Jump to content

Recommended Posts

So i have a virus/malware which seems to disable my firewall.. (when i turn it back on it disables within a few seconds) It has also somehow overridden my administrator rights and i am unable to perform any tasks which require the user being an administrator..

I can't load any .exe or application files unless i launch the laptop in safe mode, so the following scans where performed in safe mode.

I also cannot connect to the internet (i wouldn't want to anyway because my firewall if disabled)

Here is the DDS Scan (Run in Safe Mode):

.

DDS (Ver_11-03-05.01) - NTFS_AMD64 MINIMAL

Run by Stephen at 1:07:08.20 on 16/04/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.3159 [GMT 1:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

F:\gmer.exe

C:\Windows\system32\DllHost.exe

F:\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Page_URL = hxxp://toshiba.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110410142135.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

uRun: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI

mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110410142134.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

mRun-x64: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\e9vv59uh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-7-7 283360]

R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-4-9 257232]

R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-4-9 452872]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-4-9 816016]

R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2011-4-9 65072]

R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2011-4-9 74824]

R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-3-10 20592]

S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-7-7 529128]

S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-7-7 75032]

S1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-4-9 334976]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-10 203264]

S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-4-9 247760]

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-3-10 1811456]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-10-19 200056]

S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-10-19 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-19 149032]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-9 366840]

S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-9 1156568]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-10 7450624]

S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-10 268288]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-7-7 62800]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-7-7 190136]

S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-7-7 441328]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-7-7 94864]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-4-9 92896]

S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-3-10 35008]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-10 232992]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-19 344680]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-3-10 932384]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]

S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2011-4-9 41888]

S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-10 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-11 1255736]

S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-04-15 21:59:48 -------- d-----w- C:\Users\Stephen\AppData\Roaming\WinBatch

2011-04-15 21:42:44 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Malwarebytes

2011-04-15 21:42:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-15 21:42:40 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-15 21:42:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-15 21:42:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-14 15:14:20 -------- d-----w- C:\Users\Stephen\AppData\Local\ElevatedDiagnostics

2011-04-14 15:11:59 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-14 15:11:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-14 01:23:18 -------- d-----w- C:\Program Files (x86)\Conduit

2011-04-14 01:23:08 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2011-04-14 01:22:55 -------- d-----w- C:\Program Files (x86)\BitTorrentBar

2011-04-14 01:22:31 -------- d-----w- C:\Program Files (x86)\BitTorrent

2011-04-14 01:21:57 -------- d-----w- C:\Users\Stephen\AppData\Roaming\BitTorrent

2011-04-13 23:22:03 -------- d-----w- C:\Program Files\Common Files\Digidesign

2011-04-13 23:19:25 -------- d-----w- C:\Program Files (x86)\Native Instruments

2011-04-13 23:19:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments

2011-04-13 21:58:44 -------- d-----w- C:\Users\Stephen\AppData\Local\Native Instruments

2011-04-13 02:38:13 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-04-13 02:38:13 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-04-13 02:38:07 3133440 ----a-w- C:\Windows\System32\win32k.sys

2011-04-13 02:38:02 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-04-13 02:38:01 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-04-13 02:38:01 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-04-13 02:38:00 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-04-13 02:35:21 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-04-13 02:35:21 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-04-13 02:35:20 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-04-12 22:41:53 -------- d-----w- C:\PROGRA~3\VirtualizedApplications

2011-04-12 20:31:08 -------- d-----w- C:\Users\Stephen\AppData\Local\SoftGrid Client

2011-04-12 20:31:05 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SoftGrid Client

2011-04-12 20:29:04 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2011-04-12 20:27:55 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TP

2011-04-12 11:04:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-04-11 15:36:29 -------- d-----w- C:\Windows\SysWow64\Wat

