djmayes19

Think I am infected - installed but cant run malwarebytes

43 posts in this topic

Hi,

I think I am infected. I have installed Malwarebytes but it wont run. I have attaached the DDS and Attach files

I useMcAfee - and I think it all started with an error "Your computer is at risk..." and Real time scanning was turned off.

Hope someone can help.

Deb

attach.txt

dds.txt

Share this post


Link to post
Share on other sites

Hello Deb! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Ad-Aware Antivirus (Ad-Aware Security Add-on too) and to keep McAfee. Finally, please reboot your computer.

Step 2

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Malwarebytes Anti-Rootkit log
  • a new fresh DDS log

Share this post


Link to post
Share on other sites

It took some time, but the AdAware software is uninstalled. I tried to run mbam.exe in normal windows mode, but the update kept timing out. I have It running in safe mode now. It Is taking a long time, I just wanted you to know that it is running (I am writing this on my iPad)

Deb

Share this post


Link to post
Share on other sites

OK, this doesnt make any sense! It said there was nothing! But i found a mbar-log and a system-log. Both are listed below and

I did run dds.scr again, just in case something was changed.

***** Mbar log data **********

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.04.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Mayes :: MAYES-LAPTOP [administrator]

04/01/2013 4:00:01 PM

mbar-log-2013-01-04 (16-00-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 30084

Time elapsed: 30 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

***** System-log data **********

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_20

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 6350155776, free: 4395532288

------------ Kernel report ------------

01/04/2013 15:19:37

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\21932562.sys

\SystemRoot\system32\drivers\gfibto.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\MOBK.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\mfencbdc.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\McPvDrv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007955060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8005dd2050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Timeout

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_20

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 6350155776, free: 5124001792

------------ Kernel report ------------

01/04/2013 15:28:41

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\21932562.sys

\SystemRoot\system32\drivers\gfibto.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\cfwids.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80068c9060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8005d54050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2013.01.04.09

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80068c9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006719b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80068c9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005d4f950, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8005d54050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a002a77c70, 0xfffffa80068c9060, 0xfffffa8007f7d280

Lower DeviceData: 0xfffff8a001a18240, 0xfffffa8005d54050, 0xfffffa8008bdfb50

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 28972BA1

Partition information:

Partition 0 type is Other (0x27)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 3074048 Numsec = 1128826880

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 1131900928 Numsec = 47564800

Partition is not bootable

Hidden partition VBR is not infected.

Partition 3 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 1179465728 Numsec = 70798000

Partition is not bootable

Hidden partition VBR is not infected.

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

***** DDS data **********

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_20

Run by Mayes at 16:04:39 on 2013-01-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6056.5005 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\windows\system32\prevhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://go.bigpond.com/home/index.jsp

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

uRun: [WeatherEye] C:\Users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe

uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN22J1H2K405RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60

mRunOnce: [Z1] C:\Users\Mayes\Downloads\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{D55E6261-FA27-4C85-ADF0-A6EF034BFE32} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407}\140707C65602E4564777F627B602033363162333 : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407}\34963736F61303130393 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407}\35471627265736B6370275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407}\751434332353 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407}\D41697563784F6D656 : DHCPNameServer = 64.59.135.135 64.59.128.121

TCP: Interfaces\{DFD18292-31BE-4F8C-841A-721C95C14407}\D416975637D27657563747 : DHCPNameServer = 192.168.3.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://www.toshiba.ca/welcome

x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 21932562;21932562;C:\windows\System32\drivers\21932562.sys [2012-12-31 460888]

R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-1-3 14456]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-10-29 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-10-29 339776]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-8 220856]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-8 220856]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-12-8 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-12-8 177680]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-10-29 69672]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-10-29 515528]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-8 413800]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-8 1103464]

S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-1-3 23208]

S1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-12-8 66040]

S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-1-3 3084688]

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

S2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-1-8 162824]

S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-8 220856]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-31 103472]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-8 220856]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-8 220856]

S2 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2012-12-8 74120]

S2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2012-12-8 1007288]

S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-3 1103392]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-3 1369624]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-3 168384]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-7-26 92632]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-8 2656280]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-1-3 66320]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-19 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-12-8 197264]

