0312 4000 YahooAUService - ok
21:41:26.0358 4000 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:41:26.0577 4000 \Device\Harddisk0\DR0 - ok
21:41:26.0592 4000 Boot (0x1200) (62e0715b1ae51e6399b5095b0139ba59) \Device\Harddisk0\DR0\Partition0
21:41:26.0592 4000 \Device\Harddisk0\DR0\Partition0 - ok
21:41:26.0592 4000 ============================================================
21:41:26.0592 4000 Scan finished
21:41:26.0592 4000 ============================================================
21:41:26.0608 7348 Detected object count: 0
21:41:26.0608 7348 Actual detected object count: 0
21:46:05.0014 7224 Deinitialize success

 

[johnb35]

Your malwarebytes log shows no action was taken, you should have clicked on the remove selected button to physically delete all those malwares.

 

[jl1]

# AdwCleaner v3.001 - Report created 28/08/2013 at 21:49:03
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : JLS - JLS-LT
# Running from : C:\Users\JLS\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\vShare
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\JLS\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\JLS\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\JLS\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\JLS\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\JLS\AppData\LocalLow\vShare

***** [ Shortcuts ] *****

[x] Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force 2\Uninstall.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

*************************

AdwCleaner[R0].txt - [10038 octets] - [28/08/2013 21:46:08]
AdwCleaner[S0].txt - [9922 octets] - [28/08/2013 21:49:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9982 octets] ##########

 

[jl1]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:40 PM, on 8/28/2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110311531182} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\JLS\AppData\Local\CrossLoop\winvnc.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10594 bytes

 

[jl1]

Just got your note about the Malwarebytes. I would swear to it that it returned a nothing found type report. Whenever anything is located, I always manage/quarentine/delete it. I'll run it again though...

 

[johnb35]

Just do a quick scan, full scan is not needed.

 

[jl1]

Here you go with the quick scan (MB):

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.29.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
JLS :: JLS-LT [administrator]

8/28/2013 10:30:44 PM
mbam-log-2013-08-28 (22-30-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233043
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[johnb35]

Lots of entries still need to be deleted. Lets do this.

1.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.

•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Post the contents of JRT.txt in your next message.

2.

Lets try running combofix now.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

3.

I also need you to post a log that combofix produces but doesn't show you. Navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt. Open that file and copy and paste the contents back here.

 

[jl1]

Hey John - Here's the junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by JLS on Thu 08/29/2013 at 19:50:27.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\JLS\appdata\locallow\whitesmoketoolbar"
Successfully deleted: [Folder] "C:\Program Files\hosts"
Successfully deleted: [Empty Folder] C:\Users\JLS\appdata\local\{d414cc25-dbb7-338c-4327-dafdd8c4a113}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/29/2013 at 19:52:31.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[johnb35]

Try running combofix now. Also need the add-remove programs log.

 

[jl1]

John - Here are the logs. When I initially ran the combofix, it went quite a ways through, then I got the blue screen of death, indicating something called "catchme.sys". I choose start normally and ran again with the results below. Add/remove txt to follow:

ComboFix 13-08-29.02 - JLS 08/29/2013 20:21:30.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1838 [GMT -4:00]
Running from: c:\users\JLS\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\l_u0_0.pad
c:\programdata\Roaming
c:\windows\system32\Cache
c:\windows\system32\Cache\093f3c7f54dbf8e2.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\635b4f1a542f0c29.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\834fd823ac915b53.fb
c:\windows\system32\Cache\85e67dfb65f9dbf1.fb
c:\windows\system32\Cache\90c2196401863452.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\a8ac66921c495051.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d10016383864937c.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\ec159a8057f3ef0a.fb
c:\windows\system32\Cache\f8301836b235f244.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-30 00:32 . 2013-08-30 00:36 -------- d-----w- c:\users\JLS\AppData\Local\temp
2013-08-30 00:32 . 2013-08-30 00:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-08-30 00:32 . 2013-08-30 00:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-30 00:32 . 2013-08-30 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-29 23:50 . 2013-08-29 23:50 -------- d-----w- c:\windows\ERUNT
2013-08-29 01:42 . 2013-08-29 01:50 -------- d-----w- C:\AdwCleaner
2013-08-18 23:05 . 2013-08-18 23:07 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 19:11 . 2012-04-28 00:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-25 19:11 . 2011-06-30 11:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-15 23:05 . 2012-11-08 12:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-20 05:51 . 2013-07-20 05:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50 . 2013-07-20 05:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50 . 2013-07-20 05:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50 . 2013-07-20 05:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 05:32 . 2013-07-10 05:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 05:45 . 2013-07-01 05:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-18 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-02 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-05-04 03:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-25 02:33 163840 ----a-w- c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-04-15 00:57 1318912 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-04-01 22:11 1283384 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-03-24 18:34 1007616 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPCHWMsg]
2009-04-09 23:01 570736 ----a-w- c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"359707014"=c:\program files\Toshiba Registration\Registration.exe /r "c:\program files\Toshiba Registration\Registration.rpd"
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Radio365Agent"=c:\program files\Live365\Radio365\Radio365TrayAgent.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"<NO NAME>"=
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ClickPotatoLiteSA"="c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-21 116608]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 19:11]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 04:05]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 04:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-hosts - c:\program files\hosts\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-29 20:36
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TOSHIBA\RSelect\RSelSvc.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\TECO\TecoService.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\TOSHIBA\TPHM\TPCHSrv.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-08-29 20:45:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-30 00:44
ComboFix2.txt 2012-07-12 03:15
ComboFix3.txt 2010-06-09 01:34
.
Pre-Run: 186,037,919,744 bytes free
Post-Run: 185,553,551,360 bytes free
.
- - End Of File - - C84DCCE71C6182AF48C2467464FED101
5B5E648D12FCADC244C1EC30318E1EB9

