natekenney
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by natekenney
-
-
Just ran combofix, Below is the log. Havent restarted yet to see if its fixed yet.
ComboFix 12-10-16.02 - Ed 16/10/2012 15:58:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3824.2354 [GMT -4:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\8vXbDso7E0uhEU
c:\programdata\8vXbDso7E0uhEU.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 20:03 . 2012-10-16 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 01:24 . 2012-10-15 01:24 -------- d-----w- c:\users\Ed\AppData\Roaming\Malwarebytes
2012-10-15 01:24 . 2012-10-15 01:24 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 01:24 . 2012-10-15 01:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-15 01:24 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 14:59 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD43203B-7ED8-4406-B657-0B2A6C2AD4FE}\mpengine.dll
2012-10-10 14:30 . 2012-08-18 15:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-09-24 18:33 . 2012-08-24 18:02 9375744 ----a-w- c:\windows\system32\mshtml.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 21:04 . 2011-02-01 17:36 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-18 11:19 . 2012-10-10 14:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-12 01:11 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 01:11 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-30 39408]
"Sync2"="c:\program files (x86)\4Team Corporation\Sync2\Sync2.exe" [2011-06-22 4347088]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-01 136192]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-09 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-20 81920]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-24 259440]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-14 295088]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-28 7821312]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-05-11 836016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 01:28]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 01:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-12 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-12 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-8vXbDso7E0uhEU - c:\programdata\8vXbDso7E0uhEU.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-HP Color LaserJet CM1312 MFP Series Fax - c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-16 16:05:23
ComboFix-quarantined-files.txt 2012-10-16 20:05
.
Pre-Run: 397,016,678,400 bytes free
Post-Run: 397,074,657,280 bytes free
.
- - End Of File - - CD014FD730AE77721BD2CF0A4BBE0021
-
thanks a lot for the help maniak. here are the reports after updating mbytes and running aswMBR.
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.15.12
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ed :: ED-PC [administrator]
Protection: Disabled
15/10/2012 6:19:48 PM
mbam-log-2012-10-15 (18-19-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198521
Time elapsed: 2 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 18:29:10
-----------------------------
18:29:10.739 OS Version: Windows x64 6.1.7600
18:29:10.755 Number of processors: 4 586 0x2505
18:29:10.755 ComputerName: ED-PC UserName: Ed
18:29:12.081 Initialize success
18:29:41.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:29:41.598 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
18:29:41.598 Disk 0 MBR read successfully
18:29:41.613 Disk 0 MBR scan
18:29:41.613 Disk 0 Windows VISTA default MBR code
18:29:41.629 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:29:41.644 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465298 MB offset 3074048
18:29:41.676 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10141 MB offset 956004352
18:29:41.707 Disk 0 scanning C:\windows\system32\drivers
18:29:47.276 Service scanning
18:30:06.760 Modules scanning
18:30:06.760 Disk 0 trace - called modules:
18:30:06.807 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll
18:30:06.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069cc060]
18:30:06.823 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069ca060]
18:30:06.823 5 thpdrv.sys[fffff88001b76cc0] -> nt!IofCallDriver -> [0xfffffa80049809d0]
18:30:06.838 7 ACPI.sys[fffff88000fa0781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004983050]
18:30:06.838 Scan finished successfully
18:30:41.018 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
18:30:41.034 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"
-
Laptop running no malware software got infected with file recovery trojan. Used unhide to see files again and ran malwarebytes and deleted 2 viruses. one problem is gone but the fake file recovery continues to open on startup. Help with the removal of this would be greatly appreciated. Thanks in advance.