S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-10-29 309400]

S3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2012-11-2 328976]

S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2012-11-2 97208]

S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-8 38096]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-8 250984]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-1-8 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]

S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-17 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-04 21:00:01 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-04 05:28:50 -------- d-----w- C:\Users\Mayes\AppData\Local\adawarebp

2013-01-04 03:37:39 -------- d-----w- C:\Users\Mayes\AppData\Roaming\EurekaLog

2013-01-04 03:24:35 -------- d-sh--w- C:\windows\System32\%APPDATA%

2013-01-04 02:35:04 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware

2013-01-04 02:30:39 -------- d-----w- C:\Program Files (x86)\stinger

2013-01-04 00:38:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-04 00:38:23 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2013-01-04 00:38:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-01-04 00:37:40 -------- d-----w- C:\Users\Mayes\AppData\Roaming\LavasoftStatistics

2013-01-04 00:37:08 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys

2013-01-04 00:36:28 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2013-01-04 00:36:03 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-01-03 21:51:55 -------- d-----w- C:\Program Files (x86)\Hope Malwarebytes' Anti-Malware

2013-01-03 04:27:43 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-03 04:27:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-03 04:27:24 -------- d-----w- C:\Users\Mayes\AppData\Local\Programs

2013-01-03 03:30:30 -------- d-----w- C:\perflogs

2013-01-02 21:56:14 -------- d-----w- C:\Users\Mayes\AppData\Local\Amazon

2013-01-02 17:43:39 -------- d-----w- C:\Users\Mayes\AppData\Local\{F346E0BE-5A14-4061-B184-3D1FCEA46444}

2013-01-02 16:46:31 -------- d-----w- C:\Users\Mayes\AppData\Local\{EF200C9E-3C15-442A-8E25-EBD50E1C94BE}

2013-01-02 04:44:47 -------- d-----w- C:\Users\Mayes\AppData\Local\{A0E92DB4-2D39-4BAF-A1F0-23920C5C6759}

2013-01-02 03:34:50 -------- d-----w- C:\Users\Mayes\AppData\Roaming\McAfee

2013-01-01 16:43:15 -------- d-----w- C:\Users\Mayes\AppData\Local\{C1808FF0-8953-4A1B-B2CA-E20195027900}

2013-01-01 01:47:22 460888 ----a-w- C:\windows\System32\drivers\21932562.sys

2012-12-31 22:06:32 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2012-12-31 22:05:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-31 22:05:33 -------- d-----w- C:\Program Files\iTunes

2012-12-31 22:05:33 -------- d-----w- C:\Program Files\iPod

2012-12-31 22:05:33 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-31 20:11:18 -------- d-----w- C:\ProgramData\SecTaskMan

2012-12-31 20:11:10 -------- d-----w- C:\Program Files (x86)\Security Task Manager

2012-12-31 18:34:58 -------- d-----w- C:\Users\Mayes\AppData\Local\{BF3DD721-4107-426B-BA36-A79F06CA4614}

2012-12-31 14:19:54 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-31 14:19:54 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-31 14:19:52 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-31 14:19:52 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-31 04:27:45 -------- d-----w- C:\Users\Mayes\AppData\Local\{26B3D08B-DB52-486C-8C48-600A3E543F53}

2012-12-13 14:47:27 -------- d-----w- C:\Users\Mayes\AppData\Local\{E16773F5-4959-4D46-82C4-63A431C3428A}

2012-12-13 02:45:18 -------- d-----w- C:\Users\Mayes\AppData\Local\{EA39C7F4-A0C6-45BA-9528-D36029D12897}

2012-12-12 19:53:21 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-12-12 19:50:49 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-12 19:50:49 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-12-12 14:43:03 -------- d-----w- C:\Users\Mayes\AppData\Local\{71775719-F3BB-4905-92E0-DB6BAB78AC12}

2012-12-12 02:40:43 -------- d-----w- C:\Users\Mayes\AppData\Local\{136053CB-46B8-4C3F-B624-12B1E8C29668}

