Exploit Drop 3, and a coincidence?

[baintha]

Hi - I've had a couple of problems in quick succession but I think they were just coincidence. However, I was hoping someone would be kind enough to put my mind at ease.

Malwarebytes detected 3 files infected with "Exploit Drop 3" earlier on today. They were in my Users/LOCAL folder. It cleared them and I've rebooted and re-scanned several times and there's no sign of it anymore. I noticed from another thread that Exploit Drop 3 does need a few more steps to fully remove, so I've posted the below log just in case.

Within 20 mins of Exploit Drop 3 occurring, my wife's laptop crashed. It didn't BSOD but dropped out to a black DOS screen where it provided details of her Ethernet Controller. It tried to find her MAC address and brought up a line reading "DCHP....", but stopped after a keystroke. It then told us there was no bootable device (insert boot disc) before starting the process of finding MAC address again. This seems like an unrelated hardware issue to me, and her laptop is working fine now. However, the fact that it was an Ethernet controller issue was enough to worry me. Several scans on her laptop show no problem. This had never happened before

I wondered if anyone might think there was a connection between the two issues. I think it was coincidence, but my malware/virus knowledge is quite poor.

I had separate issues last week with MSE clashing with a trial version of McAffee - fully removing McAffee has revolved this.

Any help greatly appreciated

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Tom at 22:51:25 on 2012-01-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3955.2254 [GMT 0:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\FileOpen\Services\FileOpenBroker64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://toshiba.msn.com

uDefault_Page_URL = hxxp://toshiba.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{4CF8E526-D271-49DA-A0C0-07FC4B53BEFB} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{4CF8E526-D271-49DA-A0C0-07FC4B53BEFB}\35B4959313131343 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4E8B0304-442D-4B05-8F40-38154EE343BA} : DhcpNameServer = 192.168.42.129

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xhg9vomg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk

FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xhg9vomg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xhg9vomg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xhg9vomg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll

FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xhg9vomg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll

FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xhg9vomg.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 FileOpenManagerSvc;FileOpenManagerSvc;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-10-21 334720]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-30 2314240]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-30 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]

.

=============== Created Last 30 ================

.

2012-01-08 22:18:27 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{833C6030-5642-41BD-897A-8CF0E864F6C8}\offreg.dll

2012-01-08 21:57:37 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{833C6030-5642-41BD-897A-8CF0E864F6C8}\mpengine.dll

2012-01-08 21:47:56 -------- d-----w- C:\Users\Tom\AppData\Local\{E229F192-D14C-4318-8201-FE4A850478CE}

2012-01-08 21:47:45 -------- d-----w- C:\Users\Tom\AppData\Local\{E524DE16-3F5C-4B3A-A9A7-EA0FB655BF2A}

2012-01-03 21:26:03 -------- d-----w- C:\Users\Tom\AppData\Local\{E21AB3D2-84E7-4DE3-B618-D4B8D6DA50A0}

2012-01-02 17:16:02 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-02 09:49:07 -------- d-----w- C:\Users\Tom\AppData\Local\{B9B5D8DF-E348-4D9B-A6D0-EA2552051295}

2012-01-02 09:48:56 -------- d-----w- C:\Users\Tom\AppData\Local\{4C77D5CB-15C6-4F4B-892D-E1A0DD7977D8}

2012-01-01 15:21:11 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9DDF69E-0AE2-4830-90A2-F13B97601196}\gapaengine.dll

2012-01-01 15:19:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-01-01 15:19:01 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-01-01 13:43:05 -------- d-----w- C:\Users\Tom\AppData\Local\{F7912E8C-D337-4610-A22B-24DFADEE89C6}

2011-12-31 14:47:33 -------- d-----w- C:\Users\Tom\AppData\Local\{72752775-6F46-444D-9B19-74BA85FC38D0}

2011-12-30 23:43:16 -------- d-----w- C:\Users\Tom\AppData\Local\{CD8AEF9C-451D-4ADE-ABEC-7921CB94470D}

2011-12-30 23:42:58 -------- d-----w- C:\Users\Tom\AppData\Local\{2F0C357F-5446-4A76-B8A6-3583C974643C}

2011-12-30 10:47:35 -------- d-----w- C:\Users\Tom\AppData\Local\{DE4BBC23-911C-4A79-A344-AB3369530A80}

2011-12-30 10:47:25 -------- d-----w- C:\Users\Tom\AppData\Local\{B5FA00B0-D691-470E-ADD8-FF0707C7E159}

2011-12-29 11:37:29 -------- d-----w- C:\Users\Tom\AppData\Local\{98E35071-06B6-4EEA-B5E2-AC38BC6D9B23}

2011-12-28 10:40:32 -------- d-----w- C:\Users\Tom\AppData\Local\{6344994D-645A-4F80-9DA5-52AB81881DBE}

2011-12-28 10:40:21 -------- d-----w- C:\Users\Tom\AppData\Local\{F82823E6-8CB2-4924-ADA6-B22B280B7F57}

