Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Need Help - Virus
#11
Refer to my last post Oui
#12
(10-27-2010, 02:22 PM)Reality Wrote:
Code:
O4 - HKCU\..\Run: [neaoxrscwm.exe] "C:\Users\Peter\AppData\Local\Temp\neaoxrscwm.exe"

There is one part of the infection.

Refer to the thread below in order to clean your computer.

http://www.geekstogo.com/forum/topic/286...als-alert/

Are you sure? Also I seen that page already and it didn't help as Malwarebytes didn't detect anything....
[Image: burninglove4.png]
#13
Metallica wouldn't lie about that.

All you can do is wait for Quintus, nobody is allowed to give instructions anymore.
#14
I think they can, it's just up to the user to chose not to listen to us over the hijack team. However, I still think the way this virus removal forum is laid out, is far from efficient. Using HiJackThis is not the only way you can determine how to get rid of a virus, even though it is useful in most cases. I've been dealing with viruses for well over my years in computers. I must have fixed over 100 of them lol..

That being said, it's easier if I had remote control of the computer to find things out. But as long as you don't know HiJackThis logs, and your not on the team, if I can't give some of my advice, I think it's very poorly managed in this area, since you don't see too many of the HiJack group team members, as active on this site. It should be HiJackThis help which is only permitted to the hijackthis group, not everything dealing with viruses in this forum.
#15
(10-27-2010, 02:27 PM)Reality Wrote: Metallica wouldn't lie about that.

All you can do is wait for Quintus, nobody is allowed to give instructions anymore.

I don't have the same program as what Metallica posted. Well same name but mine is just a pure white page with black writing.
Update got a picture!
[Image: burninglove4.png]
#16
Usually anything made by microsoft does not use that big of a button, it was obviously put in place to get you to press it. I would agree with Epic Smiley and say that it's a fake AV. Do not press the button, and see what others have to say on this.
#17
I know it's fake, of course I'm not going to push the button... lol
Still need help, HJT team where are you. Sad
[Image: burninglove4.png]
#18
  • Step 1

    Please run HijackThis. Click 'Do a system scan only' and place a check next to the following line(s) if present:

    O4 - HKCU\..\Run: [neaoxrscwm.exe] "C:\Users\Peter\AppData\Local\Temp\neaoxrscwm.exe"
    O4 - HKCU\..\Run: [lFtEnd.exe] C:\Users\Peter\AppData\Local\Temp\lFtEnd.exe


    Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
  • Step 2

    Download DDS.scr by sUBs from one of the following links and save it to your Desktop.

    'Link 1'
    'Link 2'
    • Double-click on DDS.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear, DDS.txt and Attach.txt.
    • A window will open instructing you save and post the logs. Save the logs to a convenient place such as your Desktop.
    • Copy the contents of both logs and post in your next reply.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
#19
Ok I think that worked now, it doesn't come up anymore. Big Grin

Fresh hijackthis log:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:17, on 28/10/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100915010709.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2630905953-320564568-2076093293-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2630905953-320564568-2076093293-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16337 bytes

DDS.txt:
Code:
DDS (Ver_10-10-21.02) - NTFS_AMD64  
Run by Peter at 16:05:19.88 on 28/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.4027.2642 [GMT 1:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Peter\Desktop\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://toshiba.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100915010709.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64:     McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100915010709.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
mRun-x64: [(Default)]
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\yw4izjl0.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 529000]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 283232]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-8-23 482384]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-1-5 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-11 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-11 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-11 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-11 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-5-5 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-5-5 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-5-5 149032]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-7-13 1604200]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-13 2320920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 62800]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-13 56344]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-18 164464]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 441072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-1-28 86120]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-7-13 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-13 330856]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-13 1103904]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-13 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-19 136176]
S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 94736]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-19 1255736]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-11 355440]

=============== Created Last 30 ================

2010-10-26 18:08:07    961024    ----a-w-    C:\windows\System32\CPFilters.dll
2010-10-26 18:08:07    641536    ----a-w-    C:\windows\SysWow64\CPFilters.dll
2010-10-26 18:08:07    552960    ----a-w-    C:\windows\System32\msdri.dll
2010-10-26 18:08:06    288256    ----a-w-    C:\windows\System32\MSNP.ax
2010-10-26 18:08:06    258560    ----a-w-    C:\windows\System32\mpg2splt.ax
2010-10-26 18:08:06    204288    ----a-w-    C:\windows\SysWow64\MSNP.ax
2010-10-26 18:08:06    199680    ----a-w-    C:\windows\SysWow64\mpg2splt.ax
2010-10-26 18:07:59    27008    ----a-w-    C:\windows\System32\drivers\Diskdump.sys
2010-10-23 22:48:41    --------    d-----w-    C:\Users\Peter\AppData\Roaming\Windows Live Writer
2010-10-23 22:48:41    --------    d-----w-    C:\Users\Peter\AppData\Local\Windows Live Writer
2010-10-23 15:39:22    --------    d-----w-    C:\windows\en
2010-10-23 15:35:12    15712    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\e1fc2b961cb72c722\MeshBetaRemover.exe
2010-10-23 15:34:59    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\d9c64c841cb72c71a\DSETUP.dll
2010-10-23 15:34:59    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\d9c64c841cb72c71a\DXSETUP.exe
2010-10-23 15:34:59    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\d9c64c841cb72c71a\dsetup32.dll
2010-10-23 15:34:58    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\d900ba4d1cb72c719\DSETUP.dll
2010-10-23 15:34:58    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\d900ba4d1cb72c719\DXSETUP.exe
2010-10-23 15:34:58    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\d900ba4d1cb72c719\dsetup32.dll
2010-10-23 15:34:19    --------    d-----w-    C:\Users\Peter\AppData\Local\Windows Live
2010-10-23 15:33:41    257024    ----a-w-    C:\windows\System32\mfreadwrite.dll
2010-10-23 15:33:41    206848    ----a-w-    C:\windows\System32\mfps.dll
2010-10-23 15:33:41    196608    ----a-w-    C:\windows\SysWow64\mfreadwrite.dll
2010-10-23 15:33:41    1888256    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2010-10-23 15:33:41    1619456    ----a-w-    C:\windows\SysWow64\WMVDECOD.DLL
2010-10-23 15:33:40    4068864    ----a-w-    C:\windows\System32\mf.dll
2010-10-23 15:33:40    3181568    ----a-w-    C:\windows\SysWow64\mf.dll
2010-10-15 16:49:02    --------    d-----w-    C:\windows\SysWow64\Adobe
2010-10-08 20:39:58    --------    d-----w-    C:\PROGRA~3\Codemasters
2010-10-08 20:38:28    17686528    ----a-w-    C:\windows\SysWow64\mkl_blueripple.dll
2010-10-08 20:38:28    1347584    ----a-w-    C:\windows\SysWow64\rapture3d_oal.dll
2010-10-08 20:38:28    --------    d-----w-    C:\Program Files (x86)\BRS
2010-10-08 20:36:58    3977496    ----a-w-    C:\windows\System32\d3dx9_31.dll
2010-10-08 20:36:58    364824    ----a-w-    C:\windows\System32\xactengine2_4.dll
2010-10-08 20:36:58    363288    ----a-w-    C:\windows\System32\xactengine2_3.dll
2010-10-08 20:36:58    2414360    ----a-w-    C:\windows\SysWow64\d3dx9_31.dll
2010-10-08 20:36:58    237848    ----a-w-    C:\windows\SysWow64\xactengine2_4.dll
2010-10-08 20:36:58    236824    ----a-w-    C:\windows\SysWow64\xactengine2_3.dll
2010-10-08 20:36:58    17688    ----a-w-    C:\windows\System32\x3daudio1_1.dll
2010-10-08 20:36:58    15128    ----a-w-    C:\windows\SysWow64\x3daudio1_1.dll
2010-10-08 20:36:57    83736    ----a-w-    C:\windows\System32\xinput1_2.dll
2010-10-08 20:36:57    62744    ----a-w-    C:\windows\SysWow64\xinput1_2.dll
2010-10-08 20:35:45    809560    ----a-r-    C:\windows\SysWow64\tmp3FC3.tmp
2010-09-29 21:45:49    243712    ----a-w-    C:\windows\System32\drivers\ks.sys
2010-09-29 21:45:49    184832    ----a-w-    C:\windows\System32\drivers\usbvideo.sys
2010-09-29 16:25:35    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2010-09-29 16:25:35    2048    ----a-w-    C:\windows\System32\tzres.dll
2010-09-29 16:25:29    13312    ----a-w-    C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 16:25:29    13312    ----a-w-    C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M  ====================

2010-10-08 20:37:35    466520    ----a-w-    C:\windows\System32\wrap_oal.dll
2010-10-08 20:37:34    445016    ----a-w-    C:\windows\SysWow64\wrap_oal.dll
2010-10-08 20:37:34    122968    ----a-w-    C:\windows\System32\OpenAL32.dll
2010-10-08 20:37:34    109144    ----a-w-    C:\windows\SysWow64\OpenAL32.dll
2010-09-22 23:47:28    49016    ----a-w-    C:\windows\SysWow64\sirenacm.dll
2010-09-22 23:32:56    301936    ----a-w-    C:\windows\WLXPGSS.SCR
2010-09-21 13:49:02    252800    ----a-w-    C:\windows\System32\LIVESSP.DLL
2010-09-21 13:03:14    208768    ----a-w-    C:\windows\SysWow64\LIVESSP.DLL
2010-09-20 12:51:40    499712    ----a-w-    C:\windows\SysWow64\msvcp71.dll
2010-09-20 12:51:40    348160    ----a-w-    C:\windows\SysWow64\msvcr71.dll
2010-09-10 05:35:44    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43    347648    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17    1192960    ----a-w-    C:\windows\System32\wininet.dll
2010-09-08 05:34:34    57856    ----a-w-    C:\windows\System32\licmgr10.dll
2010-09-08 04:30:04    978432    ----a-w-    C:\windows\SysWow64\wininet.dll
2010-09-08 04:28:15    44544    ----a-w-    C:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38    482816    ----a-w-    C:\windows\System32\html.iec
2010-09-08 03:35:30    1638912    ----a-w-    C:\windows\System32\mshtml.tlb
2010-09-08 03:22:31    386048    ----a-w-    C:\windows\SysWow64\html.iec
2010-09-08 02:48:16    1638912    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09    12625920    ----a-w-    C:\windows\System32\wmploc.DLL
2010-09-01 04:23:49    12625408    ----a-w-    C:\windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34    3123712    ----a-w-    C:\windows\System32\win32k.sys
2010-08-31 04:32:30    954752    ----a-w-    C:\windows\SysWow64\mfc40.dll
2010-08-31 04:32:30    954288    ----a-w-    C:\windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02    236032    ----a-w-    C:\windows\System32\srvsvc.dll
2010-08-27 05:46:48    9728    ----a-w-    C:\windows\SysWow64\sscore.dll
2010-08-27 03:38:04    463360    ----a-w-    C:\windows\System32\drivers\srv.sys
2010-08-27 03:37:48    402944    ----a-w-    C:\windows\System32\drivers\srv2.sys
2010-08-27 03:37:26    161792    ----a-w-    C:\windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28    148992    ----a-w-    C:\windows\System32\t2embed.dll
2010-08-26 04:39:58    109056    ----a-w-    C:\windows\SysWow64\t2embed.dll
2010-08-24 13:57:38    9984    ----a-w-    C:\windows\System32\drivers\mfeclnk.sys
2010-08-24 13:57:38    94736    ----a-w-    C:\windows\System32\drivers\mferkdet.sys
2010-08-24 13:57:38    75032    ----a-w-    C:\windows\System32\drivers\mfenlfk.sys
2010-08-24 13:57:38    62800    ----a-w-    C:\windows\System32\drivers\cfwids.sys
2010-08-24 13:57:38    529000    ----a-w-    C:\windows\System32\drivers\mfehidk.sys
2010-08-24 13:57:38    441072    ----a-w-    C:\windows\System32\drivers\mfefirek.sys
2010-08-24 13:57:38    283232    ----a-w-    C:\windows\System32\drivers\mfewfpk.sys
2010-08-24 13:57:38    190136    ----a-w-    C:\windows\System32\drivers\mfeavfk.sys
2010-08-24 13:57:38    121248    ----a-w-    C:\windows\System32\drivers\mfeapfk.sys
2010-08-21 06:38:47    1024512    ----a-w-    C:\windows\System32\wmpmde.dll
2010-08-21 06:36:49    340992    ----a-w-    C:\windows\System32\schannel.dll
2010-08-21 06:31:06    633856    ----a-w-    C:\windows\System32\comctl32.dll
2010-08-21 06:29:47    558592    ----a-w-    C:\windows\System32\spoolsv.exe
2010-08-21 05:36:33    738816    ----a-w-    C:\windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24    224256    ----a-w-    C:\windows\SysWow64\schannel.dll
2010-08-21 05:33:24    530432    ----a-w-    C:\windows\SysWow64\comctl32.dll

============= FINISH: 16:06:53.95 ===============

Attach.txt:
Code:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/08/2010 19:29:47
System Uptime: 28/10/2010 16:00:31 (0 hours ago)

Motherboard: TOSHIBA |  | NWQAA
Processor: Intel(R) Core(TM) i7 CPU       Q 740  @ 1.73GHz | CPU | 1317/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 455 GiB total, 403.665 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP21: 29/09/2010 22:45:35 - Windows Update
RP22: 08/10/2010 00:28:20 - Windows Update
RP23: 08/10/2010 21:31:22 - Installed DiRT2 Demo
RP24: 08/10/2010 21:35:58 - Installed DirectX
RP25: 08/10/2010 21:37:45 - Installed DirectX
RP26: 08/10/2010 22:52:50 - Removed DiRT2 Demo
RP27: 08/10/2010 22:56:32 - Removed Microsoft Games for Windows - LIVE
RP28: 08/10/2010 22:57:07 - Removed Microsoft Games for Windows - LIVE Redistributable
RP29: 14/10/2010 20:06:25 - Installed TosDVD
RP30: 14/10/2010 20:07:02 - Installed DirectX
RP31: 16/10/2010 00:42:55 - Windows Update
RP32: 23/10/2010 16:33:21 - Windows Update
RP33: 24/10/2010 23:57:22 - Windows Update
RP34: 26/10/2010 19:09:10 - Windows Update
RP35: 26/10/2010 19:12:20 - Windows Update

==== Installed Programs ======================

888poker
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advertising Center
Amazon.co.uk
µTorrent
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
D3DX10
Diner Dash 2 Restaurant Rescue
eBay
Empire Earth III
FATE
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
ImagXpress
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java(TM) 6 Update 17
Jewel Quest II
JMicron Flash Media Controller Driver
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee Internet Security
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.8)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero RescueAgent
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
NVIDIA PhysX
NVIDIA Updatus
OpenAL
Penguins!
Photo Service - powered by myphotobook
Plants vs. Zombies
Polar Bowler
Rapture3D 2.3.26 Game
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek WLAN Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
vShare Plugin
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfire (remove only)
YouTube Downloader 2.6
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

27/10/2010 22:04:19, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
27/10/2010 18:55:43, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
27/10/2010 18:55:43, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:  An instance of the service is already running.
27/10/2010 18:55:43, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
27/10/2010 18:55:43, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:  An instance of the service is already running.
27/10/2010 18:54:43, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 18:53:43, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/10/2010 09:18:20, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
27/10/2010 09:18:20, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
27/10/2010 09:18:20, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
26/10/2010 19:10:18, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2388210).
26/10/2010 19:01:42, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.
26/10/2010 19:01:12, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
26/10/2010 00:00:46, Error: Service Control Manager [7023]  - The McAfee VirusScan Announcer service terminated with the following error:  Incorrect function.

==== End Of File ===========================

[Image: burninglove4.png]
#20
  • Step 3

    Please download the OTM File Mover from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
    • Save it to your Desktop.
    • Please double-click OTM.exe to run it.
    • Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      explorer.exe

      :Files
      C:\Users\Peter\AppData\Local\Temp\neaoxrscwm.exe
      C:\Users\Peter\AppData\Local\Temp\lFtEnd.exe

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
    • Click the red MoveIt! button.
    • Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    • Paste it in your next reply.
    • Close OTM.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.
  • Step 4

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • ESET Scan Log
    • OTM Log
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
  • Comments:
    • I'll check on you tomorrow again. Smile


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hooot.com redirect virus sarasmile 6 2,775 01-22-2012, 01:19 PM
Last Post: RDCA
  [HJT] I got a virus hinchy 3 1,862 10-17-2009, 07:51 PM
Last Post: Skawke

Forum Jump:


Users browsing this thread: 32 Guest(s)