2011-04-11 15:36:28 -------- d-----w- C:\Windows\System32\Wat

2011-04-11 12:09:41 -------- d-----w- C:\Program Files (x86)\Voobly

2011-04-11 11:33:23 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-04-11 11:33:23 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-04-11 11:23:33 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-04-11 11:23:33 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-04-11 11:23:33 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-04-11 11:23:33 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-04-11 11:23:33 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-04-11 11:23:33 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-04-11 11:23:33 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-04-11 11:23:33 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-04-11 11:23:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-04-11 11:23:33 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-04-11 11:23:17 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2011-04-11 11:18:07 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2011-04-11 11:18:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-04-11 11:15:28 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2011-04-11 11:15:28 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2011-04-11 01:52:30 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-04-11 01:52:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-04-11 01:52:28 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-04-11 01:52:27 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-04-11 01:52:26 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-04-10 23:07:46 -------- d-----w- C:\Program Files\Common Files\Canon

2011-04-10 21:19:24 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL

2011-04-10 17:57:28 225280 ----a-w- C:\Windows\SysWow64\rewire.dll

2011-04-10 17:57:28 -------- d-----w- C:\Program Files (x86)\VstPlugins

2011-04-10 17:57:11 1294336 ----a-w- C:\Windows\SysWow64\vorbis.acm

2011-04-10 17:56:55 -------- d-----w- C:\Program Files (x86)\Outsim

2011-04-10 17:39:48 -------- d-----w- C:\Program Files (x86)\Image-Line

2011-04-10 13:16:23 -------- d-----w- C:\Users\Stephen\AppData\Local\Mozilla

2011-04-10 13:15:38 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

2011-04-10 13:06:07 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2011-04-10 11:20:10 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-04-10 11:20:10 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-04-10 11:18:59 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2011-04-10 11:17:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2011-04-10 11:16:35 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-10 11:15:57 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-04-10 11:15:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-04-10 11:15:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-04-10 11:15:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-04-10 11:15:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-04-10 11:15:57 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-04-10 11:15:56 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-04-10 11:15:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-04-10 11:15:56 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-04-10 11:15:56 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-04-10 11:15:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-04-10 11:15:48 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2011-04-09 15:54:25 -------- d-----w- C:\Users\Stephen\AppData\Local\Diagnostics

2011-04-09 14:58:12 74824 --s---w- C:\Windows\System32\drivers\TfSysMon.sys

2011-04-09 14:58:12 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys

2011-04-09 14:58:12 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys

2011-04-09 14:54:33 767952 ----a-w- C:\Windows\BDTSupport.dll

2011-04-09 14:54:32 2000848 ----a-w- C:\Windows\PCTBDCore.dll

2011-04-09 14:54:32 1533904 ----a-w- C:\Windows\PCTBDRes.dll

2011-04-09 14:54:32 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2011-04-09 14:46:56 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2011-04-09 14:46:56 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2011-04-09 14:46:55 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2011-04-09 14:46:55 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2011-04-09 14:46:52 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2011-04-09 14:46:48 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2011-04-09 14:46:43 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-04-09 14:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-04-09 14:42:42 -------- d-----w- C:\PROGRA~3\PC Tools

2011-04-09 14:42:17 -------- d-----w- C:\Spyware Doctor

2011-04-09 14:34:32 -------- d-----w- C:\Users\Stephen\AppData\Local\TOSHIBA_Corporation

2011-04-09 14:29:09 -------- d-----w- C:\Users\Stephen\AppData\Local\ATI

2011-04-09 14:28:33 -------- d-----w- C:\Users\Stephen\AppData\Local\VirtualStore

2011-04-09 14:28:29 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop

2011-04-09 14:28:17 -------- d-----w- C:\Users\Stephen\AppData\Local\Adobe

2011-04-09 14:28:04 -------- d-----w- C:\Users\Stephen\AppData\Local\Toshiba

.

==================== Find3M ====================

.

2011-03-10 07:42:10 20592 ----a-w- C:\Windows\System32\drivers\CeKbFilter.sys

2011-03-10 07:37:21 0 ----a-w- C:\Windows\ativpsrm.bin

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-01-26 06:52:25 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:52:25 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:28:16 144384 ----a-w- C:\Windows\System32\cdd.dll

.

============= FINISH: 1:07:21.52 ===============

Here is the MalwareBytes Log (Safe Mode)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

15/04/2011 23:13:34

mbam-log-2011-04-15 (23-13-34).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 301093

Time elapsed: 29 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

It seems the Software found an infected file.. but none the less the symptoms are still there when i log in normally.

I hope you guys can help me =/

Thanks

Attach.zip

Link to post
Share on other sites

Also when i try and update malwarebytes i get an error 'An error has occurred. Please report this error code to our support team. PROGRAM_ERROR_UPDATING (12007,0, WinHttpSendRequest)

The error i get when trying to load .exe files is this:

'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.'

Same error happens when i try to perform simple administrative tasks.. Either i get the error or nothing happens.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This includes BitTorrent and anything else you have installed.

Link to post
Share on other sites

Thank you fo ryour help, i have completed the ComboFix and here is the log:

ComboFix 11-04-17.02 - Stephen 18/04/2011 12:08:52.1.2 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.3332 [GMT 1:00]

Running from: F:\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))

.

.

2011-04-18 11:13 . 2011-04-18 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-15 21:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-15 21:42 . 2011-04-15 21:42 -------- d-----w- c:\programdata\Malwarebytes

2011-04-15 21:42 . 2011-04-15 21:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-15 21:42 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-14 15:11 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-04-14 15:11 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-14 13:26 . 2011-04-14 13:26 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-04-14 01:23 . 2011-04-14 01:23 -------- d-----w- c:\program files (x86)\Conduit

2011-04-13 23:22 . 2011-04-13 23:22 -------- d-----w- c:\program files\Common Files\Digidesign

2011-04-13 23:19 . 2011-04-13 23:19 -------- d-----w- c:\program files (x86)\Native Instruments

2011-04-13 23:19 . 2011-04-13 23:19 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments

2011-04-13 02:38 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-04-13 02:38 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-13 02:38 . 2011-03-03 03:58 3133440 ----a-w- c:\windows\system32\win32k.sys

2011-04-13 02:38 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-13 02:38 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-04-13 02:38 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-04-13 02:38 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-04-13 02:35 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-13 02:35 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-13 02:35 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-04-12 22:41 . 2011-04-12 22:56 -------- d-----w- c:\programdata\VirtualizedApplications

2011-04-12 20:37 . 2011-04-12 20:37 -------- d-----r- C:\MSOCache

2011-04-12 20:29 . 2011-04-13 03:27 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2011-04-12 11:04 . 2011-04-12 11:04 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-04-11 15:36 . 2011-04-11 15:36 -------- d-----w- c:\windows\SysWow64\Wat

2011-04-11 15:36 . 2011-04-11 15:36 -------- d-----w- c:\windows\system32\Wat

2011-04-11 12:09 . 2011-04-11 12:26 -------- d-----w- c:\program files (x86)\Voobly

2011-04-11 11:33 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-04-11 11:33 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-04-11 11:23 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-04-11 11:23 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-04-11 11:23 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-04-11 11:23 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-04-11 11:23 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-04-11 11:23 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-04-11 11:23 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-04-11 11:23 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-04-11 11:23 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-04-11 11:23 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-04-11 11:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-04-11 11:18 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2011-04-11 11:18 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2011-04-11 11:15 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll

2011-04-11 11:15 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll

2011-04-11 01:52 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-04-11 01:52 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-04-11 01:52 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-04-11 01:52 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-04-11 01:52 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-04-10 23:07 . 2011-04-10 23:07 -------- d-----w- c:\program files\Common Files\Canon

2011-04-10 21:19 . 2011-04-10 21:19 -------- d--h--w- c:\programdata\CanonBJ

2011-04-10 21:19 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL

2011-04-10 17:57 . 2011-04-13 23:21 -------- d-----w- c:\program files (x86)\VstPlugins

2011-04-10 17:57 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll

2011-04-10 17:57 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\SysWow64\vorbis.acm

2011-04-10 17:56 . 2011-04-10 17:56 -------- d-----w- c:\program files (x86)\Outsim

2011-04-10 17:39 . 2011-04-10 17:57 -------- d-----w- c:\program files (x86)\Image-Line

2011-04-10 13:06 . 2011-04-10 13:06 -------- d-----w- c:\program files (x86)\Microsoft Games

2011-04-10 11:20 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-04-10 11:20 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-04-10 11:18 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2011-04-10 11:17 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe

2011-04-10 11:16 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-10 11:15 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-04-10 11:15 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-04-10 11:15 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-04-10 11:15 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-04-10 11:15 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-04-10 11:15 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-04-10 11:15 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-04-10 11:15 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-04-10 11:15 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-04-10 11:15 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-04-10 11:15 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll

2011-04-10 11:15 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2011-04-09 14:58 . 2010-12-31 08:36 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-04-09 14:58 . 2010-12-31 08:36 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-04-09 14:58 . 2010-12-31 08:36 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-04-09 14:42 . 2011-04-09 14:58 -------- d-----w- c:\programdata\PC Tools

2011-04-09 14:42 . 2011-04-09 15:00 -------- d-----w- C:\Spyware Doctor

2011-04-09 14:28 . 2011-04-09 14:28 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop

2011-04-09 14:22 . 2011-04-09 14:22 -------- d-----w- c:\programdata\ToshibaEurope

2011-04-09 14:22 . 2011-04-16 00:14 -------- d-----w- c:\users\Stephen

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-09 14:22 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-10 07:42 . 2011-03-10 07:42 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Voobly"="c:\program files (x86)\Voobly\voobly.exe" [2011-04-02 131072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe" [2010-03-04 243032]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]

.

c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"

.

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\e9vv59uh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll

BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll

Toolbar-Locked - (no file)

Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

Toolbar-Locked - (no file)

HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

AddRemove-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe

AddRemove-BitTorrentBar Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-04-18 12:15:07

ComboFix-quarantined-files.txt 2011-04-18 11:15

.

Pre-Run: 262,823,686,144 bytes free

Post-Run: 263,152,902,144 bytes free

.

- - End Of File - - 7C06115B407E2D27392B821F95915ABB

I also ran a dds scan as asked and here is the log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64 MINIMAL

Run by Stephen at 12:17:29.38 on 18/04/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.3085 [GMT 1:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

F:\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110410142135.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

uRun: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [<NO NAME>]

mRunOnce: [GrpConv] grpconv -o

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110410142134.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

mRun-x64: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\e9vv59uh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-7-7 283360]

R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-4-9 257232]

R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-4-9 452872]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-4-9 816016]

R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2011-4-9 65072]

R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2011-4-9 74824]

R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-3-10 20592]

S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-7-7 529128]

S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-7-7 75032]

S1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-4-9 334976]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-10 203264]

S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-4-9 247760]

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-3-10 1811456]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-10-19 200056]

S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-10-19 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-19 149032]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-10 7450624]

S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-10 268288]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-7-7 62800]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-7-7 190136]

S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-7-7 441328]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-7-7 94864]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-4-9 92896]

S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-3-10 35008]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-10 232992]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-19 344680]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-3-10 932384]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-9 366840]

S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-9 1156568]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]

S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2011-4-9 41888]

S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-10 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-11 1255736]

S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]

S4 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-04-18 11:17:26 -------- d-sh--w- C:\$RECYCLE.BIN

