📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

google search AVAST comes up with malicious virus

2456

Comments

  • cepheus
    cepheus Posts: 20,053 Forumite
    Only 3 out of 41 detection rate

    Symantec Reputation

    Suspicious.InsightFirst seen by VirusTotal

    2012-07-29 18:30:43 UTC ( 4 minutes ago ) Last seen by VirusTotal

    2012-07-29 18:30:43 UTC ( 4 minutes ago ) File names (max. 25)
    1. HDTunePro.EXE
    2. shtbki.dll
    3. HD Tune Pro
    Comodo TrojWare.Win32.Agent.RXKO20120729

    VIPRETrojan.Win32.Medfos.j (v)20120729
    ESET-NOD32a variant of Win32/Medfos.BL20120729
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Do you have a link to the actual report?
  • cepheus
    cepheus Posts: 20,053 Forumite
    https://www.virustotal.com/file/97288ccd0c381c46b12f49ed6997b66e0f5af2dbaa4e16d7670ec0f74e5af57c/analysis/1343586643/
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Cheers. Interesting:
    original name............: HDTunePro.EXE
  • cepheus
    cepheus Posts: 20,053 Forumite
    My AVAST virus checker came up with something this morning, sent it to the vault. I think it was a trojan in the java directory, AVAST doesn't provide much detail

    http://www.avast.com/lp-fr-security-report-t30?utm_source=prg_fav_70_0&utm_medium=prg_lnk&utm_campaign=free2paid&utm_content=prg_fav_en-wwsecurity-report&p_var=.%2Ffa%2Fen-ww%2Fsecurity-report&p_sem=31&p_ssm=1&p_som=4188289&p_sim=7816824&p_fsm=255264&p_fim=2&p_msm=28&p_mim=0&p_wim=56&p_wsm=1883758&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=275&p_lng=en&p_lid=en-ww&p_elm=58&p_vbd=1456
  • GunJack
    GunJack Posts: 11,847 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    make sure your java's up-to-date, older versions are often exploited by malware:-

    http://www.filehippo.com/download_jre/
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    It will have been a Java exploit in the cache most likely & possibly how you became infected.

    http://blogs.technet.com/b/security/archive/2011/11/28/millions-of-java-exploit-attempts-the-importance-of-keeping-all-software-up-to-date.aspx

    Part of the OTL script should have cleared the Java cache, so that bit either didn't work, or you've picked it up since.

    Java exploit attempts can be mitigated by ensuring Java is up to date and that older versions are removed, as said above by GJ.

    The most current is Java SE 7 update 5

    There's a support doc here on how to clear the cache manually.

    http://www.java.com/en/download/help/plugin_cache.xml
  • cepheus
    cepheus Posts: 20,053 Forumite
    edited 13 August 2012 at 7:09PM
    I seem to be having the same hijacking problem again when searching, this time if I search with firefox. Windows seems to be OK. I have run the program again Could someone take a look through this log file