2012-12-11 14:34:40 -------- d-----w- C:\Users\Mayes\AppData\Local\{1DF02D82-CBA7-4FA2-840B-2724B523A8EB}

2012-12-11 02:33:02 -------- d-----w- C:\Users\Mayes\AppData\Local\{A91C2BAE-4340-4B74-BDCC-D730377D2802}

2012-12-10 14:01:13 -------- d-----w- C:\Users\Mayes\AppData\Local\{FC705250-DAAC-4DCB-80F8-B605D3F30CA4}

2012-12-09 16:20:23 -------- d-----w- C:\Users\Mayes\AppData\Local\{1EC8C74D-9F3D-49AB-874B-CA0D8F7BCCD4}

2012-12-09 04:18:40 -------- d-----w- C:\Users\Mayes\AppData\Local\{EF44E3E1-A0AA-4D91-BAD4-B74100B7AFB5}

2012-12-08 20:14:49 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK

2012-12-08 20:14:36 66040 ----a-w- C:\windows\System32\drivers\MOBK.sys

2012-12-08 20:14:32 197264 ----a-w- C:\windows\System32\drivers\HipShieldK.sys

2012-12-08 20:14:08 74120 ----a-w- C:\windows\System32\drivers\McPvDrv.sys

2012-12-08 20:14:08 -------- d-----w- C:\Users\Mayes\AppData\Local\McAfee File Lock

2012-12-08 20:13:46 -------- d-----w- C:\Program Files (x86)\McAfee.com

2012-12-08 20:13:40 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2012-12-08 20:13:27 177680 ----a-w- C:\windows\System32\mfevtps.exe

2012-12-08 20:13:14 -------- d-----w- C:\Program Files\McAfee.com

2012-12-08 20:13:14 -------- d-----w- C:\Program Files\McAfee

2012-12-08 20:13:12 -------- d-----w- C:\Program Files (x86)\McAfee

2012-12-08 15:58:58 -------- d-----w- C:\Users\Mayes\AppData\Local\{2522773F-558E-4B04-B061-520D7341F70C}

2012-12-08 03:02:03 -------- d-----w- C:\Users\Mayes\AppData\Local\{58DAAD31-0C47-4441-8B30-F99883306AE4}

2012-12-07 14:42:29 -------- d-----w- C:\Users\Mayes\AppData\Local\{19A81A95-DAC0-4986-BFB6-CD0B9A50DE20}

2012-12-07 02:40:42 -------- d-----w- C:\Users\Mayes\AppData\Local\{E4CA15E1-AF14-4CC6-910F-DBA3F80F1C86}

2012-12-06 14:35:55 -------- d-----w- C:\Users\Mayes\AppData\Local\{EE9BDF02-42E1-488E-8EB5-29192FB90948}

2012-12-06 02:34:08 -------- d-----w- C:\Users\Mayes\AppData\Local\{7D3B90B6-4F11-4F93-90F5-21EFEA1B3DC7}

.

==================== Find3M ====================

.

2012-12-11 21:06:02 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 21:06:02 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 13:40:24 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys

2012-11-09 13:37:42 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2012-11-09 13:35:50 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2012-11-09 13:34:58 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2012-11-09 13:34:18 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2012-11-09 13:33:58 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 08:46:50 97208 ----a-w- C:\windows\System32\drivers\mfencrk.sys

2012-11-02 08:46:50 328976 ----a-w- C:\windows\System32\drivers\mfencbdc.sys

2012-11-02 08:46:50 10544 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys

2012-10-20 19:25:40 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-10-20 19:25:40 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 16:05:20.12 ===============

******

Share this post


Link to post
Share on other sites

Please re-run your Malwarebytes Anti-Rootkit in Normal mode, just in case. Thanks!

Share this post


Link to post
Share on other sites

Maniac,

How can I tell if the scan is hung? Is has seat on scanning C:\windows\system32\hpzisn12.dll for over 10 mins.

Deb

Share this post


Link to post
Share on other sites

Maniac,

The system crashed. Got a blue screen with dos text, but by the time I got a pen it was rebooting. I am informal mode, turned off Internet and am trying to run again. I note there a bit of a delay between clicking run as admin and the actual program opening. :(

Share this post


Link to post
Share on other sites

Hi maniac,

I am not able to run in normal windows!! I can do Drivers and Sectors as separate runs, and they are clean. But when I do Ysytem, it just seems to freeze. And I can't do anything, if I try to open explorer, it gets a green build bar along the top and does not open. Even ctl+alt+del don't work! I have to manually power down. I am now truing to run the System scan again in safe mode - just to see if it will rok. I really don't know what to do!

Deb

Share this post


Link to post
Share on other sites

Hi maniac,

I left it running over night. Woke up to see it still sitting on C:\ windows\syswow64\com\comempty.dat. I tried ctl + alt +del to open task mgr to check processes, it was very slow to go to the windows, and again slow to,open task manager. When I look at performance, the CPU was not running, until I opened task manager. There is nothing to see on the graphs. I see mbam.exe is at 113k ink the memory, I tried to use the snipping tool to get the processes for you - it just froze.

Any ideas?

Deb

Share this post


Link to post
Share on other sites

Oh no - finally got a response back and the CPU usage is all over the place!! Huge up and downs. Yet I can't do anything. The memory is showing a solid 2.32 Gig and now Task Manager is not responding. Do I reboot?

Deb

Share this post


Link to post
Share on other sites

Reboot and then boot in Safe mode with Networking:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

Took awhile to reboot -sorry.\I disabled McAfee (virus and firwall) - but the ComboFix told me they were running. I doubled checked, but it was all red ad turned off. the log is as follows:

ComboFix 13-01-05.01 - Mayes 05/01/2013 8:40.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6056.5189 [GMT -7:00]

Running from: c:\users\Mayes\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe

.

----- File Replicators -----

.

c:\programdata\Adobe\Reader\9.3\ARM\11597\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\11597\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\11597\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\12051\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\12051\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\12051\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\2450\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\2450\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\2450\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\24662\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\24662\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\24662\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\25414\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\25414\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\25414\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\26049\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\26049\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\26049\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\11597\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\11597\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\11597\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\12051\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\12051\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\12051\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\2450\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\2450\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\2450\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\24662\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\24662\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\24662\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\25414\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\25414\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\25414\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\26049\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\26049\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\26049\ReaderUpdater.exe

c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))

.

.

2013-01-05 15:46 . 2013-01-05 15:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C45AC485-C15C-4BA6-AFF1-75055510B802}\offreg.dll

2013-01-05 15:46 . 2013-01-05 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 03:28 . 2013-01-05 03:28 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-01-05 03:28 . 2013-01-05 03:28 150640 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-04 23:36 . 2012-11-19 08:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C45AC485-C15C-4BA6-AFF1-75055510B802}\mpengine.dll

2013-01-04 21:00 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-04 05:28 . 2013-01-04 05:29 -------- d-----w- c:\users\Mayes\AppData\Local\adawarebp

2013-01-04 03:37 . 2013-01-04 03:38 -------- d-----w- c:\users\Mayes\AppData\Roaming\EurekaLog

2013-01-04 03:24 . 2013-01-04 03:24 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-01-04 02:35 . 2013-01-04 22:26 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware

2013-01-04 02:30 . 2013-01-04 17:34 -------- d-----w- c:\program files (x86)\stinger

2013-01-04 00:38 . 2013-01-04 03:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-04 00:38 . 2009-01-25 19:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2013-01-04 00:38 . 2013-01-04 00:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-01-04 00:37 . 2013-01-04 00:37 -------- d-----w- c:\users\Mayes\AppData\Roaming\LavasoftStatistics

2013-01-04 00:37 . 2013-01-04 04:09 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-01-04 00:36 . 2013-01-04 05:27 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2013-01-04 00:36 . 2013-01-04 00:36 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-01-03 21:51 . 2013-01-03 21:52 -------- d-----w- c:\program files (x86)\Hope Malwarebytes' Anti-Malware

2013-01-03 04:27 . 2013-01-03 04:27 -------- d-----w- c:\programdata\Malwarebytes

2013-01-03 04:27 . 2013-01-04 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-03 04:27 . 2013-01-03 04:27 -------- d-----w- c:\users\Mayes\AppData\Local\Programs

2013-01-03 03:37 . 2012-11-28 22:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2013-01-03 03:30 . 2013-01-03 03:30 -------- d-----w- C:\perflogs

2013-01-02 21:56 . 2013-01-02 21:56 -------- d-----w- c:\users\Mayes\AppData\Local\Amazon

2013-01-02 03:34 . 2013-01-02 03:34 -------- d-----w- c:\users\Mayes\AppData\Roaming\McAfee

2013-01-01 01:47 . 2013-01-01 12:12 460888 ----a-w- c:\windows\system32\drivers\21932562.sys

2012-12-31 22:06 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\program files\iTunes

2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\program files (x86)\iTunes

2012-12-31 22:05 . 2012-12-31 22:05 -------- d-----w- c:\program files\iPod

2012-12-31 22:04 . 2012-12-31 22:04 -------- d-----w- c:\program files\Common Files\Apple

2012-12-31 20:11 . 2012-12-31 22:22 -------- d-----w- c:\programdata\SecTaskMan

2012-12-31 20:11 . 2012-12-31 20:11 -------- d-----w- c:\program files (x86)\Security Task Manager

2012-12-31 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-31 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-31 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-31 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 19:54 . 2012-11-14 05:59 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-12-12 19:53 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 19:50 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 19:50 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-08 20:14 . 2010-04-14 03:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys

2012-12-08 20:14 . 2012-05-28 17:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys

2012-12-08 20:14 . 2012-12-08 20:14 -------- d-----w- c:\users\Mayes\AppData\Local\McAfee File Lock

2012-12-08 20:14 . 2012-10-19 16:51 74120 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

2012-12-08 20:13 . 2012-12-08 20:13 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2012-12-08 20:13 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-12-08 20:13 . 2012-12-31 14:33 -------- d-----w- c:\program files\McAfee

2012-12-08 20:13 . 2013-01-02 03:33 -------- d-----w- c:\program files (x86)\McAfee

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-11 21:06 . 2012-06-22 23:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 21:06 . 2012-06-22 23:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-09 13:40 . 2012-10-29 15:30 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 13:37 . 2012-10-29 15:27 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 13:35 . 2012-10-29 15:25 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 13:34 . 2012-10-29 15:24 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 13:34 . 2012-10-29 15:23 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 13:33 . 2012-10-29 15:23 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 08:46 . 2012-11-02 08:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2012-11-02 08:46 . 2012-11-02 08:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2012-11-02 08:46 . 2012-11-02 08:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2012-10-20 19:25 . 2012-08-27 00:01 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-20 19:25 . 2011-02-18 08:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38 . 2012-11-28 13:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:57 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 14:05 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 14:05 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 14:05 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 14:05 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-10-18 3364264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\Mayes\Downloads\mbar-1.01.0.1011\mbar\mbar.exe" [2012-12-04 1342312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]

R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-12-13 3084688]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]

R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

R2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120]

R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]

R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-05-01 66320]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-01-05 36680]

R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-01-05 150640]

R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-17 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 21932562;21932562;c:\windows\system32\DRIVERS\21932562.sys [2013-01-01 460888]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-04 14456]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-03 1103464]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 21:06]

.

2013-01-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-04 21:08]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 23:44]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 23:44]

.

2013-01-04 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-04 21:07]

.

2013-01-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-01-04 21:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11775592]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://go.bigpond.com/home/index.jsp

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-WeatherEye - c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Notify-SDWinLogon - SDWinLogon.dll

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

AddRemove-The Weather Network - c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-05 08:48:34

ComboFix-quarantined-files.txt 2013-01-05 15:48

.

Pre-Run: 482,851,115,008 bytes free

Post-Run: 482,219,859,968 bytes free

.

- - End Of File - - C8353CE314639D6C283F30A7301FAA9C

thanks Deb

Share this post


Link to post
Share on other sites

Not sure I'd this is related, but after running that, I rebooted back to safe mode with networking. I was waiting for the next step, then the pc flashed a mcafee warning, the pc is at risk and real time scanning is now turned off. I will turn off the pc and monitor your next step via my iPad. I do note that the shut down is now much quicker, so hopefully this is getting better.

Thanks for your help, a very worried

Deb

Share this post


Link to post
Share on other sites

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

So frustrating!!! It got to 3 h 40 something and 99% done. I did find one threat something Open Camdy (which doesn't appear too bad). It did freeze a fees times, and seemed to wake up when I clicked back to the download page. Then it is topped, so I clicked to the download page thinking it would go again, only it disappeared and now I have the ie screen not respnding cannot curl alt del, so I have to manually stud own.

Next suggestion?

Deb

Share this post


Link to post
Share on other sites

Your system seems not to be infected. Please temporarily uninstall McAfee, reboot and let me know how are things then.

Share this post


Link to post
Share on other sites

OK, it took awhile but McAfee uninstalled. The laptop seems to back to normal, though still a bit slow. It took about 18 secs to open IE, it should be about 10. But I can navigate to different pages easily, it wasn't doing that.

I can open control panel and Windows Explorer, but this is very slow! It shows the icons as white pages, and then the URL line builds green as it "thinks" about that to display. The white pages slowly show as the icons. That is not normal, it normally just goes to show all the contents. Been on a few minutes, and now ctl alt del is slow to bring up the menu, and no task manager comes after selecting it. Finally got task manager up, performance all over the plce, and only up for 10 mins.

Here are the processes if that helps (not sure it worked)

Are we on the way to recovery? Thank you for your help, hope we get it all better,

Deb :)

Share this post


Link to post
Share on other sites

Ok, things are better. I tried to reinstall mcafee and it all died again. So there must be some conflicts with my win 7 setup and the mcafee. What anti virus do you recommend in the short term?

Share this post


Link to post
Share on other sites

You can find good suggestions here:

http://users.telenet.be/bluepatchy/miekiemoes/Links.html#AntiVirus%20Scanners

Choose one, install it, make sure is up-to-date and perform a full system scan. Let me know.

Your system seems clean, so these tips are good in your case too:

http://forums.malwarebytes.org/index.php?showtopic=81990

Perform all of them and let me know.

Share this post


Link to post
Share on other sites

Running and got

Error optimizing registry hive

HKEY_LOCAL_MACHINE\BCD00000000 !

Continue with the next hive? (I clicked yes)

Share this post


Link to post
Share on other sites

Had the one hiccup with the registry optimizer (which was expected). Cleaner ran. I rebooted, IE only took 7 secs to open. Then ran ATF Cleaner, I only it never opened. I get the turning circle near the pointer, but nothing opens. Task Manager shows no application. This us what happened with Malwarebytes! I haven't tried that as you have not asked me to again.

The system restore setting on my laptop was 2%, I changed it to 3

I ran chkdsk, there were 4 bad sectors.

Disk defrag currently running.

Thanks so much for your help. Hopefully it will behave now, and I will regularly run the defrag and reg checks.

Deb

Share this post


Link to post
Share on other sites

Check what is the situation with Malwarebyes' Anti-Malware too. Let me know.

Share this post


Link to post
Share on other sites

After all that testin, and the laptop is runniong better, I still cant get Malware to run!!!

I have uninstalled and reinstalled - leaving the launch ticked, and the setup icon just stays at the bottom tray - but nothing opens. If I ctl alt del - it says that setup is running!

Ah, gotta love this :)

Deb

Share this post


Link to post
Share on other sites

OK - so the systems seems better. It isnt hanging like it was, but IE stills takes about 20 - 30 secs to open and display a page. It was about 10-15 secs. I still cant run Malware - and this does bother me!

I have unistalled nearly every program not used. I uninstalled Malware and re-installed. I just get the setup box sitting at the bottom. I am leaving it for about 10 mins, but I assum it would not take that long to show the box and start the app. Is there something else I should do? I bought this Toshiba about 6 months ago - I dont have a Windows 7 disk. I dont mind re-installing if I have to - but not sure how to (as I dont have any original disks).

A perplexed

Deb :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.