2011-04-18 11:06:29 98816 ----a-w- C:\Windows\sed.exe

2011-04-18 11:06:29 89088 ----a-w- C:\Windows\MBR.exe

2011-04-18 11:06:29 256512 ----a-w- C:\Windows\PEV.exe

2011-04-18 11:06:29 161792 ----a-w- C:\Windows\SWREG.exe

2011-04-18 11:06:23 -------- d-----w- C:\ComboFix

2011-04-15 21:59:48 -------- d-----w- C:\Users\Stephen\AppData\Roaming\WinBatch

2011-04-15 21:42:44 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Malwarebytes

2011-04-15 21:42:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-15 21:42:40 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-15 21:42:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-15 21:42:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-14 15:14:20 -------- d-----w- C:\Users\Stephen\AppData\Local\ElevatedDiagnostics

2011-04-14 15:11:59 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-14 15:11:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-14 01:23:18 -------- d-----w- C:\Program Files (x86)\Conduit

2011-04-14 01:23:08 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2011-04-14 01:21:57 -------- d-----w- C:\Users\Stephen\AppData\Roaming\BitTorrent

2011-04-13 23:22:03 -------- d-----w- C:\Program Files\Common Files\Digidesign

2011-04-13 23:19:25 -------- d-----w- C:\Program Files (x86)\Native Instruments

2011-04-13 23:19:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments

2011-04-13 21:58:44 -------- d-----w- C:\Users\Stephen\AppData\Local\Native Instruments

2011-04-13 02:38:13 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-04-13 02:38:13 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-04-13 02:38:07 3133440 ----a-w- C:\Windows\System32\win32k.sys

2011-04-13 02:38:02 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-04-13 02:38:01 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-04-13 02:38:01 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-04-13 02:38:00 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-04-13 02:35:21 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-04-13 02:35:21 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-04-13 02:35:20 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-04-12 22:41:53 -------- d-----w- C:\PROGRA~3\VirtualizedApplications

2011-04-12 20:31:08 -------- d-----w- C:\Users\Stephen\AppData\Local\SoftGrid Client

2011-04-12 20:31:05 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SoftGrid Client

2011-04-12 20:29:04 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2011-04-12 20:27:55 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TP

2011-04-12 11:04:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-04-11 15:36:29 -------- d-----w- C:\Windows\SysWow64\Wat

2011-04-11 15:36:28 -------- d-----w- C:\Windows\System32\Wat

2011-04-11 12:09:41 -------- d-----w- C:\Program Files (x86)\Voobly

2011-04-11 11:33:23 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-04-11 11:33:23 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-04-11 11:23:33 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-04-11 11:23:33 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-04-11 11:23:33 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-04-11 11:23:33 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-04-11 11:23:33 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-04-11 11:23:33 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-04-11 11:23:33 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-04-11 11:23:33 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-04-11 11:23:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-04-11 11:23:33 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-04-11 11:23:17 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2011-04-11 11:18:07 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2011-04-11 11:18:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-04-11 11:15:28 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2011-04-11 11:15:28 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2011-04-11 01:52:30 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-04-11 01:52:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-04-11 01:52:28 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-04-11 01:52:27 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-04-11 01:52:26 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-04-10 23:07:46 -------- d-----w- C:\Program Files\Common Files\Canon

2011-04-10 21:19:24 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL

2011-04-10 17:57:28 225280 ----a-w- C:\Windows\SysWow64\rewire.dll

2011-04-10 17:57:28 -------- d-----w- C:\Program Files (x86)\VstPlugins

2011-04-10 17:57:11 1294336 ----a-w- C:\Windows\SysWow64\vorbis.acm

2011-04-10 17:56:55 -------- d-----w- C:\Program Files (x86)\Outsim

2011-04-10 17:39:48 -------- d-----w- C:\Program Files (x86)\Image-Line

2011-04-10 13:16:23 -------- d-----w- C:\Users\Stephen\AppData\Local\Mozilla

2011-04-10 13:15:38 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

2011-04-10 13:06:07 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2011-04-10 11:20:10 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-04-10 11:20:10 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-04-10 11:18:59 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2011-04-10 11:17:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2011-04-10 11:16:35 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-10 11:15:57 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-04-10 11:15:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-04-10 11:15:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-04-10 11:15:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-04-10 11:15:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-04-10 11:15:57 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-04-10 11:15:56 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-04-10 11:15:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-04-10 11:15:56 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-04-10 11:15:56 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-04-10 11:15:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-04-10 11:15:48 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2011-04-09 15:54:25 -------- d-----w- C:\Users\Stephen\AppData\Local\Diagnostics

