Results 1 to 3 of 3

Thread: Keylogged Computer Hijack this will not remove

  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    1

    Default Keylogged Computer Hijack this will not remove

    Spybot does not show anything. It comes up clean. I am showing keylogger in Hijack this and it refuses to remove it. The hijack this site said I could post in this forum for help. All I have is a copy paste of the files that will not go away for some reason when I click on fix checked to clean them. I can copy and past that saved file here. Perhaps I am missing some items I am not aware of as bad files. The item 10's unknown file in winsock LSP etc....I cannot clean and my browswer is having no issues. I use Google Chrome. This began occurring after I started using Facebook. I am about ready to take my computer to the FBI and let them go Hacker hunting. Perhaps you can help instead. If so I would appreciate it. Below is a copy paste of the Hijack this log.
    Paige Ogilvie



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:07:45 PM, on 1/1/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\c0zMiCg0d\Downloads\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10992 bytes


    DDS copy paste:



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by c0zMiCg0d at 20:27:37.53 on Sat 01/01/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2602 [GMT -5:00]

    AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\atieclxx.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\windows\System32\rundll32.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\c0zMiCg0d\Downloads\HiJackThis.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\c0zMiCg0d\Downloads\dds.scr
    C:\windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    StartupFolder: C:\Users\C0ZMIC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [(Default)]
    mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys [2010-12-2 450096]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys [2010-12-2 821808]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSviA64.sys [2011-1-1 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys [2010-12-2 168496]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-12-2 381488]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 202752]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccsvchst.exe [2010-12-2 126904]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-10-26 6403072]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 188928]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-27 132656]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-10-26 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-10-26 877088]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-26 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-2 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-26 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-2 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2010-12-30 21:25:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-12-30 21:25:48 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-12-30 21:06:33 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Roaming\Big Fish Games
    2010-12-30 17:13:43 -------- d-----w- C:\Program Files (x86)\Sherlock Holmes and the Hound of the Baskervilles
    2010-12-30 17:12:33 -------- d-----w- C:\Program Files (x86)\Drawn - Dark Flight
    2010-12-23 01:47:21 -------- d-----w- C:\Program Files\CCleaner
    2010-12-16 21:27:15 -------- d-----w- C:\Program Files (x86)\4Winds2
    2010-12-16 21:27:15 -------- d-----w- C:\PROGRA~3\4Winds2
    2010-12-15 21:22:44 -------- d-----w- C:\PROGRA~3\Nero
    2010-12-14 02:17:41 -------- d-----w- C:\Program Files (x86)\Heroes of Hellas 2 - Olympia
    2010-12-14 02:15:21 -------- d-----w- C:\Program Files (x86)\Redemption Cemetery - Curse of the Raven
    2010-12-14 02:10:59 -------- d-----w- C:\Program Files (x86)\Nancy Drew - The Final Scene
    2010-12-14 01:36:48 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Roaming\LegacyInteractive
    2010-12-14 01:23:37 -------- d-----w- C:\Program Files (x86)\Legacy Interactive
    2010-12-12 20:15:35 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Local\CrashDumps
    2010-12-10 20:43:48 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Local\Microsoft Games
    2010-12-09 20:25:51 802864 ----a-w- C:\windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
    2010-12-09 20:25:51 735864 ----a-w- C:\windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
    2010-12-09 20:25:51 450608 ----a-w- C:\windows\System32\drivers\NISx64\1205000.07D\symds64.sys
    2010-12-09 20:25:51 40568 ----a-w- C:\windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
    2010-12-09 20:25:51 382072 ----a-w- C:\windows\System32\drivers\NISx64\1205000.07D\symnets.sys
    2010-12-09 20:25:51 171128 ----a-w- C:\windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
    2010-12-09 20:25:39 -------- d-----w- C:\windows\System32\drivers\NISx64\1205000.07D
    2010-12-06 22:36:17 -------- d-----w- C:\Program Files (x86)\VIVA MEDIA
    2010-12-06 20:27:06 -------- d-----w- C:\PROGRA~3\ScreenSeven
    2010-12-06 00:44:43 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Roaming\ScreenSeven
    2010-12-06 00:42:13 -------- d-----w- C:\PROGRA~3\AlawarWrapper
    2010-12-06 00:01:48 419840 ----a-w- C:\windows\System32\wrap_oal.dll
    2010-12-06 00:01:48 413696 ----a-w- C:\windows\SysWow64\wrap_oal.dll