2011-12-27 13:23:30 -------- d-----w- C:\Users\Tom\AppData\Local\{062C70B9-B8A3-46D3-A48C-4F2A07D3DDBE}

2011-12-27 13:23:18 -------- d-----w- C:\Users\Tom\AppData\Local\{89DB64B5-60D8-4D0A-AE8C-7EFB71E72196}

2011-12-26 16:41:37 -------- d-----w- C:\Users\Tom\AppData\Local\{F3386A65-C172-4B6F-A5C8-999B168A6405}

2011-12-26 16:41:26 -------- d-----w- C:\Users\Tom\AppData\Local\{835F4AC3-86E6-4635-9B91-CA32F92F076A}

2011-12-25 13:19:00 -------- d-----w- C:\Users\Tom\AppData\Local\{B6F4FCD6-E4EB-4E28-BB6C-4A510D79AF3B}

2011-12-25 13:18:49 -------- d-----w- C:\Users\Tom\AppData\Local\{5A9ED337-CA23-49E1-8029-79DE81764B96}

2011-12-24 20:24:08 -------- d-----w- C:\Users\Tom\AppData\Local\{BD662901-5624-4A83-B637-C2708725B47F}

2011-12-24 08:18:54 -------- d-----w- C:\Users\Tom\AppData\Local\{B5293ECC-D9E5-4BBF-B7BA-41102E582216}

2011-12-24 08:18:44 -------- d-----w- C:\Users\Tom\AppData\Local\{63287EA4-9ECE-473B-B9FC-D352C050AE15}

2011-12-23 10:06:49 -------- d-----w- C:\Users\Tom\AppData\Local\{FA6B3DDB-175E-4D63-B3D7-84740BA6F7BB}

2011-12-23 10:06:38 -------- d-----w- C:\Users\Tom\AppData\Local\{4EB44CC8-1363-4ECF-948E-54A690A9701E}

2011-12-22 14:59:17 -------- d-----w- C:\Users\Tom\AppData\Local\{16DDA84F-C062-499D-B908-889ED7A188A7}

2011-12-22 14:59:06 -------- d-----w- C:\Users\Tom\AppData\Local\{E157C1A6-AFCD-44F4-BADD-EA7EFC376220}

2011-12-21 20:42:19 -------- d-----w- C:\Users\Tom\AppData\Local\{5756EC86-8441-484D-94FA-33FA978D9EA7}

2011-12-20 21:24:32 -------- d-----w- C:\Users\Tom\AppData\Local\{EC4418A4-DF3D-48A9-8F73-47C8C87666E6}

2011-12-19 17:55:29 -------- d-----w- C:\Users\Tom\AppData\Local\{BF817A5C-6564-4413-A0F0-16FB14AD8A52}

2011-12-19 17:55:08 -------- d-----w- C:\Users\Tom\AppData\Local\{F556B890-8ABF-492A-B071-3DFEB2EC922D}

2011-12-18 13:25:58 -------- d-----w- C:\Users\Tom\AppData\Local\{3D88DB6A-C1E4-4F66-B20D-B1AA017CBF13}

2011-12-17 20:53:23 -------- d-----w- C:\Users\Tom\AppData\Local\{AC687844-7408-4C08-A2BD-BB3DD13179F2}

2011-12-17 08:15:29 -------- d-----w- C:\Users\Tom\AppData\Local\{A50F55E1-1498-4278-98A1-5838F0CAF81B}

2011-12-17 08:15:18 -------- d-----w- C:\Users\Tom\AppData\Local\{11E96043-B161-4B3C-BC15-4474CAA2FF9D}

2011-12-16 15:44:32 -------- d-----w- C:\Users\Tom\AppData\Local\{BF969718-773D-4829-A26A-99243458BC00}

2011-12-16 15:44:21 -------- d-----w- C:\Users\Tom\AppData\Local\{2D2415BF-B398-4693-BAEA-03434952BDC3}

2011-12-15 20:40:59 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-15 20:40:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-15 20:40:59 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-15 20:40:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2011-12-15 20:40:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2011-12-15 18:49:52 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 18:49:51 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 18:49:48 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 18:49:48 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 18:49:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 18:49:38 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-15 18:26:41 -------- d-----w- C:\Users\Tom\AppData\Local\{DC447271-20C9-421C-A64A-673EE58E4744}

2011-12-15 18:26:30 -------- d-----w- C:\Users\Tom\AppData\Local\{46562E53-B8C4-4F77-8BEC-CCCFC893A221}

2011-12-14 18:00:21 -------- d-----w- C:\Users\Tom\AppData\Local\{E2317740-BCD3-457E-B6E1-D5A8469F59BC}

2011-12-14 18:00:10 -------- d-----w- C:\Users\Tom\AppData\Local\{FCBC1C03-82CF-4FDE-9B75-E1F8E24F6377}

