Jump to content

natekenney

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. natekenney
    just restarted and seems like were back to normal. let me know if theres anything else i should do to clean it up. Thanks a million for the help.
  2. natekenney
    Just ran combofix, Below is the log. Havent restarted yet to see if its fixed yet. ComboFix 12-10-16.02 - Ed 16/10/2012 15:58:37.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3824.2354 [GMT -4:00] Running from: c:\users\Ed\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\8vXbDso7E0uhEU c:\programdata\8vXbDso7E0uhEU.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 ))))))))))))))))))))))))))))))) . . 2012-10-16 20:03 . 2012-10-16 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-15 01:24 . 2012-10-15 01:24 -------- d-----w- c:\users\Ed\AppData\Roaming\Malwarebytes 2012-10-15 01:24 . 2012-10-15 01:24 -------- d-----w- c:\programdata\Malwarebytes 2012-10-15 01:24 . 2012-10-15 01:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-15 01:24 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-12 14:59 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD43203B-7ED8-4406-B657-0B2A6C2AD4FE}\mpengine.dll 2012-10-10 14:30 . 2012-08-18 15:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-09-24 18:33 . 2012-08-24 18:02 9375744 ----a-w- c:\windows\system32\mshtml.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-11 21:04 . 2011-02-01 17:36 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-08-18 11:19 . 2012-10-10 14:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:55 . 2012-09-12 01:11 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 17:05 . 2012-09-12 01:11 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-30 39408] "Sync2"="c:\program files (x86)\4Team Corporation\Sync2\Sync2.exe" [2011-06-22 4347088] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176] R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-01 136192] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-09 482384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-20 81920] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-24 259440] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-14 295088] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-28 7821312] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-05-11 836016] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832] . . Contents of the 'Scheduled Tasks' folder . 2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 01:28] . 2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 01:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-12 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-12 414744] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.ca/ mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-8vXbDso7E0uhEU - c:\programdata\8vXbDso7E0uhEU.exe Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-HP Color LaserJet CM1312 MFP Series Fax - c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-16 16:05:23 ComboFix-quarantined-files.txt 2012-10-16 20:05 . Pre-Run: 397,016,678,400 bytes free Post-Run: 397,074,657,280 bytes free . - - End Of File - - CD014FD730AE77721BD2CF0A4BBE0021
  3. natekenney
    thanks a lot for the help maniak. here are the reports after updating mbytes and running aswMBR. Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.15.12 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Ed :: ED-PC [administrator] Protection: Disabled 15/10/2012 6:19:48 PM mbam-log-2012-10-15 (18-19-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198521 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-15 18:29:10 ----------------------------- 18:29:10.739 OS Version: Windows x64 6.1.7600 18:29:10.755 Number of processors: 4 586 0x2505 18:29:10.755 ComputerName: ED-PC UserName: Ed 18:29:12.081 Initialize success 18:29:41.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:29:41.598 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3 18:29:41.598 Disk 0 MBR read successfully 18:29:41.613 Disk 0 MBR scan 18:29:41.613 Disk 0 Windows VISTA default MBR code 18:29:41.629 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 18:29:41.644 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465298 MB offset 3074048 18:29:41.676 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10141 MB offset 956004352 18:29:41.707 Disk 0 scanning C:\windows\system32\drivers 18:29:47.276 Service scanning 18:30:06.760 Modules scanning 18:30:06.760 Disk 0 trace - called modules: 18:30:06.807 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll 18:30:06.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069cc060] 18:30:06.823 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069ca060] 18:30:06.823 5 thpdrv.sys[fffff88001b76cc0] -> nt!IofCallDriver -> [0xfffffa80049809d0] 18:30:06.838 7 ACPI.sys[fffff88000fa0781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004983050] 18:30:06.838 Scan finished successfully 18:30:41.018 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat" 18:30:41.034 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"
  4. natekenney