    2010-12-06 00:01:48 133632 ----a-w- C:\windows\System32\OpenAL32.dll
    2010-12-06 00:01:48 110592 ----a-w- C:\windows\SysWow64\OpenAL32.dll
    2010-12-06 00:01:48 -------- d-----w- C:\Program Files (x86)\OpenAL
    2010-12-06 00:01:47 -------- d-----w- C:\windows\EFC1B35CFFF241D8A70ACE6037F8040B.TMP
    2010-12-06 00:01:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2010-12-05 23:49:15 -------- d-----w- C:\Program Files (x86)\OXXOGames
    2010-12-05 20:07:08 -------- d-sh--w- C:\Users\C0ZMIC~1\AppData\Roaming\.#
    2010-12-05 18:57:09 -------- d-----w- C:\Program Files (x86)\500,000 Games
    2010-12-05 18:55:46 -------- d-----w- C:\Program Files (x86)\Viva Media Game Center
    2010-12-05 02:03:25 -------- d-----w- C:\Temp
    2010-12-05 02:01:43 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Roaming\Wizards of the Coast
    2010-12-05 02:01:21 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast
    2010-12-05 00:54:59 5425496 ----a-w- C:\windows\System32\D3DX9_41.dll
    2010-12-04 21:05:19 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Local\Adobe
    2010-12-04 02:42:43 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2010-12-04 02:03:02 -------- d-----w- C:\PROGRA~3\Playrix Entertainment
    2010-12-03 21:54:21 -------- d-----w- C:\Program Files (x86)\Philips
    2010-12-03 21:53:16 -------- d-----w- C:\Philips
    2010-12-03 20:51:47 -------- d-----w- C:\Program Files (x86)\bfgclient
    2010-12-03 20:51:02 -------- d-----w- C:\BigFishGamesCache
    2010-12-03 16:10:42 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2010-12-03 03:00:47 -------- d-----w- C:\windows\en
    2010-12-03 02:56:15 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
    2010-12-03 02:55:28 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
    2010-12-03 02:55:16 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
    2010-12-03 02:55:10 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
    2010-12-03 02:55:10 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
    2010-12-03 02:55:10 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
    2010-12-03 02:55:10 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
    2010-12-03 02:50:30 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d841ef591cb92942d\InstallManager_WLE_WLE.exe
    2010-12-03 02:50:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cda38be21cb929422\MeshBetaRemover.exe
    2010-12-03 02:49:56 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c47d41d61cb92941a\DSETUP.dll
    2010-12-03 02:49:56 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c47d41d61cb92941a\DXSETUP.exe
    2010-12-03 02:49:56 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c47d41d61cb92941a\dsetup32.dll
    2010-12-03 02:49:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c334c3f11cb929419\DSETUP.dll
    2010-12-03 02:49:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c334c3f11cb929419\DXSETUP.exe
    2010-12-03 02:49:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c334c3f11cb929419\dsetup32.dll
    2010-12-03 02:49:03 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Local\Windows Live
    2010-12-03 02:48:21 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
    2010-12-03 02:48:21 206848 ----a-w- C:\windows\System32\mfps.dll
    2010-12-03 02:48:21 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
    2010-12-03 02:48:21 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2010-12-03 02:48:20 4068864 ----a-w- C:\windows\System32\mf.dll
    2010-12-03 02:48:20 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2010-12-03 02:48:19 3181568 ----a-w- C:\windows\SysWow64\mf.dll
    2010-12-03 01:56:54 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2010-12-03 01:55:59 -------- d-----w- C:\Users\C0ZMIC~1\AppData\Local\Microsoft Help

    ==================== Find3M ====================

    2010-12-02 21:30:38 174640 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
    2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2010-10-27 02:17:10 0 ----a-w- C:\windows\ativpsrm.bin
    2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll

    ============= FINISH: 20:28:12.45 ===============


    Other one called Attach not pasted as it was labeled do not put in unless asked for or zipped up. I do not have winzip so I left it saved on my desktop. I do not know what the icons below mean so I did not post one. I just do not want to use my computer because anyone can get my information now and get my passwords since hijack this will not clean off the keylogger. If one of those icons means I am extremely unhappy that is the one I pick. Thank you. I also do not know how to follow this so I will check back and try to find it. in this thread. If it seems like I am not responding it is because I cannot find it. My email is.... please email me where to go find it and thank you!
    --------------------------------------
    Edit

    "Before You Post" sticky.

    Subscriptions

    "Members can keep track of their threads and choose how to be notified about updates."
    Last edited by tashi; 2011-01-02 at 06:43. Reason: Removed email address, spam magnet ;-) Added link

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.




    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,678

    Default

    c0zmicg0d let us know via the contact form that help is no longer needed and thanked you for your response Ken.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •