Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

have a rootkit and nginx virus & google keeps redirecting


  • This topic is locked This topic is locked
3 replies to this topic

#1 mikekciboxing

mikekciboxing

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 24 July 2012 - 07:35 AM

i have ran a lot of different scanners to get rid of this problem i think i have keyloggers a rootkit and Trojans i also get redirect to a screen that say welcome to nginx here are my hijack this and dds reports pls some one help me ....

DDS:.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by FEAR666 at 8:22:04 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2189 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\rundll32.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\FEAR666\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\14E64627F69646140563733393 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\4394245413 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\46F6A6F623 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\66D676D286F6D656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\C696E6B6379737 : DhcpNameServer = 68.105.28.17 68.105.29.17
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\D4162716E646F6C616 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{25939F3B-55AF-47BB-9CDB-830BFC842C2A}\D6564727F6B69616 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FEAR666\AppData\Roaming\Mozilla\Firefox\Profiles\azhtr2b5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.membersolutions.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\FEAR666\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\FEAR666\AppData\Roaming\Mozilla\Firefox\Profiles\azhtr2b5.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: C:\Users\FEAR666\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\FEAR666\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys --> C:\windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-20 135608]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-20 2009704]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-20 126392]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-20 2656280]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\SBFWIM.sys --> C:\windows\system32\DRIVERS\SBFWIM.sys [?]
R3 stdriver;SoundTap Filter Driver v6.04.00;C:\windows\system32\DRIVERS\stdriverx64.sys --> C:\windows\system32\DRIVERS\stdriverx64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-20 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-20 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-31 250056]
S3 enecir;ENE CIR Receiver;C:\windows\system32\DRIVERS\enecir.sys --> C:\windows\system32\DRIVERS\enecir.sys [?]
S3 enecirhid;ENE CIR HID Receiver;C:\windows\system32\DRIVERS\enecirhid.sys --> C:\windows\system32\DRIVERS\enecirhid.sys [?]
S3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\system32\DRIVERS\enecirhidma.sys --> C:\windows\system32\DRIVERS\enecirhidma.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-20 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\windows\system32\DRIVERS\sbfwim.sys --> C:\windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\windows\system32\DRIVERS\sbwtis.sys --> C:\windows\system32\DRIVERS\sbwtis.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-24 12:13:25 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85654C3F-9681-497F-92AD-35BFCA39383D}\offreg.dll
2012-07-24 12:10:44 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85654C3F-9681-497F-92AD-35BFCA39383D}\mpengine.dll
2012-07-23 12:19:33 -------- d-----w- C:\Users\FEAR666\AppData\Roaming\Malwarebytes
2012-07-23 12:19:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-23 12:19:18 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-23 12:19:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 20:08:32 -------- d-----w- C:\Users\FEAR666\AppData\Local\Tific
2012-07-19 18:27:45 -------- d-----w- C:\Users\FEAR666\AppData\Local\adaware
2012-07-19 18:23:52 -------- d-----w- C:\Users\FEAR666\AppData\Local\Downloaded Installations
2012-07-16 17:58:50 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-16 17:58:33 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-16 17:58:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-16 17:58:19 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-12 17:00:01 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 12:25:30 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-07-10 12:09:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-08 23:39:43 -------- d-sh--w- C:\windows\System32\%APPDATA%
2012-07-08 23:26:28 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-07-08 23:26:22 60536 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-07-08 23:26:14 57976 ----a-w- C:\windows\System32\drivers\sbredrv.sys
2012-07-08 23:26:14 45936 ----a-w- C:\windows\System32\sbbd.exe
2012-07-08 23:26:14 256632 ----a-w- C:\windows\System32\drivers\SbFw.sys
2012-07-08 23:26:14 119416 ----a-w- C:\windows\System32\drivers\SbFwIm.sys
2012-07-08 23:26:13 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-08 23:25:05 -------- d-----w- C:\Users\FEAR666\AppData\Roaming\Ad-Aware Antivirus
2012-07-08 23:15:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-08 23:15:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-07 11:20:04 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-05 23:38:16 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-05 23:38:16 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-05 16:33:40 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-07-05 16:33:26 -------- d-----w- C:\Program Files\DivX
2012-07-05 16:33:22 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-07-05 16:33:04 -------- d-----w- C:\Program Files (x86)\DivX
2012-07-05 16:32:29 -------- d-----w- C:\ProgramData\DivX
2012-07-05 15:40:49 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-05 15:40:37 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-05 15:40:28 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-05 15:40:20 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-02 13:09:38 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-01 12:52:02 29976 ----a-w- C:\windows\System32\drivers\stdriverx64.sys
2012-07-01 12:52:02 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-07-01 12:51:59 -------- d-----w- C:\Users\FEAR666\AppData\Roaming\NCH Software
2012-06-25 00:46:59 -------- d-----w- C:\Users\FEAR666\AppData\Local\Wild Tangent
.
==================== Find3M ====================
.
2012-07-12 02:21:09 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 02:21:09 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-04 23:29:22 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-05-04 23:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 8:22:57.69 ===============


HIJACKTHIS REPORT : Logfile of HijackThis v1.99.1
Scan saved at 10:19:36 PM, on 7/23/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\FEAR666\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\FEAR666\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Attached Files



BC AdBot (Login to Remove)

 


#2 mikekciboxing

mikekciboxing
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 24 July 2012 - 07:38 AM

and here is a log file of a MBRcheck : MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite P755
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 206):
0x02E01000 \SystemRoot\system32\ntoskrnl.exe
0x033E9000 \SystemRoot\system32\hal.dll
0x00BD1000 \SystemRoot\system32\kdcom.dll
0x00C48000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C97000 \SystemRoot\system32\PSHED.dll
0x00CAB000 \SystemRoot\system32\CLFS.SYS
0x00D09000 \SystemRoot\system32\CI.dll
0x00E6B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F0F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F1E000 \SystemRoot\system32\drivers\ACPI.sys
0x00F75000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F7E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F88000 \SystemRoot\system32\drivers\pci.sys
0x00FBB000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FC8000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x00FD7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FEC000 \SystemRoot\system32\drivers\compbatt.sys
0x00E00000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys
0x0103C000 \SystemRoot\System32\drivers\volmgrx.sys
0x01098000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010B9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01244000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01398000 \SystemRoot\system32\drivers\atapi.sys
0x013A1000 \SystemRoot\system32\drivers\ataport.SYS
0x013CB000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013D6000 \SystemRoot\system32\drivers\amdxata.sys
0x010C9000 \SystemRoot\system32\drivers\fltmgr.sys
0x013E1000 \SystemRoot\system32\drivers\fileinfo.sys
0x0145B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01115000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01173000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01604000 \SystemRoot\system32\drivers\ndis.sys
0x016F7000 \SystemRoot\system32\drivers\NETIO.SYS
0x01757000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01869000 \SystemRoot\System32\drivers\tcpip.sys
0x01A6C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AB6000 \SystemRoot\system32\drivers\volsnap.sys
0x01B02000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01B07000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01B81000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x01B83000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x01B8F000 \SystemRoot\System32\Drivers\spldr.sys
0x01B97000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BD1000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x01BD6000 \SystemRoot\System32\Drivers\mup.sys
0x01BE8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\drivers\disk.sys
0x01781000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x03FBE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03FE8000 \SystemRoot\System32\Drivers\Null.SYS
0x03FF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x03E00000 \??\C:\windows\system32\drivers\SBREdrv.sys
0x03E12000 \SystemRoot\System32\drivers\vga.sys
0x03E20000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03E45000 \SystemRoot\System32\drivers\watchdog.sys
0x0185E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BF1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017B1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017BA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017C5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017D6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01436000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x040AB000 \SystemRoot\system32\drivers\SbFw.sys
0x04111000 \SystemRoot\system32\drivers\afd.sys
0x0419A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x041DF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04000000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04026000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0403C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0404B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04066000 \SystemRoot\system32\drivers\termdd.sys
0x0461F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04670000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0467C000 \SystemRoot\system32\drivers\mssmbios.sys
0x04687000 \SystemRoot\System32\drivers\discache.sys
0x04696000 \SystemRoot\System32\Drivers\dfsc.sys
0x046B4000 \SystemRoot\system32\drivers\blbdrive.sys
0x046C5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0F24C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FEBD000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FEBF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FFB3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0AC08000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0B7B3000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0B7C4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x046EB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0B7D5000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04741000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02E57000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
0x02FC4000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02E00000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x0F200000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x02E2F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02E31000 \SystemRoot\system32\drivers\CmBatt.sys
0x02E36000 \SystemRoot\system32\drivers\i8042prt.sys
0x04E22000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04F81000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04F90000 \SystemRoot\system32\DRIVERS\CeKbFilter.sys
0x04F9B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04FAA000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04FB4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04FC1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04FCA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04FE0000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x04FE7000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x047A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04E16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x047CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0F231000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0407A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04600000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x01200000 \SystemRoot\system32\DRIVERS\SBFWIM.sys
0x04FF7000 \SystemRoot\system32\drivers\swenum.sys
0x00E21000 \SystemRoot\system32\drivers\ks.sys
0x041E8000 \SystemRoot\system32\DRIVERS\circlass.sys
0x01443000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05244000 \SystemRoot\system32\drivers\usbhub.sys
0x0529E000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x052B7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06066000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06301000 \SystemRoot\system32\drivers\portcls.sys
0x0633E000 \SystemRoot\system32\drivers\drmk.sys
0x06360000 \SystemRoot\system32\drivers\ksthunk.sys
0x06366000 \SystemRoot\system32\DRIVERS\stdriverx64.sys
0x06370000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x063C3000 \SystemRoot\System32\drivers\Dxapi.sys
0x063CF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x063DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06000000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0602E000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00980000 \SystemRoot\System32\ATMFD.DLL
0x06036000 \SystemRoot\system32\drivers\luafv.sys
0x052CC000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x052E7000 \SystemRoot\system32\drivers\WudfPf.sys
0x05308000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0531D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05370000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05383000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03E55000 \SystemRoot\system32\drivers\HTTP.sys
0x0539B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x053B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x053D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03F1E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A293000 \SystemRoot\system32\drivers\peauth.sys
0x0A339000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A344000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A375000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A387000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A6EF000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A787000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0A7DC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0BE6F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0BFC3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0BE55000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0BFD6000 \SystemRoot\system32\DRIVERS\point64.sys
0x77750000 \Windows\System32\ntdll.dll
0x47F50000 \Windows\System32\smss.exe
0xFFA70000 \Windows\System32\apisetschema.dll
0xFF6C0000 \Windows\System32\autochk.exe
0xFECD0000 \Windows\System32\shell32.dll
0xFECA0000 \Windows\System32\imm32.dll
0xFEC40000 \Windows\System32\Wldap32.dll
0xFEBA0000 \Windows\System32\comdlg32.dll
0xFEB20000 \Windows\System32\shlwapi.dll
0x77540000 \Windows\System32\iertutil.dll
0x77420000 \Windows\System32\kernel32.dll
0x77320000 \Windows\System32\user32.dll
0xFEA40000 \Windows\System32\advapi32.dll
0xFEA30000 \Windows\System32\lpk.dll
0xFE990000 \Windows\System32\msvcrt.dll
0x77920000 \Windows\System32\normaliz.dll
0x771D0000 \Windows\System32\urlmon.dll
0xFE880000 \Windows\System32\msctf.dll
0xFE7E0000 \Windows\System32\clbcatq.dll
0xFE760000 \Windows\System32\difxapi.dll
0xFE690000 \Windows\System32\usp10.dll
0xFE5B0000 \Windows\System32\oleaut32.dll
0xFE590000 \Windows\System32\imagehlp.dll
0xFE3B0000 \Windows\System32\setupapi.dll
0xFE3A0000 \Windows\System32\nsi.dll
0xFE350000 \Windows\System32\ws2_32.dll
0xFE140000 \Windows\System32\ole32.dll
0xFE120000 \Windows\System32\sechost.dll
0xFDFF0000 \Windows\System32\rpcrt4.dll
0x77910000 \Windows\System32\psapi.dll
0xFDF80000 \Windows\System32\gdi32.dll
0x77070000 \Windows\System32\wininet.dll
0xFDF40000 \Windows\System32\wintrust.dll
0xFDEA0000 \Windows\System32\comctl32.dll
0xFDD30000 \Windows\System32\crypt32.dll
0xFDCC0000 \Windows\System32\KernelBase.dll
0xFDCA0000 \Windows\System32\devobj.dll
0xFDC60000 \Windows\System32\cfgmgr32.dll
0xFDC50000 \Windows\System32\msasn1.dll
0x76500000 \Windows\SysWOW64\normaliz.dll

Processes (total 92):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
516 csrss.exe
636 C:\Windows\System32\wininit.exe
660 csrss.exe
708 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
964 C:\Windows\System32\svchost.exe
140 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
448 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\winlogon.exe
1180 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\spoolsv.exe
1496 C:\Windows\System32\svchost.exe
1596 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1612 C:\Windows\System32\nvvsvc.exe
1620 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
1724 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1756 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1812 C:\Program Files\Bonjour\mDNSResponder.exe
1868 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
1976 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\ThpSrv.exe
648 C:\Windows\System32\TODDSrv.exe
1208 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1972 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2196 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2312 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2644 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2816 C:\Windows\System32\svchost.exe
2344 C:\Windows\System32\taskhost.exe
2556 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
2696 C:\Windows\System32\dwm.exe
2760 C:\Windows\explorer.exe
3080 C:\Windows\System32\hkcmd.exe
3096 C:\Windows\System32\igfxpers.exe
3120 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3168 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3200 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3220 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3232 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3240 C:\Windows\System32\ThpSrv.exe
3260 C:\Program Files\TOSHIBA\TECO\Teco.exe
3408 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
3432 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
3444 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3460 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3820 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
3844 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
3860 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3884 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3908 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
3988 C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
1676 C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
2560 C:\Windows\System32\SearchIndexer.exe
2612 C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
4028 C:\Program Files\Windows Media Player\wmpnetwk.exe
4172 C:\Windows\System32\svchost.exe
4476 C:\Windows\System32\svchost.exe
4392 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
3468 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
2740 dllhost.exe
4432 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5224 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
5744 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
5784 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
5848 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
2972 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
2788 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3504 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1472 C:\Windows\System32\taskhost.exe
5688 C:\Users\FEAR666\Desktop\HijackThis.exe
3804 C:\Windows\System32\audiodg.exe
6748 WmiPrvSE.exe
844 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1512 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2868 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
3500 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
6784 C:\Windows\System32\taskeng.exe
1352 C:\Windows\System32\SearchProtocolHost.exe
6428 C:\Windows\System32\SearchFilterHost.exe
7012 C:\Windows\System32\igfxsrvc.exe
6188 dllhost.exe
6196 dllhost.exe
5504 C:\Users\FEAR666\Downloads\MBRCheck.exe
3324 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6475GSX, Rev: GT001M

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 29 July 2012 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462220 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 03 August 2012 - 10:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users