2011-12-13 18:17:47 -------- d-----w- C:\Users\Tom\AppData\Local\{A002519A-23F1-49E1-8638-3419DDD05625}

2011-12-12 17:32:26 -------- d-----w- C:\Users\Tom\AppData\Local\{5056B5E2-9839-41F0-AEC2-9EEF55E2A185}

2011-12-12 17:32:15 -------- d-----w- C:\Users\Tom\AppData\Local\{B2CFC752-5D09-4934-83B9-454F1C21E2DE}

2011-12-11 14:55:58 -------- d-----w- C:\Users\Tom\AppData\Local\{D0B0AAD1-9E83-4993-8C14-AD3897D62CEF}

2011-12-10 15:54:58 -------- d-----w- C:\Users\Tom\AppData\Local\{F3ACE3CF-9901-4D0F-BDF5-53D4BE38DBC5}

2011-12-09 23:09:17 -------- d-----w- C:\Users\Tom\AppData\Local\{6EB77979-5C54-4EF4-A047-7D8C307206C9}

2011-12-09 23:07:35 -------- d-----w- C:\Users\Tom\AppData\Local\{4C8436CB-4100-4F08-B414-2E7BDD1F72EB}

.

==================== Find3M ====================

.

2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-18 18:21:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 22:52:29.32 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 01/09/2010 20:26:57

System Uptime: 08/01/2012 22:17:46 (0 hours ago)

.

Motherboard: TOSHIBA | | NALAA

Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | CPU | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 44.155 GiB free.

D: is FIXED (NTFS) - 232 GiB total, 207.956 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP392: 29/12/2011 11:47:58 - Windows Update

RP393: 30/12/2011 20:10:21 - Configured TOSHIBA Bulletin Board

RP394: 30/12/2011 20:21:30 - Windows Update

RP395: 03/01/2012 18:17:48 - Windows Update

RP396: 07/01/2012 19:25:16 - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Advertising Center

Amazon Kindle

BBC iPlayer Desktop

Buzan's iMindMap V4.1

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDex - Open Source Digital Audio CD Extractor

D3DX10

Football Manager 2010

Google Chrome

Grand Theft Auto IV

Grand Theft Auto: Episodes from Liberty City

Himalayan Database

HP Deskjet 2050 J510 series Help

ImagXpress

iMindMap 5

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.0.1800

Medieval II: Total War Demo

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 8.0 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BackItUp

Nero BackItUp and Burn

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero RescueAgent

Nero StartSmart

Nero StartSmart Help

NeroExpress

neroxml

OpenOffice.org 3.3

Pando Media Booster

Portal

PunkBuster Services

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Scrivener

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Sid Meier's Civilization V

Songbird 1.8.0 (Build 1800)

Spotify

Spybot - Search & Destroy

SpywareBlaster 4.4

Steam

Team Fortress 2

The Lord of the Rings Online™ v03.02.04.8010

Toshiba Assist

TOSHIBA ConfigFree

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Manuals

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Online Product Information

TOSHIBA Recovery Media Creator Reminder

TOSHIBA Service Station

TOSHIBA Supervisor Password

Toshiba TEMPRO

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

Total War: SHOGUN 2 Demo

TRORMCLauncher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Utility Common Driver

ViewRanger Map Chooser

VLC media player 1.1.7

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

08/01/2012 22:19:12, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-

Time Protection feature has encountered an error and failed. Feature: Behavior

Monitoring Error Code: 0x80004005 Error description: Unspecified error

Reason: The filter driver requires an up-to-date engine in order to function. You must

install the latest definition updates in order to enable real-time protection.

08/01/2012 22:17:52, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers

\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system.

Please contact your software vendor for a compatible version of the driver.

08/01/2012 21:47:11, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-

Time Protection feature has encountered an error and failed. Feature: Behavior

Monitoring Error Code: 0x80004005 Error description: Unspecified error

Reason: The filter driver requires an up-to-date engine in order to function. You must

install the latest definition updates in order to enable real-time protection.

05/01/2012 22:22:28, Error: Disk [11] - The driver detected a controller error on

\Device\Harddisk1\DR1.

03/01/2012 21:25:45, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-

Time Protection feature has encountered an error and failed. Feature: Behavior

Monitoring Error Code: 0x80004005 Error description: Unspecified error

Reason: The filter driver requires an up-to-date engine in order to function. You must

install the latest definition updates in order to enable real-time protection.

01/01/2012 15:12:14, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-

Time Protection feature has encountered an error and failed. Feature: Behavior

Monitoring Error Code: 0x80004005 Error description: Unspecified error

Reason: The filter driver requires an up-to-date engine in order to function. You must

install the latest definition updates in order to enable real-time protection.

01/01/2012 14:58:01, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-

Time Protection feature has encountered an error and failed. Feature: Behavior

Monitoring Error Code: 0x80004005 Error description: Unspecified error

Reason: The filter driver requires an up-to-date engine in order to function. You must

install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!