    Laptop running no malware software got infected with file recovery trojan. Used unhide to see files again and ran malwarebytes and deleted 2 viruses. one problem is gone but the fake file recovery continues to open on startup. Help with the removal of this would be greatly appreciated. Thanks in advance. dds: DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by Ed at 22:09:07 on 2012-10-14 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3824.2213 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Windows\System32\ThpSrv.exe C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\igfxext.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [best Buy pc app] C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sync2] "C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe" /background uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [8vXbDso7E0uhEU] C:\ProgramData\8vXbDso7E0uhEU.exe mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\4355059523 : DHCPNameServer = 192.168.1.1 71.243.0.12 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\4416973794E6E60313 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\54855434554594655435 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\B413139473 : DHCPNameServer = 192.168.1.1 71.243.0.12 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\B69646A5F4E454 : DHCPNameServer = 142.20.66.52 142.20.67.52 TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\E41465542502D2026427565602759664960235562767963656 : DHCPNameServer = 164.124.101.2 168.126.63.1 TCP: Interfaces\{2D3773E5-72B9-4BE5-BE34-0119BD0843D9} : DHCPNameServer = 83.97.120.225 83.97.124.225 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 192.168.2.2 NPI34FDC2 . ============= SERVICES / DRIVERS =============== . R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-11-20 482384] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-14 399432] R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-11-20 81920] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-23 259440] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-20 2320920] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872] R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104] R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2010-11-20 295088] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-11-20 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2010-7-28 7821312] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-11-20 35008] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-20 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-5-10 836016] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176] S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-1 136192] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-14 676936] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-14 25928] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-2-24 78336] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-2-2 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-15 01:54:42 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD43203B-7ED8-4406-B657-0B2A6C2AD4FE}\offreg.dll 2012-10-15 01:24:48 -------- d-----w- C:\Users\Ed\AppData\Roaming\Malwarebytes 2012-10-15 01:24:13 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-15 01:24:12 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-10-15 01:24:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-12 16:23:13 234496 ----a-w- C:\ProgramData\8vXbDso7E0uhEU.exe 2012-10-12 14:59:26 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD43203B-7ED8-4406-B657-0B2A6C2AD4FE}\mpengine.dll 2012-10-10 14:30:59 6144 ---ha-w- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll . ==================== Find3M ==================== . 2012-09-14 19:23:40 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:30:38 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-08-31 18:02:20 1656688 ----a-w- C:\windows\System32\drivers\ntfs.sys 2012-08-30 18:11:29 5505904 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-08-30 17:18:33 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:18:33 3902832 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:28 220160 ----a-w- C:\windows\System32\wintrust.dll 2012-08-24 18:05:27 1197568 ----a-w- C:\windows\System32\wininet.dll 2012-08-24 18:02:20 57856 ----a-w- C:\windows\System32\licmgr10.dll 2012-08-24 17:10:47 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-08-24 17:10:47 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-08-24 17:08:47 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll 2012-08-24 16:45:23 482816 ----a-w- C:\windows\System32\html.iec 2012-08-24 16:02:45 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-08-24 16:01:45 386048 ----a-w- C:\windows\SysWow64\html.iec 2012-08-24 15:27:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-08-18 15:43:05 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-08-18 15:43:05 243200 ----a-w- C:\windows\System32\wow64.dll 2012-08-18 15:43:05 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-08-18 15:42:31 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-08-18 15:40:26 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-08-18 15:37:49 425984 ----a-w- C:\windows\System32\KernelBase.dll 2012-08-18 15:34:13 338432 ----a-w- C:\windows\System32\conhost.exe 2012-08-18 11:22:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-08-18 11:19:45 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-08-18 11:19:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-08-18 11:17:56 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-08-18 11:17:56 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-08-18 09:12:09 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-08-18 09:12:09 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-08-18 09:07:02 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-18 09:07:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 09:07:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 09:07:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-11 00:53:01 714752 ----a-w- C:\windows\System32\kerberos.dll 2012-08-10 23:54:04 541184 ----a-w- C:\windows\SysWow64\kerberos.dll 2012-08-02 17:55:04 574464 ----a-w- C:\windows\System32\d3d10level9.dll 2012-08-02 17:05:42 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2012-07-18 17:31:12 3146752 ----a-w- C:\windows\System32\win32k.sys 2012-07-17 17:57:28 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-17 17:57:28 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 22:09:34.70 =============== attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 31/01/2011 7:06:00 AM System Uptime: 14/10/2012 9:50:01 PM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | rBGA1288 Socket | 911/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 454 GiB total, 369.893 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP228: 16/08/2012 2:31:09 PM - Windows Update RP229: 16/08/2012 5:25:32 PM - Windows Update RP230: 21/08/2012 2:04:46 PM - Windows Update RP231: 28/08/2012 1:52:01 PM - Windows Update RP232: 04/09/2012 2:21:11 PM - Windows Update RP233: 11/09/2012 9:07:46 PM - Windows Update RP234: 12/09/2012 8:45:39 AM - Windows Update RP235: 13/09/2012 12:10:35 AM - Windows Update RP236: 19/09/2012 11:29:28 AM - Windows Update RP237: 24/09/2012 2:32:33 PM - Windows Update RP238: 24/09/2012 5:11:52 PM - Windows Update RP239: 28/09/2012 2:09:28 PM - Windows Update RP240: 05/10/2012 1:14:08 PM - Windows Update RP241: 09/10/2012 8:19:28 AM - Windows Update RP242: 10/10/2012 3:51:33 PM - Windows Update RP243: 11/10/2012 5:03:45 PM - Windows Update RP245: 14/10/2012 9:21:48 PM - Windows Defender Checkpoint . ==== Installed Programs ====================== . 4Team Sync2 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Reader 9.3 Best Buy pc app BlackBerry Desktop Software 6.1 BlackBerry Device Software Updater D3DX10 Dragon NaturallySpeaking 11 Google Chrome Google Toolbar for Internet Explorer Google Update Helper hppLaserJetService hppQFolderCM1312 HPSSupply Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Network Connections Drivers Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® PROSet/Wireless WiMAX Software Intel® Wireless Display Java Auto Updater Java 6 Update 20 Junk Mail filter update Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Home and Business 2010 - English Microsoft Office Outlook Connector Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NEC Electronics USB 3.0 Host Controller Driver PL-2303 USB-to-Serial PlayReady PC Runtime amd64 Realtek High Definition Audio Driver RICOH R5U230 Media Driver ver.2.10.03.02 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Shop for HP Supplies Sibelius 6 Skype Toolbars Skype™ 5.10 Synaptics Pointing Device Driver TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) WebEx Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.00 beta 5 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 11/10/2012 10:57:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070013: Update for Windows 7 for x64-based Systems (KB2749655). 11/10/2012 10:56:51 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 08/10/2012 1:58:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. . ==== End Of File =========================== RK report: RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Ed [Admin rights] Mode : Scan -- Date : 10/14/2012 22:36:09 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : 8vXbDso7E0uhEU (C:\ProgramData\8vXbDso7E0uhEU.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1701710910-3518207957-3494354271-1000[...]\Run : Best Buy pc app (C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1701710910-3518207957-3494354271-1000[...]\Run : 8vXbDso7E0uhEU (C:\ProgramData\8vXbDso7E0uhEU.exe) -> FOUND [TASK][sUSP PATH] {F373DDF9-0074-4C25-A9B7-91A680A6AC2C} : C:\windows\system32\pcalua.exe -a "C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKX1XMVG\Setup[1].exe" -d C:\Users\Ed\Desktop -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 192.168.2.2 NPI34FDC2 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++ --- User --- [MBR] c717d91c4c13a7370f5b929fbe60b9ab [bSP] 2a3b5551498a312cb8ca11fce8d71b65 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465298 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 956004352 | Size: 10141 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.