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
    Run by stephen at 19:00:32 on 2012-08-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3891.1514 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\SysWOW64\cryptainersrv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\TrueCrypt\TrueCrypt.exe
    C:\Program Files (x86)\Shareaza\Shareaza.exe
    C:\Program Files (x86)\Shareaza\WindowsThumbnail.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://toshiba.msn.com
    mWinlogon: Userinit=userinit.exe
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Lookup on Merriam Webster - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110620094923
    DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\0756475627 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\244584F6D65684572623D223256305 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\C456967686021427D637 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9E013B8A-BE41-43B6-BEB6-85C6104005FD} : DhcpNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
    BHO-X64: Advertising Cookie Opt-out - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\aicv56t1.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 ssoftnt4;ssoftnt4;\??\C:\Windows\system32\Drivers\ssoftnt4.sys --> C:\Windows\system32\Drivers\ssoftnt4.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-10 44808]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-3-4 1811456]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-4 2320920]
    R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 113120]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
  • cepheus
    cepheus Posts: 20,053 Forumite
    edited 13 August 2012 at 7:09PM
    ============== Created Last 30 ================
    .
    2012-08-13 12:59:42
    d
    w- C:\Users\stephen\AppData\Local\{9934C67B-43EF-4946-9B76-516B35C9520C}
    2012-08-13 12:59:31
    d
    w- C:\Users\stephen\AppData\Local\{3E02ADA3-D8A0-40EE-8E39-BEEC376DD18E}
    2012-08-13 11:01:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C7F1222-6DB2-4E39-AF93-535EA3756F69}\offreg.dll
    2012-08-12 19:16:30
    d
    w- C:\Users\stephen\AppData\Local\{6786FC17-D5D4-4800-B62B-E1FA2D93D659}
    2012-08-12 19:16:20
    d
    w- C:\Users\stephen\AppData\Local\{1A9D7D58-6667-40FF-A160-AEDCC0E78E67}
    2012-08-12 07:04:49
    d
    w- C:\Users\stephen\AppData\Local\{5A478FDA-1844-43E6-A35D-171FEB5614D3}
    2012-08-12 07:04:39
    d
    w- C:\Users\stephen\AppData\Local\{7FEFBE55-68C6-411F-83C4-336F21A84A60}
    2012-08-10 17:27:11
    d
    w- C:\Users\stephen\AppData\Local\{53B7A1A4-3496-45CB-8489-83DFCEDA997B}
    2012-08-10 17:27:01
    d
    w- C:\Users\stephen\AppData\Local\{FC8E8E29-DAAB-4DBA-8FBB-49377A29923D}
    2012-08-10 06:22:53 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C7F1222-6DB2-4E39-AF93-535EA3756F69}\mpengine.dll
    2012-08-09 06:58:21
    d
    w- C:\Users\stephen\AppData\Local\{0655E7B5-8E79-4F06-95ED-4B49BBFD2D48}
    2012-08-09 06:58:11
    d
    w- C:\Users\stephen\AppData\Local\{6FE21955-396D-407D-8E22-9FED07115BC1}
    2012-08-08 06:45:44
    d
    w- C:\Users\stephen\AppData\Local\{544AA7D7-2883-4E97-BDAA-E45070B44521}
    2012-08-08 06:45:33
    d
    w- C:\Users\stephen\AppData\Local\{B57163EF-8F48-4113-B830-78CDF8647D6F}
    2012-08-07 09:47:18
    d
    w- C:\Users\stephen\AppData\Local\{0988A3A1-6A5B-4F86-BD08-01E30BFA4A88}
    2012-08-07 09:47:08
    d
    w- C:\Users\stephen\AppData\Local\{A895AC9D-C69D-4B12-8E32-B8D3B1892992}
    2012-08-06 06:56:03
    d
    w- C:\Users\stephen\AppData\Local\{1B3B38EB-261E-42F6-B834-58B6FDF74961}
    2012-08-06 06:55:51
    d
    w- C:\Users\stephen\AppData\Local\{3B5B6A83-A4E3-4E61-A153-0EAF0BF4FE67}
    2012-08-05 22:05:47
    d
    w- C:\Users\stephen\AppData\Local\{806A1455-8940-4F11-AB43-A36BD75A59D9}
    2012-08-05 07:38:37
    d
    w- C:\Users\stephen\AppData\Local\{219B9ED8-6529-41AD-AC87-706B0CEA3731}
