Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 · (Edited)
So i have a virus/malware which seems to disable my firewall.. (when i turn it back on it disables within a few seconds) It has also somehow overridden my administrator rights and i am unable to perform any tasks which require the user being an administrator..

I can't load any .exe or application files unless i launch the laptop in safe mode, so the following scans where performed in safe mode.

I also cannot connect to the internet via wireless or anything.. (i wouldn't want to anyway because my firewall if disabled)

Here is the DDS Scan (Run in Safe Mode):

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 MINIMAL
Run by Stephen at 1:07:08.20 on 16/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.3159 [GMT 1:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\gmer.exe
C:\Windows\system32\DllHost.exe
F:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://toshiba.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110410142135.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110410142134.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\e9vv59uh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-7-7 283360]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-4-9 257232]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-4-9 452872]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-4-9 816016]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2011-4-9 65072]
R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2011-4-9 74824]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-3-10 20592]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-7-7 529128]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-7-7 75032]
S1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-4-9 334976]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-10 203264]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-4-9 247760]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-3-10 1811456]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
S2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-10-19 200056]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-10-19 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-19 149032]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-9 366840]
S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-9 1156568]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-10 7450624]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-10 268288]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-7-7 62800]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-7-7 190136]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-7-7 441328]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-7-7 94864]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-4-9 92896]
S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-3-10 35008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-10 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-19 344680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-3-10 932384]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2011-4-9 41888]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-10 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-11 1255736]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-15 21:59:48 -------- d-----w- C:\Users\Stephen\AppData\Roaming\WinBatch
2011-04-15 21:42:44 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Malwarebytes
2011-04-15 21:42:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-15 21:42:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-15 21:42:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-15 21:42:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-14 15:14:20 -------- d-----w- C:\Users\Stephen\AppData\Local\ElevatedDiagnostics
2011-04-14 15:11:59 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-14 15:11:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-14 01:23:18 -------- d-----w- C:\Program Files (x86)\Conduit
2011-04-14 01:23:08 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-04-14 01:22:55 -------- d-----w- C:\Program Files (x86)\BitTorrentBar
2011-04-14 01:22:31 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-04-14 01:21:57 -------- d-----w- C:\Users\Stephen\AppData\Roaming\BitTorrent
2011-04-13 23:22:03 -------- d-----w- C:\Program Files\Common Files\Digidesign
2011-04-13 23:19:25 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-04-13 23:19:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2011-04-13 21:58:44 -------- d-----w- C:\Users\Stephen\AppData\Local\Native Instruments
2011-04-13 02:38:13 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-04-13 02:38:13 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-04-13 02:38:07 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-04-13 02:38:02 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-13 02:38:01 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-13 02:38:01 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-13 02:38:00 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-13 02:35:21 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-13 02:35:21 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-13 02:35:20 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-12 22:41:53 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2011-04-12 20:31:08 -------- d-----w- C:\Users\Stephen\AppData\Local\SoftGrid Client
2011-04-12 20:31:05 -------- d-----w- C:\Users\Stephen\AppData\Roaming\SoftGrid Client
2011-04-12 20:29:04 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-04-12 20:27:55 -------- d-----w- C:\Users\Stephen\AppData\Roaming\TP
2011-04-12 11:04:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-04-11 15:36:29 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-11 15:36:28 -------- d-----w- C:\Windows\System32\Wat
2011-04-11 12:09:41 -------- d-----w- C:\Program Files (x86)\Voobly
2011-04-11 11:33:23 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-04-11 11:33:23 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-04-11 11:23:33 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-04-11 11:23:33 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-04-11 11:23:33 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-04-11 11:23:33 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-04-11 11:23:33 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-04-11 11:23:33 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-04-11 11:23:33 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-04-11 11:23:33 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-04-11 11:23:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-04-11 11:23:33 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-04-11 11:23:17 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-04-11 11:18:07 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-04-11 11:18:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-04-11 11:15:28 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-04-11 11:15:28 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-04-11 01:52:30 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-04-11 01:52:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-04-11 01:52:28 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-04-11 01:52:27 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-04-11 01:52:26 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-04-10 23:07:46 -------- d-----w- C:\Program Files\Common Files\Canon
2011-04-10 21:19:24 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2011-04-10 17:57:28 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2011-04-10 17:57:28 -------- d-----w- C:\Program Files (x86)\VstPlugins
2011-04-10 17:57:11 1294336 ----a-w- C:\Windows\SysWow64\vorbis.acm
2011-04-10 17:56:55 -------- d-----w- C:\Program Files (x86)\Outsim
2011-04-10 17:39:48 -------- d-----w- C:\Program Files (x86)\Image-Line
2011-04-10 13:16:23 -------- d-----w- C:\Users\Stephen\AppData\Local\Mozilla
2011-04-10 13:15:38 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-04-10 13:06:07 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-04-10 11:20:10 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-04-10 11:20:10 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-04-10 11:18:59 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-04-10 11:17:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-04-10 11:16:35 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-10 11:15:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-04-10 11:15:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-04-10 11:15:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-04-10 11:15:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-04-10 11:15:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-04-10 11:15:57 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-04-10 11:15:56 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-04-10 11:15:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-04-10 11:15:56 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-04-10 11:15:56 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-04-10 11:15:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-04-10 11:15:48 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-04-09 15:54:25 -------- d-----w- C:\Users\Stephen\AppData\Local\Diagnostics
2011-04-09 14:58:12 74824 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2011-04-09 14:58:12 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2011-04-09 14:58:12 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2011-04-09 14:54:33 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-04-09 14:54:32 2000848 ----a-w- C:\Windows\PCTBDCore.dll
2011-04-09 14:54:32 1533904 ----a-w- C:\Windows\PCTBDRes.dll
2011-04-09 14:54:32 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-04-09 14:46:56 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-04-09 14:46:56 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-04-09 14:46:55 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-04-09 14:46:55 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-04-09 14:46:52 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-04-09 14:46:48 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-04-09 14:46:43 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-04-09 14:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-04-09 14:42:42 -------- d-----w- C:\PROGRA~3\PC Tools
2011-04-09 14:42:17 -------- d-----w- C:\Spyware Doctor
2011-04-09 14:34:32 -------- d-----w- C:\Users\Stephen\AppData\Local\TOSHIBA_Corporation
2011-04-09 14:29:09 -------- d-----w- C:\Users\Stephen\AppData\Local\ATI
2011-04-09 14:28:33 -------- d-----w- C:\Users\Stephen\AppData\Local\VirtualStore
2011-04-09 14:28:29 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop
2011-04-09 14:28:17 -------- d-----w- C:\Users\Stephen\AppData\Local\Adobe
2011-04-09 14:28:04 -------- d-----w- C:\Users\Stephen\AppData\Local\Toshiba
.
==================== Find3M ====================
.
2011-03-10 07:42:10 20592 ----a-w- C:\Windows\System32\drivers\CeKbFilter.sys
2011-03-10 07:37:21 0 ----a-w- C:\Windows\ativpsrm.bin
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-01-26 06:52:25 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:52:25 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:28:16 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 1:07:21.52 ===============


Here is the MalwareBytes Log (Safe Mode)

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5363

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

15/04/2011 23:13:34
mbam-log-2011-04-15 (23-13-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 301093
Time elapsed: 29 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It seems the Software found an infected file.. but none the less the symptoms are still there when i log in normally.

I know Bit Torrent is installed but its a brand new laptop, Bit Torrent can be used legally in my case and it doesn't work because it's blocked by my firewall.



I hope you guys can help me =/
 

Attachments

·
Registered
Joined
·
14 Posts
Discussion Starter · #2 ·
Also when i try and update malwarebytes i get an error 'An error has occurred. Please report this error code to our support team. PROGRAM_ERROR_UPDATING (12007,0, WinHttpSendRequest)

The error i get when trying to load .exe files is this:

'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.'

Same error happens when i try to perform simple administrative tasks.. Either i get the error or nothing happens.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top