2011-04-09 14:58:12 74824 --s---w- C:\Windows\System32\drivers\TfSysMon.sys

2011-04-09 14:58:12 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys

2011-04-09 14:58:12 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys

2011-04-09 14:54:33 767952 ----a-w- C:\Windows\BDTSupport.dll

2011-04-09 14:54:32 2000848 ----a-w- C:\Windows\PCTBDCore.dll

2011-04-09 14:54:32 1533904 ----a-w- C:\Windows\PCTBDRes.dll

2011-04-09 14:54:32 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2011-04-09 14:46:56 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2011-04-09 14:46:56 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2011-04-09 14:46:55 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2011-04-09 14:46:55 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2011-04-09 14:46:52 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2011-04-09 14:46:48 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2011-04-09 14:46:43 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-04-09 14:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-04-09 14:42:42 -------- d-----w- C:\PROGRA~3\PC Tools

2011-04-09 14:42:17 -------- d-----w- C:\Spyware Doctor

2011-04-09 14:34:32 -------- d-----w- C:\Users\Stephen\AppData\Local\TOSHIBA_Corporation

2011-04-09 14:29:09 -------- d-----w- C:\Users\Stephen\AppData\Local\ATI

2011-04-09 14:28:33 -------- d-----w- C:\Users\Stephen\AppData\Local\VirtualStore

2011-04-09 14:28:29 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop

2011-04-09 14:28:17 -------- d-----w- C:\Users\Stephen\AppData\Local\Adobe

2011-04-09 14:28:04 -------- d-----w- C:\Users\Stephen\AppData\Local\Toshiba

.

==================== Find3M ====================

.

2011-03-10 07:42:10 20592 ----a-w- C:\Windows\System32\drivers\CeKbFilter.sys

2011-03-10 07:37:21 0 ----a-w- C:\Windows\ativpsrm.bin

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-01-26 06:52:25 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:52:25 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:28:16 144384 ----a-w- C:\Windows\System32\cdd.dll

.

============= FINISH: 12:17:45.34 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

This could be the source of your issues:

I notice that you are using more than one antivirus program in resident mode (Spyware Doctor and McAfee). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE malware to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Restart your computer and see if any of your issues are resolved.

Link to post
Share on other sites

Hello, Sorry for my delayed response i could not get to a computer with internet connection,

I have unistalled PC Tools so the only Antivirus software running now is Mcafee, The problems are still there.. When i try to activate my Windows Firewall by control panel> System and Security > Windows Firewall I get an error:

'Windows Firewall can't change some of your settings. Error code 0x8007042c'

The Mcafee Firewall says it is running though, but i still can't connect to the internet, it always connects through 'limited connection'

Thanks

Link to post
Share on other sites

Hello, Sorry for my delayed response i could not get to a computer with internet connection,

I have unistalled PC Tools so the only Antivirus software running now is Mcafee, The problems are still there.. When i try to activate my Windows Firewall by control panel> System and Security > Windows Firewall I get an error:

'Windows Firewall can't change some of your settings. Error code 0x8007042c'

The Mcafee Firewall says it is running though, but i still can't connect to the internet, it always connects through 'limited connection'

Thanks

Quick Update, Mcafee's firewall is now turning off..

Link to post
Share on other sites

  • Staff

Hi,

Why do you want to enable the Windows Firewall?

To troubleshoot, I would like you to uninstall McAfee. Next, download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

See if you can connect to the Internet now.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.