    2012-08-05 07:38:26
    d
    w- C:\Users\stephen\AppData\Local\{CDD2AC9C-C466-4845-BC8E-A0C115732DE0}
    2012-08-04 07:49:35
    d
    w- C:\Users\stephen\AppData\Local\{79E9A706-9461-4204-A4AF-432C2CB69B99}
    2012-08-04 07:49:24
    d
    w- C:\Users\stephen\AppData\Local\{18DCE614-5F6D-4751-8561-CF24EC786306}
    2012-08-03 18:08:24
    d
    w- C:\Users\stephen\AppData\Local\{81279512-46E9-477D-9DF3-ADFF20F112AF}
    2012-08-03 18:08:13
    d
    w- C:\Users\stephen\AppData\Local\{C5D3B86A-145F-4338-8662-4049E08547D1}
    2012-08-02 20:05:35
    d
    w- C:\Users\stephen\AppData\Local\{DFA88910-A426-49FD-B59D-FABBA0307404}
    2012-08-02 20:05:25
    d
    w- C:\Users\stephen\AppData\Local\{8C77F82B-80AB-4D81-BE82-83E4DFA46FA9}
    2012-08-02 06:57:20
    d
    w- C:\Users\stephen\AppData\Local\{4810AA14-14C0-45AA-BC3F-4E485B1722D7}
    2012-08-02 06:57:09
    d
    w- C:\Users\stephen\AppData\Local\{706541A3-4664-44B7-826F-6485317125CD}
    2012-08-01 06:19:53
    d
    w- C:\Users\stephen\AppData\Local\{896B1211-1BC1-4538-A6AB-716E4C5D3C66}
    2012-08-01 06:19:43
    d
    w- C:\Users\stephen\AppData\Local\{E0CA371E-63CF-4DF9-A2E4-9EDC4EF11D02}
    2012-07-31 12:35:23
    d
    w- C:\Users\stephen\AppData\Local\{AD30A2A0-FED7-4BA7-9303-ED36F6DE1C30}
    2012-07-31 12:35:12
    d
    w- C:\Users\stephen\AppData\Local\{3B8A4933-0BAF-4E33-B0A0-CF55C13F0696}
    2012-07-30 18:31:16
    d
    w- C:\Users\stephen\AppData\Local\{26E24C17-B0BB-484D-A7A6-937E518EF98F}
    2012-07-30 18:31:06
    d
    w- C:\Users\stephen\AppData\Local\{9C6156AE-525A-4755-8651-7D924C5AC9D0}
    2012-07-30 17:09:32 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-30 06:30:34
    d
    w- C:\Users\stephen\AppData\Local\{6DB9777A-B4B8-4A54-97E1-2384AE792D16}
    2012-07-30 06:30:24
    d
    w- C:\Users\stephen\AppData\Local\{F70E7057-A69F-498C-8344-9D6AC64CEE2D}
    2012-07-29 17:41:21
    d
    w- C:\_OTL
    2012-07-29 17:20:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-29 17:20:01
    d
    w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 06:24:42
    d
    w- C:\Users\stephen\AppData\Local\{1DDCF4C5-5F42-4A62-B1B5-4211264666E8}
    2012-07-29 06:24:31
    d
    w- C:\Users\stephen\AppData\Local\{2AAF93CD-F996-4833-AD9A-9E947BF66FCF}
    2012-07-28 20:37:42
    d
    w- C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
    2012-07-28 14:22:44
    d
    w- C:\Users\stephen\AppData\Local\{4DFB0A2A-2B11-4410-BC2D-D8A21CDE081A}
    2012-07-28 14:22:34
    d
    w- C:\Users\stephen\AppData\Local\{4E6FEA4A-FB52-43A6-8B01-D2656163D15B}
    2012-07-27 09:42:29
    d
    w- C:\Users\stephen\AppData\Local\{7FF2F997-B757-4236-84B0-F9D25059FFD3}
    2012-07-27 09:42:17
    d
    w- C:\Users\stephen\AppData\Local\{6B2683DD-8362-4B19-9732-803A049880A3}
    2012-07-26 21:28:00
    d
    w- C:\Users\stephen\AppData\Local\{4BB3C8B0-5150-4575-BE06-95234C9BE5C8}
    2012-07-26 21:27:50
    d
    w- C:\Users\stephen\AppData\Local\{62249014-DB13-4AD7-974C-FA53A12BADC1}
    2012-07-26 09:25:52
    d
    w- C:\Users\stephen\AppData\Local\{EC8CA9E8-0377-425D-98E5-8D8D7F1E12A2}
    2012-07-26 09:25:43
    d
    w- C:\Users\stephen\AppData\Local\{AEB7C706-075A-47F1-98F5-3BE14BF1C8F0}
    2012-07-25 20:17:16
    d
    w- C:\Users\stephen\AppData\Local\{617DFD8F-2CAA-4099-8E4A-C4A13A82DD72}
    2012-07-25 20:17:05
    d
    w- C:\Users\stephen\AppData\Local\{999F628E-3F91-4D47-A77B-8FC1A43BD063}
    2012-07-25 06:26:03
    d
    w- C:\Users\stephen\AppData\Local\{BEA36201-B2F0-46C9-8975-50CCAA8BCE0E}
    2012-07-25 06:25:52
    d
    w- C:\Users\stephen\AppData\Local\{E164033D-C4EE-4BB7-8776-089A4A6D5E2C}
    2012-07-24 08:12:43
    d
    w- C:\Users\stephen\AppData\Local\{890AF71F-1203-4CB8-B5BC-44ABAA01818D}
    2012-07-24 08:12:33
    d
    w- C:\Users\stephen\AppData\Local\{5039B34C-2A42-4A89-B3B9-70387C3B89E5}
    2012-07-23 20:12:04
    d
    w- C:\Users\stephen\AppData\Local\{9093ED4E-1799-41DB-99DA-28454163243F}