 

[jl1]

The add/remove txt:


7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Amazon Links
AVG 2013
AVG PC Tuneup 2011
CCleaner
Compatibility Pack for the 2007 Office system
CrossLoop 2.72
Delta Force 2
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
GIMP 2.6.6
Google Desktop
Google Earth
Google SketchUp 7
Google Update Helper
Graboid Video 1.65
H&R Block Deluxe + Efile + State 2011
H&R Block New York 2011
HiJackThis
HijackThis 2.0.2
Home Designer Suite 10
hosts
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCare Data Recovery 4.6.4
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Java(TM) 6 Update 11
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PC Inspector smart recovery
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Photodex Presenter
Picasa 3
PlayReady PC runtime
ProShow Gold
QuickBooks Financial Center
Radio365
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
SketchUp 8
Skype Launcher
Skype web features
Skype™ 5.10
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
The Print Shop® Zoom
Tom Clancy's Rainbow Six 3: Athena Sword 1.00.000
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
ubi.com
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VideoLAN VLC media player 0.8.6d
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

 

[johnb35]

A few programs to uninstall now.

Adobe Reader 9.5.2 - out of date
AVG PC Tuneup 2011 - wouldn't suggest using
Java(TM) 6 Update 11 - out of date
Spybot - Search & Destroy - outdated - use malwarebytes instead

Then go here to download the lastest versions of java and Adobe Reader.

Java - http://www.java.com/en/download/windows_xpi.jsp?locale=en

Adobe Reader - http://get.adobe.com/reader/

Just make sure you uncheck the box to install mcafee security scan software, also when installing java uncheck to install ask software.

Need to run a special script for combofix to get rid of an issue.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Reglock::

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[jl1]

OK, done, done and done. Here's the combofix log:

ComboFix 13-08-29.02 - JLS 08/29/2013 21:43:26.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1735 [GMT -4:00]
Running from: c:\users\JLS\Desktop\ComboFix.exe
Command switches used :: c:\users\JLS\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-30 01:50 . 2013-08-30 01:50 -------- d-----w- c:\users\JLS\AppData\Local\temp
2013-08-30 01:50 . 2013-08-30 01:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-08-30 01:50 . 2013-08-30 01:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-30 01:50 . 2013-08-30 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 01:29 . 2013-08-30 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2013-08-30 01:26 . 2013-08-30 01:26 -------- d-----w- c:\program files\Common Files\Java
2013-08-30 01:26 . 2013-08-30 01:26 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-30 01:26 . 2013-08-30 01:26 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-30 01:26 . 2013-08-30 01:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-30 01:25 . 2013-08-30 01:25 -------- d-----w- c:\programdata\McAfee
2013-08-29 23:50 . 2013-08-29 23:50 -------- d-----w- c:\windows\ERUNT
2013-08-29 01:42 . 2013-08-29 01:50 -------- d-----w- C:\AdwCleaner
2013-08-18 23:05 . 2013-08-18 23:07 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 19:11 . 2012-04-28 00:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-25 19:11 . 2011-06-30 11:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-15 23:05 . 2012-11-08 12:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-20 05:51 . 2013-07-20 05:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50 . 2013-07-20 05:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50 . 2013-07-20 05:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50 . 2013-07-20 05:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 05:32 . 2013-07-10 05:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 05:45 . 2013-07-01 05:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-18 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-02 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-05-04 03:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-25 02:33 163840 ----a-w- c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-04-15 00:57 1318912 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-04-01 22:11 1283384 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-03-24 18:34 1007616 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPCHWMsg]
2009-04-09 23:01 570736 ----a-w- c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"359707014"=c:\program files\Toshiba Registration\Registration.exe /r "c:\program files\Toshiba Registration\Registration.rpd"
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Radio365Agent"=c:\program files\Live365\Radio365\Radio365TrayAgent.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"<NO NAME>"=
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ClickPotatoLiteSA"="c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-21 116608]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 19:11]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 04:05]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 04:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-29 21:50
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-08-29 21:53:10
ComboFix-quarantined-files.txt 2013-08-30 01:53
ComboFix2.txt 2013-08-30 00:45
ComboFix3.txt 2012-07-12 03:15
ComboFix4.txt 2010-06-09 01:34
.
Pre-Run: 187,137,810,432 bytes free
Post-Run: 186,349,420,544 bytes free
.
- - End Of File - - B18582DA3522858BA3194E90856AC301
5B5E648D12FCADC244C1EC30318E1EB9

