EchoAlias Posted August 22, 2012 ID:588608 Share Posted August 22, 2012 Hello!Just going to leave a little disclaimer here: I'm a bit of a techno noob, so I'm sorry if that's frustrating.Basically, very annoyed, 10 day old laptop keeps redirecting from google searches (not all the time, though). Malwarebytes keeps blocking outbound IP 91.218.121.57. Reading up on it has me concluding it's a redirect virus thing. Hoping you can help stop this?DDS log:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Emma at 14:30:08 on 2012-08-22Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.4632 [GMT 1:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\GFNEXSrv.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\unsecapp.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\TECO\Teco.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\System32\rundll32.exeC:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exeC:\windows\SysWOW64\rundll32.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\windows\system32\DllHost.exeC:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\SysWOW64\cmd.exeC:\windows\system32\conhost.exeC:\windows\SysWOW64\cscript.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://hotmail.com/uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUAmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120815112300.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentuRun: [ascap] "C:\Windows\System32\rundll32.exe" "C:\Users\Emma\AppData\Roaming\ascap.dll",_ReadlinemRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStartmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupdRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUPStartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{97E5D772-D53E-447B-8398-1F935024C5DA} : DhcpNameServer = 192.168.1.254TCP: Interfaces\{CA0808AA-0C75-4C0A-ABE2-50A52B71567B} : DhcpNameServer = 192.168.42.129Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120815112300.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FilemRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStartmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\system32\DRIVERS\iusb3hcs.sys --> C:\windows\system32\DRIVERS\iusb3hcs.sys [?]R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\system32\DRIVERS\NBVol.sys --> C:\windows\system32\DRIVERS\NBVol.sys [?]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\system32\DRIVERS\NBVolUp.sys --> C:\windows\system32\DRIVERS\NBVolUp.sys [?]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-12 128280]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-12 161560]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-13 655944]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-5-11 199304]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-5-11 210616]R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-12 363800]R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys --> C:\windows\system32\DRIVERS\iusb3hub.sys [?]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys --> C:\windows\system32\DRIVERS\iusb3xhc.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtwlane.sys --> C:\windows\system32\DRIVERS\rtwlane.sys [?]R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-11 250568]S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-2 276248]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 136176]S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-5-11 225216]S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\system32\DRIVERS\RtkBtfilter.sys --> C:\windows\system32\DRIVERS\RtkBtfilter.sys [?]S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-12 57216]S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2012-08-21 09:08:22 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C46FBFA4-93FE-46FA-9BF7-978E93246742}\mpengine.dll2012-08-19 18:32:11 -------- d-----w- C:\ProgramData\VirtualizedApplications2012-08-19 16:33:12 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-17 20:59:08 -------- d-----w- C:\windows\SysWow64\Wat2012-08-17 20:59:08 -------- d-----w- C:\windows\System32\Wat2012-08-17 19:46:42 -------- d-----w- C:\Users\Emma\AppData\Roaming\Origin2012-08-17 19:46:01 -------- d-----w- C:\ProgramData\Origin2012-08-17 19:45:30 -------- d-----w- C:\Program Files (x86)\Origin2012-08-17 19:36:29 485376 ----a-w- C:\Users\Emma\AppData\Roaming\ascap.dll2012-08-15 21:07:03 -------- d-----w- C:\ProgramData\Electronic Arts2012-08-15 21:05:02 -------- d-----w- C:\Program Files (x86)\Microsoft WSE2012-08-15 21:04:28 3977496 ----a-w- C:\windows\System32\d3dx9_31.dll2012-08-15 21:04:28 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll2012-08-15 15:56:23 -------- d-----w- C:\Users\Emma\AppData\Local\SoftGrid Client2012-08-15 15:56:20 -------- d-----w- C:\Users\Emma\AppData\Roaming\SoftGrid Client2012-08-15 15:55:00 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client2012-08-15 15:54:41 -------- d-----w- C:\Users\Emma\AppData\Roaming\TP2012-08-15 08:48:05 -------- d-----w- C:\Users\Emma\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.12012-08-15 08:34:59 -------- d-----w- C:\Users\Emma\AppData\Local\Htc2012-08-15 08:34:30 -------- d-----w- C:\Users\Emma\AppData\Roaming\HTC2012-08-15 08:33:28 -------- d-----w- C:\Users\Emma\AppData\Local\Downloaded Installations2012-08-15 08:33:05 -------- d-----w- C:\Program Files (x86)\Spirent Communications2012-08-15 08:32:45 -------- d-----w- C:\Program Files (x86)\HTC2012-08-15 08:31:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.02012-08-15 07:41:05 552960 ----a-w- C:\windows\System32\drivers\bthport.sys2012-08-15 07:29:24 294912 ----a-w- C:\windows\System32\browserchoice.exe2012-08-15 07:14:17 81408 ----a-w- C:\windows\System32\imagehlp.dll2012-08-15 07:14:17 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys2012-08-15 07:14:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll2012-08-15 07:14:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll2012-08-15 07:14:16 5120 ----a-w- C:\windows\System32\wmi.dll2012-08-15 07:14:16 220672 ----a-w- C:\windows\System32\wintrust.dll2012-08-15 07:14:16 172544 ----a-w- C:\windows\SysWow64\wintrust.dll2012-08-15 07:04:48 751104 ----a-w- C:\windows\System32\win32spl.dll2012-08-15 07:00:03 956928 ----a-w- C:\windows\System32\localspl.dll2012-08-13 20:31:55 -------- d-----w- C:\Users\Emma\AppData\Roaming\Malwarebytes2012-08-13 20:31:31 -------- d-----w- C:\ProgramData\Malwarebytes2012-08-13 20:31:29 24904 ----a-w- C:\windows\System32\drivers\mbam.sys2012-08-13 20:31:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-13 19:54:38 -------- d-----w- C:\Users\Emma\AppData\Local\Diagnostics2012-08-13 19:50:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26C63FE6-793B-49B9-856B-947705130033}\gapaengine.dll2012-08-13 19:48:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2012-08-13 19:48:52 -------- d-----w- C:\Program Files\Microsoft Security Client2012-08-13 19:42:37 2622464 ----a-w- C:\windows\System32\wucltux.dll2012-08-13 19:42:26 99840 ----a-w- C:\windows\System32\wudriver.dll2012-08-13 19:42:18 36864 ----a-w- C:\windows\System32\wuapp.exe2012-08-13 19:42:18 186752 ----a-w- C:\windows\System32\wuwebv.dll2012-08-13 18:59:20 -------- dc----w- C:\Users\Emma\AppData\Local\MigWiz2012-08-13 18:56:38 -------- d-----w- C:\Users\Emma\AppData\Local\Google2012-08-13 18:52:51 -------- d-----w- C:\Users\Emma\AppData\Local\SRS Labs2012-08-13 18:52:30 -------- d-----w- C:\Users\Emma\AppData\Local\TOSHIBA2012-08-13 18:51:52 -------- d-----w- C:\Users\Emma\AppData\Local\VirtualStore2012-08-13 18:51:01 -------- d-----w- C:\Users\Emma\AppData\Roaming\WinBatch2012-08-13 18:50:59 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop2012-08-13 18:50:52 -------- d-----w- C:\Users\Emma\AppData\Local\Adobe.==================== Find3M ====================.2012-08-21 15:12:48 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-21 15:12:48 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-06-25 15:04:24 1394248 ----a-w- C:\windows\SysWow64\msxml4.dll2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll2012-05-25 16:13:54 162224 ----a-w- C:\windows\System32\mfevtps.exe.============= FINISH: 14:31:15.26 ===============Thanks in advanced!Attach log.txt Link to post Share on other sites More sharing options...
Maniac Posted August 22, 2012 ID:588615 Share Posted August 22, 2012 Hello EchoAlias and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Malwarebytes' Anti-Malware logaswMBR loga new fresh DDS log Link to post Share on other sites More sharing options...