dds:
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Ed at 22:09:07 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3824.2213 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\igfxext.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [best Buy pc app] C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sync2] "C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe" /background
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [8vXbDso7E0uhEU] C:\ProgramData\8vXbDso7E0uhEU.exe
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\4355059523 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\4416973794E6E60313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\54855434554594655435 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\B413139473 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\B69646A5F4E454 : DHCPNameServer = 142.20.66.52 142.20.67.52
TCP: Interfaces\{246466A4-37FC-412C-95F3-A40AF53941A0}\E41465542502D2026427565602759664960235562767963656 : DHCPNameServer = 164.124.101.2 168.126.63.1
TCP: Interfaces\{2D3773E5-72B9-4BE5-BE34-0119BD0843D9} : DHCPNameServer = 83.97.120.225 83.97.124.225
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.168.2.2 NPI34FDC2
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-11-20 482384]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-14 399432]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-11-20 81920]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-23 259440]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-20 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2010-11-20 295088]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-11-20 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2010-7-28 7821312]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-11-20 35008]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-5-10 836016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-1 136192]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-14 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-14 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-2-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-15 01:54:42 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD43203B-7ED8-4406-B657-0B2A6C2AD4FE}\offreg.dll
2012-10-15 01:24:48 -------- d-----w- C:\Users\Ed\AppData\Roaming\Malwarebytes
2012-10-15 01:24:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-15 01:24:12 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-10-15 01:24:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-12 16:23:13 234496 ----a-w- C:\ProgramData\8vXbDso7E0uhEU.exe
2012-10-12 14:59:26 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD43203B-7ED8-4406-B657-0B2A6C2AD4FE}\mpengine.dll
2012-10-10 14:30:59 6144 ---ha-w- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
.
==================== Find3M ====================
.
2012-09-14 19:23:40 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:02:20 1656688 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-08-02 17:55:04 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-07-18 17:31:12 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-07-17 17:57:28 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 17:57:28 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:09:34.70 ===============
attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/01/2011 7:06:00 AM
System Uptime: 14/10/2012 9:50:01 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | rBGA1288 Socket | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 369.893 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP228: 16/08/2012 2:31:09 PM - Windows Update
RP229: 16/08/2012 5:25:32 PM - Windows Update
RP230: 21/08/2012 2:04:46 PM - Windows Update
RP231: 28/08/2012 1:52:01 PM - Windows Update
RP232: 04/09/2012 2:21:11 PM - Windows Update
RP233: 11/09/2012 9:07:46 PM - Windows Update
RP234: 12/09/2012 8:45:39 AM - Windows Update
RP235: 13/09/2012 12:10:35 AM - Windows Update
RP236: 19/09/2012 11:29:28 AM - Windows Update
RP237: 24/09/2012 2:32:33 PM - Windows Update
RP238: 24/09/2012 5:11:52 PM - Windows Update
RP239: 28/09/2012 2:09:28 PM - Windows Update
RP240: 05/10/2012 1:14:08 PM - Windows Update
RP241: 09/10/2012 8:19:28 AM - Windows Update
RP242: 10/10/2012 3:51:33 PM - Windows Update
RP243: 11/10/2012 5:03:45 PM - Windows Update
RP245: 14/10/2012 9:21:48 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
4Team Sync2
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3
Best Buy pc app
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
D3DX10
Dragon NaturallySpeaking 11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
hppLaserJetService
hppQFolderCM1312
HPSSupply
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® PROSet/Wireless WiMAX Software
Intel® Wireless Display
Java Auto Updater
Java 6 Update 20
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Outlook Connector
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
PL-2303 USB-to-Serial
PlayReady PC Runtime amd64
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.10.03.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shop for HP Supplies
Sibelius 6
Skype Toolbars
Skype™ 5.10
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 5 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/10/2012 10:57:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070013: Update for Windows 7 for x64-based Systems (KB2749655).
11/10/2012 10:56:51 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
08/10/2012 1:58:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
RK report:
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Ed [Admin rights]
Mode : Scan -- Date : 10/14/2012 22:36:09
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : 8vXbDso7E0uhEU (C:\ProgramData\8vXbDso7E0uhEU.exe) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1701710910-3518207957-3494354271-1000[...]\Run : Best Buy pc app (C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1701710910-3518207957-3494354271-1000[...]\Run : 8vXbDso7E0uhEU (C:\ProgramData\8vXbDso7E0uhEU.exe) -> FOUND
[TASK][sUSP PATH] {F373DDF9-0074-4C25-A9B7-91A680A6AC2C} : C:\windows\system32\pcalua.exe -a "C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKX1XMVG\Setup[1].exe" -d C:\Users\Ed\Desktop -> FOUND
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
192.168.2.2 NPI34FDC2
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] c717d91c4c13a7370f5b929fbe60b9ab
[bSP] 2a3b5551498a312cb8ca11fce8d71b65 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465298 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 956004352 | Size: 10141 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
file recovery
in Resolved Malware Removal Logs
Posted
just restarted and seems like were back to normal. let me know if theres anything else i should do to clean it up. Thanks a million for the help.