 

[johnb35]

You will have to do that again as it didn't work correctly.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Reglock::

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[jl1]

Hey, John - Here's the redo of the combofix:

ComboFix 13-08-29.02 - JLS 08/30/2013 8:25.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1927 [GMT -4:00]
Running from: c:\users\JLS\Desktop\ComboFix.exe
Command switches used :: c:\users\JLS\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-30 12:35 . 2013-08-30 12:35 -------- d-----w- c:\users\JLS\AppData\Local\temp
2013-08-30 12:35 . 2013-08-30 12:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-08-30 12:35 . 2013-08-30 12:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-30 12:35 . 2013-08-30 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 01:29 . 2013-08-30 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2013-08-30 01:26 . 2013-08-30 01:26 -------- d-----w- c:\program files\Common Files\Java
2013-08-30 01:26 . 2013-08-30 01:26 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-30 01:26 . 2013-08-30 01:26 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-30 01:26 . 2013-08-30 01:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-30 01:25 . 2013-08-30 01:25 -------- d-----w- c:\programdata\McAfee
2013-08-29 23:50 . 2013-08-29 23:50 -------- d-----w- c:\windows\ERUNT
2013-08-29 01:42 . 2013-08-29 01:50 -------- d-----w- C:\AdwCleaner
2013-08-18 23:05 . 2013-08-18 23:07 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 19:11 . 2012-04-28 00:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-25 19:11 . 2011-06-30 11:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-15 23:05 . 2012-11-08 12:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-20 05:51 . 2013-07-20 05:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50 . 2013-07-20 05:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50 . 2013-07-20 05:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50 . 2013-07-20 05:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 05:32 . 2013-07-10 05:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 05:45 . 2013-07-01 05:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-18 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-02 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-05-04 03:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-25 02:33 163840 ----a-w- c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-04-15 00:57 1318912 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-04-01 22:11 1283384 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-03-24 18:34 1007616 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPCHWMsg]
2009-04-09 23:01 570736 ----a-w- c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"359707014"=c:\program files\Toshiba Registration\Registration.exe /r "c:\program files\Toshiba Registration\Registration.rpd"
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Radio365Agent"=c:\program files\Live365\Radio365\Radio365TrayAgent.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"<NO NAME>"=
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ClickPotatoLiteSA"="c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-21 116608]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 19:11]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 04:05]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 04:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-30 08:35
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-08-30 08:43:02
ComboFix-quarantined-files.txt 2013-08-30 12:42
ComboFix2.txt 2013-08-30 01:53
ComboFix3.txt 2013-08-30 00:45
ComboFix4.txt 2012-07-12 03:15
ComboFix5.txt 2013-08-30 12:23
.
Pre-Run: 186,297,810,944 bytes free
Post-Run: 186,175,909,888 bytes free
.
- - End Of File - - 9F7C88C9321E2D38BA133D3990ECEDC0
5B5E648D12FCADC244C1EC30318E1EB9

 

[johnb35]

For some reason its not working correctly. So lets do this.

I've attached a notepad file to my post, please click on it and save it to your desktop. Then drag the notepad file and drop it into the combofix icon so it will run. Post the log results.