EchoAlias Posted August 22, 2012 Author ID:588617 Share Posted August 22, 2012 Thank you again!Here's the new DDS:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Emma at 15:12:38 on 2012-08-22Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.4489 [GMT 1:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\GFNEXSrv.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\unsecapp.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\TECO\Teco.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\System32\rundll32.exeC:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exeC:\windows\SysWOW64\rundll32.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\windows\system32\DllHost.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\windows\notepad.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\DllHost.exeC:\windows\SysWOW64\cmd.exeC:\windows\system32\conhost.exeC:\windows\SysWOW64\cscript.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://hotmail.com/uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUAmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120815112300.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentuRun: [ascap] "C:\Windows\System32\rundll32.exe" "C:\Users\Emma\AppData\Roaming\ascap.dll",_ReadlinemRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStartmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupdRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUPStartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{97E5D772-D53E-447B-8398-1F935024C5DA} : DhcpNameServer = 192.168.1.254TCP: Interfaces\{CA0808AA-0C75-4C0A-ABE2-50A52B71567B} : DhcpNameServer = 192.168.42.129Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120815112300.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FilemRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStartmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\system32\DRIVERS\iusb3hcs.sys --> C:\windows\system32\DRIVERS\iusb3hcs.sys [?]R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\system32\DRIVERS\NBVol.sys --> C:\windows\system32\DRIVERS\NBVol.sys [?]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\system32\DRIVERS\NBVolUp.sys --> C:\windows\system32\DRIVERS\NBVolUp.sys [?]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-12 128280]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-12 161560]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-13 655944]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-5-11 199304]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-5-11 210616]R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-12 363800]R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys --> C:\windows\system32\DRIVERS\iusb3hub.sys [?]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys --> C:\windows\system32\DRIVERS\iusb3xhc.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtwlane.sys --> C:\windows\system32\DRIVERS\rtwlane.sys [?]R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-11 250568]S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-2 276248]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 136176]S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-5-11 225216]S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\system32\DRIVERS\RtkBtfilter.sys --> C:\windows\system32\DRIVERS\RtkBtfilter.sys [?]S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-12 57216]S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2012-08-21 09:08:22 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C46FBFA4-93FE-46FA-9BF7-978E93246742}\mpengine.dll2012-08-19 18:32:11 -------- d-----w- C:\ProgramData\VirtualizedApplications2012-08-19 16:33:12 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-17 20:59:08 -------- d-----w- C:\windows\SysWow64\Wat2012-08-17 20:59:08 -------- d-----w- C:\windows\System32\Wat2012-08-17 19:46:42 -------- d-----w- C:\Users\Emma\AppData\Roaming\Origin2012-08-17 19:46:01 -------- d-----w- C:\ProgramData\Origin2012-08-17 19:45:30 -------- d-----w- C:\Program Files (x86)\Origin2012-08-17 19:36:29 485376 ----a-w- C:\Users\Emma\AppData\Roaming\ascap.dll2012-08-15 21:07:03 -------- d-----w- C:\ProgramData\Electronic Arts2012-08-15 21:05:02 -------- d-----w- C:\Program Files (x86)\Microsoft WSE2012-08-15 21:04:28 3977496 ----a-w- C:\windows\System32\d3dx9_31.dll2012-08-15 21:04:28 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll2012-08-15 