    2012-07-23 20:11:54
    d
    w- C:\Users\stephen\AppData\Local\{8FF61BA4-80F6-4C45-953E-AD59427EF1D5}
    2012-07-23 06:27:38
    d
    w- C:\Users\stephen\AppData\Local\{5252FBBB-2B5E-4B3B-BCCA-DE6D62F1B505}
    2012-07-23 06:27:27
    d
    w- C:\Users\stephen\AppData\Local\{49335A93-B15C-4CE8-AB16-E801D9D97F11}
    2012-07-22 18:25:28
    d
    w- C:\Users\stephen\AppData\Local\{5A7AC5C5-E0C0-460B-9F8D-DAB09C6B87A6}
    2012-07-22 18:25:17
    d
    w- C:\Users\stephen\AppData\Local\{CFC12AF4-AE94-46A7-BDBD-253BDCDD66D4}
    2012-07-22 06:24:48
    d
    w- C:\Users\stephen\AppData\Local\{5938729C-002E-474E-8B80-56428599DB17}
    2012-07-22 06:24:38
    d
    w- C:\Users\stephen\AppData\Local\{7F0ABBE3-45AF-45C9-9FC3-9341E12EB418}
    2012-07-21 06:23:37
    d
    w- C:\Users\stephen\AppData\Local\{41B57710-2056-40B4-B397-0A5319531805}
    2012-07-21 06:23:27
    d
    w- C:\Users\stephen\AppData\Local\{D0F4F894-7B05-40F6-9939-8A122A411936}
    2012-07-20 20:17:00
    d
    w- C:\Users\stephen\AppData\Local\{5429E97D-F829-49AA-BBF4-AD0CB919ABB4}
    2012-07-20 06:30:25
    d
    w- C:\Users\stephen\AppData\Local\{95F3EC46-9AD8-48CF-BFF7-F956DD61D652}
    2012-07-20 06:30:15
    d
    w- C:\Users\stephen\AppData\Local\{23F534B4-6666-4348-AB92-B7BBFFBE34D5}
    2012-07-19 13:46:14
    d
    w- C:\Users\stephen\AppData\Local\{9E72B0C0-A090-451C-A873-728A1A37CB6F}
    2012-07-19 13:46:03
    d
    w- C:\Users\stephen\AppData\Local\{DA50C083-71D8-494A-8A2B-E177E0A91F83}
    2012-07-18 20:00:36
    d
    w- C:\Users\stephen\AppData\Local\{2720D71C-CEC8-4A1F-B312-DFEBF6E770D0}
    2012-07-18 20:00:26
    d
    w- C:\Users\stephen\AppData\Local\{C8C2F218-5BD7-40DB-81D8-B9C104F27BEE}
    2012-07-18 06:28:51
    d
    w- C:\Users\stephen\AppData\Local\{BC69428C-3253-45DA-9627-B1F09349B1AF}
    2012-07-18 06:28:41
    d
    w- C:\Users\stephen\AppData\Local\{52F8E877-DD60-47BF-A739-303FC851E227}
    2012-07-17 05:44:02
    d
    w- C:\Users\stephen\AppData\Local\{AF511A3C-9608-4BC3-9094-54E75323B944}
    2012-07-17 05:43:52
    d
    w- C:\Users\stephen\AppData\Local\{FF4405BE-50C6-4CA4-8F39-E23B76D31A75}
    2012-07-16 10:02:33
    d
    w- C:\Users\stephen\AppData\Local\{D380F1E5-73E7-42ED-B702-EAF1D7EE9A25}
    2012-07-16 10:02:23
    d
    w- C:\Users\stephen\AppData\Local\{53E26D2C-92B8-40D4-9C44-BBE4A875BD2E}
    2012-07-15 12:58:27
    d
    w- C:\Users\stephen\AppData\Local\{7FE5A034-E1F4-4190-AE79-D6F733596724}
    2012-07-15 12:58:17
    d
    w- C:\Users\stephen\AppData\Local\{D0F70FA4-27F8-4B28-ACE6-2749BE14430D}
    .
    ==================== Find3M ====================
    .
    2012-07-30 17:09:13 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
    2012-06-21 16:00:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-21 16:00:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-04 22:07:37 0 ----a-w- C:\Windows\SysWow64\shoBB9A.tmp
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 11:25:12 279656
    w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 19:01:48.16 ===============
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Download aswMBR and save it to your Desktop.

    http://public.avast.com/~gmerek/aswMBR.exe

    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click the Scan button.
    • Wait till the scan reports "Scan finished successfully"
    • Click Save log & save the log to your desktop.
    • Click OK
    • Two files will be created, aswMBR.txt & a file named MBR.dat
    • Click EXIT.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    Don't click to fix anything yet, just post the log
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.3K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.7K Spending & Discounts
  • 244.2K Work, Benefits & Business
  • 599.4K Mortgages, Homes & Bills
  • 177.1K Life & Family
  • 257.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture