PDA

View Full Version : new laptop infected by old (infected) hard-disk ?



MsKhan
2012-11-05, 18:56
Hello,

Thanks for this opportunity to get help.

I have recently purchased a new laptop.

My earlier laptop was infected with malware for which I couldn't get help or repaired. However it had been used for far too long and was time to buy a new one so bought this new one, which has McAfee 1 month complimentary subscription. Soon I installed the professional edition of Spybot (free licence for one month).

After installing Spybot, I connected my external (data) hard disk, which had files saved on it from my infected computer. I put if for scanning by Spybot, it seems it detected 1 malware (1 heuristic).However at the end of about 13 hrs, I aborted the scan ( I have about 250GB data stored).Fixed the 1 malware detected.

Then scanned again with spybot, this time selecting full system scan with the hard disk attached.

Each time the spybot detects level 5 (medium) threats and 2 threats of level 1.

On 2-3 such occasions I have fixed the threats by selecting fix selected issues in the Spybot, except the last one time today morning.

I have reason to suspect that my new laptop is also infected, because,after having fixed the malware detected in my hard disk, when I was browsing my email in google chrome, while scrolling on the same page, the fonts and the overall 'appearance' of the page changed all of a sudden, to the similar look and fonts that had appeared on my hijacked browsers of my earlier laptop. That had been infected by ergative, homepages had changed to ergative.com and on surfing my regular websites, the look of the fonts and overall appearance used to be different.

Also I noticed , my gmail account had been accessed by '2002:3e78:a888::3e78:a888'.I don't know what this is. I found this listed in my account access details in the IP address section.

Since I some times purchase stuff online, I want to be sure, this laptop is not infected too.

We have a main router at home that has (4) DSL lines given to neighbours for sharing and the wireless is shared by my husband's laptop, my self and one another neighbour. We also share the same wireless connection for iPad and Samsung Galaxy tab.



After the infection though, I installed Open Office and mozilla firefox browser .

I am posting the DDS and aswMBR logs for analysis.

----------------

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by MsKhan at 19:08:09 on 2012-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4066.2750 [GMT 3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\CxAudMsg64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121104062248.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [autodetect] C:\windows\SysWOW64\SupportAppXL\AutoDect.exe
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\MsKhan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\MsKhan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{303749E1-4F2D-47C7-90CA-D3904B3DA59F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9E72AEE4-6D62-4142-B9D4-628D1309ADB0} : DHCPNameServer = 50.50.0.50
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20121031095336.dll
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MsKhan\AppData\Roaming\Mozilla\Firefox\Profiles\5vhqmv5g.default\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2|http://www.onislam.net/english/
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-31 10:07; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; C:\Program Files (x86)\Common Files\McAfee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-10-15 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-10-15 289664]
R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-2-17 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-2-17 15920]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\System32\drivers\mfenlfk.sys [2011-10-15 75936]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-3-22 235520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2012-3-22 198784]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-2-17 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-2-17 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-2-17 162224]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-10-29 1100320]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-10-29 1367576]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-10-29 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R3 amdkmdag;amdkmdag;C:\windows\System32\drivers\atikmdag.sys [2012-3-22 10731520]
R3 amdkmdap;amdkmdap;C:\windows\System32\drivers\atikmpag.sys [2012-3-22 328192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-3-22 95248]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-10-15 65264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-17 103536]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\System32\drivers\HECIx64.sys [2011-11-10 60184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-10-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-10-15 487296]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-23 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2011-12-23 21264]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-23 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-15 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-2-17 250808]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-17 225216]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-10-15 100912]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-3 115168]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-2-17 332272]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\windows\System32\drivers\ZTEusbvoice.sys [2012-10-31 119680]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-05 16:03:20 -------- dc----w- C:\Users\MsKhan\11-5-2012
2012-11-04 09:05:48 -------- dc----w- C:\Users\MsKhan\AppData\Local\Macromedia
2012-11-04 03:22:48 29312 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-11-03 18:05:59 917984 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-11-03 18:04:50 -------- dc----w- C:\Users\MsKhan\AppData\Roaming\OpenOffice.org
2012-11-03 17:54:12 -------- dc----w- C:\Program Files (x86)\OpenOffice.org 3
2012-11-03 09:06:01 -------- dc----w- C:\Program Files (x86)\WM Converter
2012-11-03 07:58:33 -------- dc----w- C:\Program Files (x86)\VideoLAN
2012-11-03 07:53:08 -------- dc----w- C:\Users\MsKhan\AppData\Local\{0B7CD781-18F1-492F-87F1-0CED374EDFA7}
2012-11-03 06:19:54 -------- dc----w- C:\Users\MsKhan\AppData\Roaming\SoftGrid Client
2012-11-03 06:19:54 -------- dc----w- C:\Users\MsKhan\AppData\Local\SoftGrid Client
2012-11-03 06:19:16 -------- dc----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-11-03 06:19:09 -------- dc----w- C:\Users\MsKhan\AppData\Roaming\TP
2012-11-01 18:22:39 -------- dc----r- C:\Program Files (x86)\Skype
2012-11-01 18:21:23 -------- dcsh--w- C:\windows\SysWow64\%APPDATA%
2012-10-31 04:42:22 119680 -c--a-w- C:\windows\System32\drivers\ZTEusbvoice.sys
2012-10-31 04:42:22 119680 -c--a-w- C:\windows\System32\drivers\ZTEusbser6k.sys
2012-10-31 04:42:22 119680 -c--a-w- C:\windows\System32\drivers\ZTEusbnmea.sys
2012-10-31 04:42:22 119680 -c--a-w- C:\windows\System32\drivers\ZTEusbmdm6k.sys
2012-10-31 04:42:12 -------- dc----w- C:\Program Files (x86)\Mobily Connect Card
2012-10-31 04:42:09 -------- dc----w- C:\windows\SysWow64\SupportAppXL
2012-10-29 08:18:37 -------- dc----w- C:\windows\SysWow64\Wat
2012-10-29 08:18:36 -------- dc----w- C:\windows\System32\Wat
2012-10-29 06:52:34 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-10-29 06:52:34 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-10-29 06:52:33 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-10-29 06:52:33 5120 ----a-w- C:\windows\System32\wmi.dll
2012-10-29 06:52:33 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-10-29 06:42:19 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-10-29 06:42:19 2048 ----a-w- C:\windows\System32\tzres.dll
2012-10-29 06:40:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-29 06:39:11 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-10-29 06:36:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-10-29 06:36:56 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-29 06:36:55 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-10-29 06:36:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-10-29 06:36:55 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-10-29 06:36:16 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-10-29 06:36:09 715776 ----a-w- C:\windows\System32\kerberos.dll
2012-10-29 06:36:08 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-10-29 06:36:00 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-10-29 06:35:59 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-10-29 06:35:48 395776 ----a-w- C:\windows\System32\webio.dll
2012-10-29 06:35:48 314880 ----a-w- C:\windows\SysWow64\webio.dll
2012-10-29 06:35:40 1465344 ----a-w- C:\windows\System32\XpsPrint.dll
2012-10-29 06:35:35 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2012-10-29 06:35:25 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-10-29 06:35:00 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-10-29 06:35:00 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-10-29 06:33:58 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2012-10-29 06:32:56 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-10-29 06:32:55 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-10-29 06:32:53 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-10-29 06:32:51 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-10-29 06:32:36 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-10-29 06:32:32 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-10-29 06:32:15 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-10-29 06:32:15 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-10-29 06:30:16 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-29 06:30:16 1464320 ----a-w- C:\windows\System32\crypt32.dll
2012-10-29 06:30:16 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-29 06:30:16 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-29 06:30:15 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-29 06:30:15 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-29 06:29:04 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-10-29 06:29:03 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-10-29 06:29:03 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-10-29 06:29:03 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-10-29 06:29:03 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-10-29 06:29:03 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-10-29 06:28:57 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-10-29 06:28:57 67072 ----a-w- C:\windows\splwow64.exe
2012-10-29 06:28:57 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-10-29 06:28:57 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-10-29 06:28:52 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-10-29 06:28:51 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-10-29 06:28:49 3216384 ----a-w- C:\windows\System32\msi.dll
2012-10-29 06:28:49 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-10-29 06:28:46 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-10-29 06:28:46 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-10-29 06:28:43 77312 ----a-w- C:\windows\System32\packager.dll
2012-10-29 06:28:43 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-10-28 21:15:17 17272 -c--a-w- C:\windows\System32\sdnclean64.exe
2012-10-28 21:15:07 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-10-28 21:14:28 -------- dc----w- C:\Users\MsKhan\AppData\Local\Programs
2012-10-28 21:12:45 -------- dc----w- C:\ProgramData\TOSHIBA Tempro
2012-10-28 21:12:45 -------- dc----w- C:\ProgramData\IsolatedStorage
2012-10-28 20:43:55 -------- dc----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-28 20:43:55 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-28 20:28:35 -------- dc----w- C:\Users\MsKhan\AppData\Local\Google
2012-10-28 18:34:39 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-10-28 18:34:38 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-10-28 18:34:38 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-10-28 18:25:25 -------- dc----w- C:\Users\MsKhan\AppData\Local\Adobe
2012-10-28 18:21:28 -------- dc----w- C:\Users\MsKhan\AppData\Local\SRS Labs
2012-10-28 18:21:20 -------- dc----w- C:\Users\MsKhan\AppData\Local\ATI
2012-10-28 18:21:14 -------- dc----w- C:\Users\MsKhan\AppData\Local\TOSHIBA
2012-10-28 18:20:47 -------- dc----w- C:\Users\MsKhan\AppData\Local\VirtualStore
2012-10-28 18:20:00 -------- dc----w- C:\Users\MsKhan\AppData\Roaming\WinBatch
.
==================== Find3M ====================
.
2012-11-04 06:13:16 73656 -c--a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 06:13:16 696760 -c--a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-29 08:50:02 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-10-29 08:49:53 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-10-29 08:49:53 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-10-29 08:48:10 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-10-29 08:48:10 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-10-29 08:48:10 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-10-29 08:48:10 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-10-29 07:34:24 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-10-29 07:34:24 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-10-29 07:16:19 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-10-29 07:15:44 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-10-29 07:15:44 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-10-29 07:15:44 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-29 07:06:08 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-10-29 07:06:08 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-10-29 07:05:24 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-29 07:05:24 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-29 07:05:24 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-29 07:05:24 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-29 07:05:16 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-29 07:05:10 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-10-29 07:05:10 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-29 07:05:10 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-29 07:05:10 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-29 07:05:09 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-29 07:05:09 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-29 07:05:09 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-29 06:52:30 59392 ----a-w- C:\windows\System32\browcli.dll
2012-10-29 06:52:30 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-10-29 06:52:30 136704 ----a-w- C:\windows\System32\browser.dll
2012-10-29 06:52:24 503808 ----a-w- C:\windows\System32\srcore.dll
2012-10-29 06:52:24 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-10-29 06:44:34 956928 ----a-w- C:\windows\System32\localspl.dll
2012-10-29 06:44:13 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-10-29 06:44:13 1133568 ----a-w- C:\windows\System32\cdosys.dll
.
============= FINISH: 19:08:46.57 ===============



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-05 19:19:03
-----------------------------
19:19:03.004 OS Version: Windows x64 6.1.7601 Service Pack 1
19:19:03.004 Number of processors: 4 586 0x2A07
19:19:03.004 ComputerName: GIZMO UserName:
19:19:04.408 Initialize success
19:52:53.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:52:53.693 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
19:52:53.709 Disk 0 MBR read successfully
19:52:53.709 Disk 0 MBR scan
19:52:53.709 Disk 0 Windows VISTA default MBR code
19:52:53.724 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:52:53.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 592877 MB offset 3074048
19:52:53.771 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 16102 MB offset 1217286144
19:52:53.802 Disk 0 scanning C:\windows\system32\drivers
19:52:59.902 Service scanning
19:53:26.016 Modules scanning
19:53:26.032 Disk 0 trace - called modules:
19:53:26.063 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:53:26.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800508d790]
19:53:26.593 3 CLASSPNP.SYS[fffff88001c7543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005091050]
19:53:26.593 Scan finished successfully
19:53:39.526 Disk 0 MBR has been saved successfully to "C:\Users\MsKhan\Desktop\MBR.dat"
19:53:39.526 The log file has been saved successfully to "C:\Users\MsKhan\Desktop\aswMBR.txt"

Blade81
2012-11-19, 18:39
Hi,

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked. Let it scan the external hard drive too.
Click Scan
Wait for the scan to finish and post back the results back here.

MsKhan
2012-11-21, 13:51
Hi !

Thank you very much for the response :-)

Since I could not wait much longer (in the absence of response) I have installed several softwares that I needed after starting the thread. Only the regular utility stuff like Open Office, Audacity etc.

I ran the Online scanner as instructed twice.

The first time around it took +4hrs to complete 33% (with the external hard disk plugged in), I had to be on road so shut the lid of the laptop and when I opened it again, within 5-6 minutes it completed the rest of the scan starting from 33% :-(

I was not sure if I did a mistake, so I ran the scan again with new signatures downloaded on the 2nd run (without uninstalling it first), the whole scan completed within two and half hrs something.

It said there was no threat detected and I closed it. There was no report or anything like that.

Did I do it right ? :-(

(please bear with me, obviously I am no computer geek :-( )

MsKhan
2012-11-21, 13:57
Oops ! I just read your reply again, you had asked me to use internet explorer, and in a hurry I though that it meant internet explorer should be installed already.

Did you mean that I should download the Online scanner via internet explorer and then scan ?

Awaiting your reply.

Blade81
2012-11-21, 18:38
It said there was no threat detected and I closed it. There was no report or anything like that.

Did I do it right ? :-(
Sounds like you did it right :) If no infections was found I believe it's ok to use the system now.



Oops ! I just read your reply again, you had asked me to use internet explorer, and in a hurry I though that it meant internet explorer should be installed already.

Did you mean that I should download the Online scanner via internet explorer and then scan ?
Yes but it's ok that you did it with Firefox already. Main thing is that you were able to run the scanner :)

MsKhan
2012-11-22, 12:02
Hmm...

That's a relief !

Thank You So Much for your time and support !:thanks: :thanks: :thanks:

God Bless ! :)

Blade81
2012-11-22, 14:01
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.