15:56:23 -------- d-----w- C:\Users\Emma\AppData\Local\SoftGrid Client2012-08-15 15:56:20 -------- d-----w- C:\Users\Emma\AppData\Roaming\SoftGrid Client2012-08-15 15:55:00 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client2012-08-15 15:54:41 -------- d-----w- C:\Users\Emma\AppData\Roaming\TP2012-08-15 08:48:05 -------- d-----w- C:\Users\Emma\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.12012-08-15 08:34:59 -------- d-----w- C:\Users\Emma\AppData\Local\Htc2012-08-15 08:34:30 -------- d-----w- C:\Users\Emma\AppData\Roaming\HTC2012-08-15 08:33:28 -------- d-----w- C:\Users\Emma\AppData\Local\Downloaded Installations2012-08-15 08:33:05 -------- d-----w- C:\Program Files (x86)\Spirent Communications2012-08-15 08:32:45 -------- d-----w- C:\Program Files (x86)\HTC2012-08-15 08:31:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.02012-08-15 07:41:05 552960 ----a-w- C:\windows\System32\drivers\bthport.sys2012-08-15 07:29:24 294912 ----a-w- C:\windows\System32\browserchoice.exe2012-08-15 07:14:17 81408 ----a-w- C:\windows\System32\imagehlp.dll2012-08-15 07:14:17 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys2012-08-15 07:14:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll2012-08-15 07:14:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll2012-08-15 07:14:16 5120 ----a-w- C:\windows\System32\wmi.dll2012-08-15 07:14:16 220672 ----a-w- C:\windows\System32\wintrust.dll2012-08-15 07:14:16 172544 ----a-w- C:\windows\SysWow64\wintrust.dll2012-08-15 07:04:48 751104 ----a-w- C:\windows\System32\win32spl.dll2012-08-15 07:00:03 956928 ----a-w- C:\windows\System32\localspl.dll2012-08-13 20:31:55 -------- d-----w- C:\Users\Emma\AppData\Roaming\Malwarebytes2012-08-13 20:31:31 -------- d-----w- C:\ProgramData\Malwarebytes2012-08-13 20:31:29 24904 ----a-w- C:\windows\System32\drivers\mbam.sys2012-08-13 20:31:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-13 19:54:38 -------- d-----w- C:\Users\Emma\AppData\Local\Diagnostics2012-08-13 19:50:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26C63FE6-793B-49B9-856B-947705130033}\gapaengine.dll2012-08-13 19:48:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2012-08-13 19:48:52 -------- d-----w- C:\Program Files\Microsoft Security Client2012-08-13 19:42:37 2622464 ----a-w- C:\windows\System32\wucltux.dll2012-08-13 19:42:26 99840 ----a-w- C:\windows\System32\wudriver.dll2012-08-13 19:42:18 36864 ----a-w- C:\windows\System32\wuapp.exe2012-08-13 19:42:18 186752 ----a-w- C:\windows\System32\wuwebv.dll2012-08-13 18:59:20 -------- dc----w- C:\Users\Emma\AppData\Local\MigWiz2012-08-13 18:56:38 -------- d-----w- C:\Users\Emma\AppData\Local\Google2012-08-13 18:52:51 -------- d-----w- C:\Users\Emma\AppData\Local\SRS Labs2012-08-13 18:52:30 -------- d-----w- C:\Users\Emma\AppData\Local\TOSHIBA2012-08-13 18:51:52 -------- d-----w- C:\Users\Emma\AppData\Local\VirtualStore2012-08-13 18:51:01 -------- d-----w- C:\Users\Emma\AppData\Roaming\WinBatch2012-08-13 18:50:59 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop2012-08-13 18:50:52 -------- d-----w- C:\Users\Emma\AppData\Local\Adobe.==================== Find3M ====================.2012-08-21 15:12:48 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-21 15:12:48 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-06-25 15:04:24 1394248 ----a-w- C:\windows\SysWow64\msxml4.dll2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll2012-05-25 16:13:54 162224 ----a-w- C:\windows\System32\mfevtps.exe.============= FINISH: 15:13:15.71 ===============And Malwarebytes log:Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.22.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Emma :: ZEROII [administrator]Protection: Enabled22/08/2012 15:03:25mbam-log-2012-08-22 (15-03-25).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 193412Time elapsed: 2 minute(s), 54 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)But all I can get from the aswMBR is this:3ÀŽÐ¼|ŽÀŽØ¾|¿¹üó¤PhËû¹½¾ €~|…ƒÅâñ͈VUÆFÆF´A»ªUÍ]rûUªu ÷ÁtþFf`€~t&fhfÿvhh|hh´BŠV‹ôÍÿƒÄžË¸»|ŠVŠvŠNŠnÍfas-þN…€~€„Š²€Ë‚U2ÄŠVÍ]Ëœ>þ}Uªunÿv芅°ñÆdè°ßÆ`èx°ÿÆdèq¸»Íf#Àu;fûTCPAu2ùr,fh »fhfhfSfSfUfhfh|fah ÍZ2öê|Í · Ë ¶ Ë µ 2Ä ‹Ð¬<tü» ´ÍËò+ÉÄdË$ÀØ$ÃInvalid partition tableError loading operating systemMissing operating system‡Oþ°€ !'Y¿À.Y¿ þÿÿè.@_HÁÿþÿÿ(ŽHX÷UªAs far as I'm aware the OS should be fine... Link to post Share on other sites More sharing options...
EchoAlias Posted August 22, 2012 Author ID:588622 Share Posted August 22, 2012 Lied - just found the logs:aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-08-22 15:08:03-----------------------------15:08:03.775 OS Version: Windows x64 6.1.7601 Service Pack 115:08:03.775 Number of processors: 4 586 0x2A0715:08:03.775 ComputerName: ZEROII UserName: Emma15:08:06.178 Initialize success15:08:38.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-115:08:38.201 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 315:08:38.216 Disk 0 MBR read successfully15:08:38.216 Disk 0 MBR scan15:08:38.216 Disk 0 Windows VISTA default MBR code15:08:38.232 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 204815:08:38.232 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 592872 MB offset 307404815:08:38.263 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 16107 MB offset 121727590415:08:38.310 Disk 0 scanning C:\windows\system32\drivers15:08:45.689 Service scanning15:09:11.756 Modules scanning15:09:11.772 Disk 0 trace - called modules:15:09:11.834 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll15:09:11.850 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007afb790]15:09:11.865 3 CLASSPNP.SYS[fffff880015b443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afa050]15:09:11.865 Scan finished successfully15:10:40.018 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"15:10:40.330 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-08-22 15:11:25-----------------------------15:11:25.777 OS Version: Windows x64 6.1.7601 Service Pack 115:11:25.777 Number of processors: 4 586 0x2A0715:11:25.777 ComputerName: ZEROII UserName: Emma15:11:28.148 Initialize success15:11:33.948 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-115:11:33.963 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 315:11:33.994 Disk 0 MBR read successfully15:11:33.994 Disk 0 MBR scan15:11:33.994 Disk 0 Windows VISTA default MBR code15:11:34.010 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 204815:11:34.010 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 592872 MB offset 307404815:11:34.057 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 16107 MB offset 121727590415:11:34.088 Disk 0 scanning C:\windows\system32\drivers15:11:40.843 Service scanning15:12:07.145 Modules scanning15:12:07.160 Disk 0 trace - called modules:15:12:07.207 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll15:12:07.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007afb790]15:12:07.238 3 CLASSPNP.SYS[fffff880015b443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afa050]15:12:07.254 Scan finished successfully15:12:25.553 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"15:12:25.553 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"Sorry, this is what I get for having too many windows open at once. Link to post Share on other sites More sharing options...
Maniac Posted August 22, 2012 ID:588623 Share Posted August 22, 2012 Thanks!Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
EchoAlias Posted August 22, 2012 Author ID:588638 Share Posted August 22, 2012 Here's the log. I think it deleted something - good sign? :3ComboFix 12-08-22.01 - Emma 22/08/2012 15:42:09.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.4521 [GMT 1:00]Running from: c:\users\Emma\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Emma\AppData\Roaming\ascap.dll..((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))..2012-08-22 14:46 . 2012-08-22 14:46 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-21 09:08 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C46FBFA4-93FE-46FA-9BF7-978E93246742}\mpengine.dll2012-08-19 18:32 . 2012-08-19 18:39 -------- d-----w- c:\programdata\VirtualizedApplications2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----r- C:\MSOCache2012-08-19 16:33 . 2012-06-29 02:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-17 20:59 . 2012-08-17 20:59 -------- d-----w- c:\windows\SysWow64\Wat2012-08-17 20:59 . 2012-08-17 20:59 -------- d-----w- c:\windows\system32\Wat2012-08-17 19:46 . 2012-08-17 19:47 -------- d-----w- c:\programdata\Origin2012-08-17 19:45 . 2012-08-17 19:45 -------- d-----w- c:\program files (x86)\Origin2012-08-15 21:07 . 2012-08-17 19:46 -------- d-----w- c:\programdata\Electronic Arts2012-08-15 21:05 . 2012-08-15 21:05 -------- d-----w- c:\program files (x86)\Microsoft WSE2012-08-15 21:04 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll2012-08-15 21:04 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll2012-08-15 20:44 . 2012-08-17 19:45 -------- d-----w- c:\program files (x86)\Electronic Arts2012-08-15 15:55 . 2012-08-15 15:55 -------- d-----w- c:\program files\Microsoft Office2012-08-15 15:55 . 2012-08-17 19:40 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client2012-08-15 08:33 . 2012-08-15 08:33 -------- d-----w- c:\program files (x86)\Spirent Communications2012-08-15 08:32 . 2012-08-15 08:34 -------- d-----w- c:\program files (x86)\HTC2012-08-15 08:31 . 2012-08-15 08:31 -------- d-----w- c:\program files (x86)\MSXML 4.02012-08-15 07:41 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys2012-08-15 07:29 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe2012-08-15 07:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-08-15 07:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-08-15 07:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-08-15 07:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-08-15 07:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-08-15 07:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-15 07:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-08-15 07:06 . 2012-08-03 03:27 62134624 ----a-w- c:\windows\system32\MRT.exe2012-08-15 07:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll2012-08-15 07:00 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll2012-08-13 20:31 . 2012-08-13 20:31 -------- d-----w- c:\programdata\Malwarebytes2012-08-13 20:31 . 2012-08-13 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-08-13 20:31 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-13 19:50 . 2012-08-13 19:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26C63FE6-793B-49B9-856B-947705130033}\gapaengine.dll2012-08-13 19:48 . 2012-08-13 19:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client2012-08-13 19:48 . 2012-08-13 19:49 -------- d-----w- c:\program files\Microsoft Security Client2012-08-13 19:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-08-13 19:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-08-13 19:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-08-13 19:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-08-13 19:42 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-08-13 19:42 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-08-13 19:42 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-08-13 19:42 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-08-13 19:42 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-08-13 18:50 . 2012-08-13 18:50 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop2012-08-13 18:50 . 2012-08-15 08:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR2012-08-13 18:49 . 2012-08-13 18:49 -------- d-----w- c:\programdata\ToshibaEurope2012-08-13 18:49 . 2012-08-13 18:52 -------- d-----w- c:\users\Emma...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-21 15:12 . 2012-05-11 18:47 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-21 15:12 . 2012-05-11 18:47 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-08-13 20:11 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll2012-05-25 16:13 . 2012-05-11 18:56 162224 ----a-w- c:\windows\system32\mfevtps.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936].c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-5-11 1492352].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 136176]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 250568]R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 136176]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2012-01-05 21096]R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-17 1255736]R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-29 363800]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - ASWMBR*Deregistered* - aswMBR*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 15:12].2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 18:52].2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 18:52].2012-08-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41].2012-08-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-05-11 150992]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://hotmail.com/mLocal Page = c:\windows\SysWOW64\blank.htmIE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exeWow6432Node-HKCU-Run-ascap - c:\users\Emma\AppData\Roaming\ascap.dllToolbar-Locked - (no file)HKLM-Run-(Default) - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-08-22 15:48:19ComboFix-quarantined-files.txt 2012-08-22 14:48.Pre-Run: 572,275,691,520 bytes freePost-Run: 572,263,165,952 bytes free.- - End Of File - - 9DA1D455177F8532730259E603D5FFF6 Link to post Share on other sites More sharing options...
Maniac Posted August 22, 2012 ID:588649 Share Posted August 22, 2012 Very good sign! Please do me a favor: Compress the following folder: C:\Qoobox\Quarantinehttp://windows.microsoft.com/en-US/windows7/Compress-and-uncompress-files-zip-filesNext, upload it somewhere, for example in www.rapdishare.com and send me a download link via PM.Thanks in advance! Link to post Share on other sites More sharing options...
Maniac Posted August 22, 2012 ID:588680 Share Posted August 22, 2012 Thanks! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
EchoAlias Posted August 23, 2012 Author ID:589078 Share Posted August 23, 2012 This is the only log I can find. A bit smaller than the others, though.ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKScan didn't find anything, anyway. Link to post Share on other sites More sharing options...
Maniac Posted August 23, 2012 ID:589102 Share Posted August 23, 2012 Yes, sometimes it happen.How are things running now? Link to post Share on other sites More sharing options...
EchoAlias Posted August 23, 2012 Author ID:589114 Share Posted August 23, 2012 Fine now! No problems with searches, so YAY!Thank you very much!(What do I do with the logs etc on my desktop? Keep, or delete?) Link to post Share on other sites More sharing options...
Maniac Posted August 23, 2012 ID:589122 Share Posted August 23, 2012 We will clean everything.Please uninstall ComboFix:www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstallNext, manually delete DDS and aswMBR.Some malware prevention tipshttp://forums.malwarebytes.org/index.php?showtopic=104379Safe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2012 ID:589473 Share Posted August 24, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts