Jump to content

HELP! ad.xtendmedia.com infection


Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

 

 

 

I need to get some reports to get a base to start from so I need you to run these programs first.

 

-DeFogger-

  • Please download
DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

 

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:
    dds_scr.gif
    Download DDS and save it to your desktop
Link1
Link2
Link3
 
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt

    [*]A window will open instructing you save & post the logs

    [*]Save the logs to a convenient place such as your desktop

    [*]Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following
  1. both reports from DDS
  2. report from security check
  3. let me know of any problems you may have had

Gringo

 

 

Link to post
Share on other sites

Firstly, thanks for the quick reply.

As requested...

(Security check content) checkup.txt

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.1.1

Java 6 Update 20

Java 7 Update 13

Java version out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 10.1.4 Adobe Reader out of Date!

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

McAfee Online Backup MOBKbackup.exe

TOSHIBA TOSHIBA Online Product Information TOPI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2

Run by Peter at 3:49:21 on 2013-02-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3891.1713 [GMT 0:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\PROGRA~1\McAfee\MSC\McAPExe.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

c:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Users\Peter\Desktop\SecurityCheck.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [NwTray] "C:\Users\Peter\AppData\Roaming\torrent\NwTray.exe"

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [Conime] C:\Windows\System32\conime.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{CA94AE86-EE0B-4F65-B575-F52C105990E3} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{CA94AE86-EE0B-4F65-B575-F52C105990E3}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{CD633638-8A75-4505-B512-82D6B98E9981} : DHCPNameServer = 100.100.0.102

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = userinit.exe,

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [TosNC] CCORE.EXE

x64-Run: [TosReelTimeMonitor] ITOR.EXE

x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

x64-Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE

x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE

x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [TPwrMain] .EXE

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] .EXE

x64-Run: [synTPEnh] H.EXE

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [Toshiba Registration] DER.EXE

x64-Run: [McPvTray] TI-THEFT\MCPVTRAY.EXE

x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 199.193.118.246 www.google-analytics.com.

Hosts: 199.193.118.246 ad-emea.doubleclick.net.

Hosts: 199.193.118.246 www.statcounter.com.

Hosts: 199.193.118.246 connect.facebook.net.

Hosts: 93.115.241.27 www.google-analytics.com.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 339776]

R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2012-4-13 66040]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-13 220856]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-3-17 1811456]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-19 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-13 220856]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-13 220856]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-13 220856]

R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2012-10-19 74120]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2012-12-13 1007288]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-12-13 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-13 177680]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-17 2320920]

R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2012-3-17 20592]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-3-17 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 515528]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2012-11-2 328976]

R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-3-17 38096]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-26 344680]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-17 1103464]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-8-5 284016]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-13 220856]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 69672]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-13 197264]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2012-11-2 97208]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-17 232992]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-17 51512]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-22 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-02-01 22:53:56 -------- d-----w- C:\Users\Peter\AppData\Roaming\Malwarebytes

2013-02-01 22:53:29 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-01 22:53:08 -------- d-----w- C:\Users\Peter\AppData\Local\Programs

2013-02-01 22:02:34 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-01 22:00:06 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-01 21:02:24 39184 ----a-w- C:\Windows\System32\Partizan.exe

2013-02-01 20:57:16 -------- d-----w- C:\ProgramData\RegRun

2013-02-01 20:57:07 2 --shatr- C:\Windows\winstart.bat

2013-02-01 20:56:56 -------- d-----w- C:\Program Files (x86)\UnHackMe

2013-02-01 19:37:49 -------- d-----w- C:\Users\Peter\AppData\Roaming\SUPERAntiSpyware.com

2013-02-01 19:30:14 -------- d-----w- C:\ProgramData\XoftSpySE

2013-01-29 21:08:21 -------- d-----w- C:\ProgramData\kds_kodak

2013-01-29 21:07:10 -------- d-----w- C:\ProgramData\Eastman Kodak Company

2013-01-29 21:06:40 -------- d-----w- C:\Users\Peter\AppData\Local\Eastman_Kodak_Company

2013-01-29 20:59:42 228864 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2013-01-29 20:45:20 -------- d-----w- C:\Users\Peter\AppData\Local\KODAK

2013-01-29 20:45:11 -------- d-----w- C:\Users\Peter\AppData\Local\Eastman Kodak Company

2013-01-29 20:44:16 -------- d-----w- C:\Windows\SysWow64\kodak

2013-01-29 20:43:42 -------- d-----w- C:\Windows\SysWow64\spool

2013-01-29 20:43:34 -------- d-----w- C:\Program Files (x86)\Kodak

2013-01-29 20:37:26 -------- d-----w- C:\Users\Peter\AppData\Roaming\KODAK AiO Home Center1781013884

2013-01-29 20:35:05 -------- d-----w- C:\Users\Peter\AppData\Roaming\Temp

2013-01-29 17:38:07 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2013-01-29 14:34:20 -------- d-----w- C:\ProgramData\Kodak

2013-01-29 14:33:25 -------- d-----w- C:\Windows\System32\kodak

2013-01-11 21:22:01 -------- d-----w- C:\Users\Peter\AppData\Roaming\Upzuf

2013-01-11 21:22:01 -------- d-----w- C:\Users\Peter\AppData\Roaming\Sootle

2013-01-11 21:22:00 -------- d-----w- C:\Users\Peter\AppData\Roaming\Paud

2013-01-11 15:13:12 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-01-10 16:01:12 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-10 16:01:12 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-10 16:01:10 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-10 16:01:10 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-10 16:01:08 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-10 16:01:07 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-10 16:01:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-10 16:01:07 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-10 15:58:57 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-10 15:57:59 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-10 15:57:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-08 18:30:36 -------- d-----w- C:\Users\Peter\AppData\Roaming\torrent

2013-01-03 22:56:36 -------- d-----w- C:\c232hm

2013-01-03 20:28:19 -------- d-----w- C:\Users\Peter\AppData\Local\Eclipse

2013-01-03 20:27:30 -------- d-----w- C:\Users\Peter\workspace

2013-01-03 20:19:25 -------- d-----w- C:\eclipse

2013-01-03 20:10:24 959976 ----a-w- C:\Windows\System32\deployJava1.dll

2013-01-03 20:10:24 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-01-03 20:10:16 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-01-03 18:40:04 -------- d-----w- C:\MinGW

.

==================== Find3M ====================

.

2013-02-01 22:02:07 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-01 22:02:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-01-11 15:13:52 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 15:13:52 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 06:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-11-09 06:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-11-09 06:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe

2012-11-09 06:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-11-09 06:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-11-09 06:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-11-09 06:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 3:49:44.86 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 13/04/2012 19:41:26

System Uptime: 02/02/2013 02:59:11 (1 hours ago)

.

Motherboard: TOSHIBA | | PWWAA

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU | 2533/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 248.953 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 289.709 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP47: 10/01/2013 16:07:00 - Windows Update

RP48: 19/01/2013 14:54:48 - Scheduled Checkpoint

RP49: 28/01/2013 23:37:56 - Scheduled Checkpoint

RP50: 29/01/2013 20:58:58 - Windows Update

RP51: 01/02/2013 21:01:16 - RegRun Virus Scan

RP52: 01/02/2013 21:05:33 - RegRun Virus Scan

RP53: 01/02/2013 21:54:36 - RegRun Virus Scan

RP54: 01/02/2013 22:01:15 - Installed Java 7 Update 13

RP55: 02/02/2013 01:52:36 - Installed Microsoft Fix it 50267

.

==== Hosts File Hijack ======================

.

Hosts: 199.193.118.246 www.google-analytics.com.

Hosts: 199.193.118.246 ad-emea.doubleclick.net.

Hosts: 199.193.118.246 www.statcounter.com.

Hosts: 199.193.118.246 connect.facebook.net.

Hosts: 93.115.241.27 www.google-analytics.com.

Hosts: 93.115.241.27 ad-emea.doubleclick.net.

Hosts: 93.115.241.27 www.statcounter.com.

Hosts: 93.115.241.27 connect.facebook.net.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

aiofw

aioprnt

aioscnnr

Apple Software Update

Bejeweled 2 Deluxe

Bejeweled 3

Bonjour

center

Chicken Invaders 3 - Revenge of the Yolk

Chuzzle Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue

FATE

Final Drive: Nitro

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High-Definition Video Playback

Insaniquarium Deluxe

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

IP Camera Adapter

Java 7 Update 10 (64-bit)

Java 7 Update 13

Java Auto Updater

Java SE Development Kit 7 Update 10 (64-bit)

Java 6 Update 20

JavaFX 2.1.1

Junk Mail filter update

KODAK AiO Home Centre

ksDIP

LogMeIn Hamachi

Macromedia Extension Manager

Macromedia Fireworks 8

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Macromedia Flash Player 8 Plugin

McAfee Anti-Theft

McAfee Online Backup

McAfee Total Protection

McAfee Virtual Technician

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Need For Speed™ World

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Kwik Media

Nero Multimedia Suite 10 Essentials

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

NeroKwikMedia Help (CHM)

Norton Security Scan

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

Polar Bowler

PreReq

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x64

Skype™ 6.1

Slingo Deluxe

swMSM

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Manuals

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Online Product Information

TOSHIBA Places Icon Utility

TOSHIBA Recovery Media Creator

TOSHIBA Recovery Media Creator Reminder

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA TEMPRO

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

TRORMCLauncher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Utility Common Driver

Wedding Dash 2 - Rings Around the World

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

28/01/2013 16:09:50, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.

28/01/2013 16:04:31, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

28/01/2013 16:02:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

28/01/2013 15:53:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

02/02/2013 03:18:21, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

02/02/2013 03:18:21, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.

02/02/2013 03:14:17, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

02/02/2013 03:14:17, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

02/02/2013 03:13:09, Error: Service Control Manager [7034] - The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).

02/02/2013 03:12:46, Error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).

02/02/2013 03:12:45, Error: Service Control Manager [7034] - The ConfigFree WiMAX Service service terminated unexpectedly. It has done this 1 time(s).

02/02/2013 03:12:44, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

02/02/2013 00:52:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

02/02/2013 00:52:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}

02/02/2013 00:52:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

02/02/2013 00:51:00, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

02/02/2013 00:50:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

02/02/2013 00:50:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

02/02/2013 00:50:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

02/02/2013 00:50:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

02/02/2013 00:50:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter spldr Wanarpv6

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

 

Hello

 

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

 

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

  • Staff

 

Hello

 

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

 

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

The Roguekiller kept saying 'not responding' so i was not abke to follow through with rest of the instructions. but below is the AdwCleaner txt.

AdwCleaner txt

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 04:08:38

# Updated 26/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Peter - PETER-TOSH

# Boot Mode : Normal

# Running from : C:\Users\Peter\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [886 octets] - [02/02/2013 04:08:38]

########## EOF - C:\AdwCleaner[s1].txt - [945 octets] ##########

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Combofix Log

ComboFix 13-02-01.04 - Peter 02/02/2013 4:50.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3891.2222 [GMT 0:00]

Running from: c:\users\Peter\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Peter\AppData\Local\installer.log

.

.

((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))

.

.

2013-02-01 22:53 . 2013-02-01 22:53 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes

2013-02-01 22:53 . 2013-02-01 22:53 -------- d-----w- c:\programdata\Malwarebytes

2013-02-01 22:53 . 2013-02-01 22:53 -------- d-----w- c:\users\Peter\AppData\Local\Programs

2013-02-01 22:02 . 2013-02-01 22:02 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-01 22:00 . 2013-02-01 22:00 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-02-01 22:00 . 2013-02-01 22:00 -------- d-----r- c:\program files (x86)\Skype

2013-02-01 21:02 . 2013-02-01 21:02 39184 ----a-w- c:\windows\system32\Partizan.exe

2013-02-01 20:57 . 2013-02-01 22:48 -------- d-----w- c:\programdata\RegRun

2013-02-01 20:57 . 2013-02-01 20:57 2 --shatr- c:\windows\winstart.bat

2013-02-01 20:56 . 2013-02-01 22:48 -------- d-----w- c:\program files (x86)\UnHackMe

2013-02-01 19:37 . 2013-02-01 19:37 -------- d-----w- c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com

2013-02-01 19:30 . 2013-02-01 19:30 -------- d-----w- c:\programdata\XoftSpySE

2013-01-29 21:08 . 2013-01-29 21:08 -------- d-----w- c:\programdata\kds_kodak

2013-01-29 21:07 . 2013-01-29 21:07 -------- d-----w- c:\programdata\Eastman Kodak Company

2013-01-29 21:06 . 2013-01-29 21:06 -------- d-----w- c:\users\Peter\AppData\Local\Eastman_Kodak_Company

2013-01-29 20:59 . 2009-08-03 09:32 228864 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2013-01-29 20:45 . 2013-01-29 20:45 -------- d-----w- c:\users\Peter\AppData\Local\KODAK

2013-01-29 20:45 . 2013-01-29 20:45 -------- d-----w- c:\users\Peter\AppData\Local\Eastman Kodak Company

2013-01-29 20:44 . 2013-01-29 20:44 -------- d-----w- c:\windows\SysWow64\kodak

2013-01-29 20:43 . 2013-01-29 20:43 -------- d-----w- c:\windows\SysWow64\spool

2013-01-29 20:43 . 2013-01-29 20:44 -------- d-----w- c:\program files (x86)\Kodak

2013-01-29 20:37 . 2013-01-29 20:37 -------- d-----w- c:\users\Peter\AppData\Roaming\KODAK AiO Home Center1781013884

2013-01-29 17:38 . 2013-01-29 17:38 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2013-01-29 14:34 . 2013-02-02 05:01 -------- d-----w- c:\programdata\Kodak

2013-01-29 14:33 . 2013-01-29 14:33 -------- d-----w- c:\windows\system32\kodak

2013-01-11 21:22 . 2013-01-19 14:44 -------- d-----w- c:\users\Peter\AppData\Roaming\Upzuf

2013-01-11 21:22 . 2013-01-11 21:22 -------- d-----w- c:\users\Peter\AppData\Roaming\Sootle

2013-01-11 21:22 . 2013-02-01 15:37 -------- d-----w- c:\users\Peter\AppData\Roaming\Paud

2013-01-11 15:13 . 2013-01-11 15:13 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-01-10 16:01 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-10 16:01 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-10 16:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-10 16:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-10 16:01 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-10 16:01 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-10 16:01 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-10 16:01 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-10 15:58 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-10 15:57 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-10 15:57 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-08 18:30 . 2013-02-01 21:57 -------- d-----w- c:\users\Peter\AppData\Roaming\torrent

2013-01-03 22:56 . 2013-01-03 23:34 -------- d-----w- C:\c232hm

2013-01-03 20:28 . 2013-01-03 20:28 -------- d-----w- c:\users\Peter\AppData\Local\Eclipse

2013-01-03 20:27 . 2013-01-03 20:34 -------- d-----w- c:\users\Peter\workspace

2013-01-03 20:19 . 2013-02-02 01:45 -------- d-----w- C:\eclipse

2013-01-03 20:10 . 2013-01-03 20:10 959976 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-03 20:10 . 2013-01-03 20:10 308200 ----a-w- c:\windows\system32\javaws.exe

2013-01-03 20:10 . 2013-01-03 20:10 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-03 20:10 . 2013-01-03 20:10 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-01-03 20:10 . 2013-01-03 20:10 188392 ----a-w- c:\windows\system32\javaw.exe

2013-01-03 20:10 . 2013-01-03 20:10 188392 ----a-w- c:\windows\system32\java.exe

2013-01-03 20:09 . 2013-01-03 20:10 -------- d-----w- c:\program files\Java

2013-01-03 18:40 . 2013-01-29 22:49 -------- d-----w- C:\MinGW

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-01 22:02 . 2012-07-16 21:43 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-01 22:02 . 2011-07-26 09:12 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-11 15:13 . 2012-08-01 17:53 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 15:13 . 2012-08-01 17:53 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-10 16:09 . 2012-06-08 16:03 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-01 20:00 . 2013-01-01 20:00 45056 ----a-r- c:\users\Peter\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe

2013-01-01 20:00 . 2013-01-01 20:00 45056 ----a-r- c:\users\Peter\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe

2012-12-16 17:11 . 2012-12-21 15:22 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 15:22 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 15:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 15:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-11-30 04:45 . 2013-01-10 15:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 07:06 . 2012-12-12 09:50 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-12 09:50 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-12 09:50 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-12 09:50 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-12 09:50 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-12 09:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-12 09:50 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-12 09:50 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-12 09:50 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-12 09:50 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-12 09:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-12 09:50 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-12 09:50 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-12 09:50 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-12 09:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-12 09:50 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-12 09:50 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-12 09:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-12 09:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-12 09:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-12 09:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-12 09:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 06:40 . 2012-11-09 06:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 06:37 . 2012-11-09 06:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 06:37 . 2012-12-13 20:44 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 06:35 . 2012-11-09 06:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 06:34 . 2012-11-09 06:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 06:34 . 2012-11-09 06:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 06:33 . 2012-11-09 06:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-09 05:45 . 2012-12-12 08:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 08:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-26 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-7-26 1492352]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 66040]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-03-17 20592]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-02 1103464]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-01 12:11 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 15:13]

.

2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 09:41]

.

2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 09:41]

.

2013-01-29 c:\windows\Tasks\Norton Security Scan for Peter.job

- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-09-04 03:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-NwTray - c:\users\Peter\AppData\Roaming\torrent\NwTray.exe

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

Toolbar-Locked - (no file)

HKLM-Run-TosNC - CCORE.EXE

HKLM-Run-TosReelTimeMonitor - ITOR.EXE

HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE

HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE

HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE

HKLM-Run-TPwrMain - .EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - .EXE

HKLM-Run-SynTPEnh - H.EXE

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-Toshiba Registration - DER.EXE

HKLM-Run-McPvTray - TI-THEFT\MCPVTRAY.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-2663974615-227119946-43542785-1001)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-2663974615-227119946-43542785-1001)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2663974615-227119946-43542785-1001)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (S-1-5-21-2663974615-227119946-43542785-1001)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.SVG"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-2663974615-227119946-43542785-1001)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.XHT"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-2663974615-227119946-43542785-1001)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.XHT"

.

[HKEY_USERS\S-1-5-21-2663974615-227119946-43542785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

.

**************************************************************************

.

Completion time: 2013-02-02 05:17:54 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-02 05:17

.

Pre-Run: 266,926,313,472 bytes free

Post-Run: 266,832,662,528 bytes free

.

- - End Of File - - 0F75EB44FD5AD13878F4BD20133CF054

And that seems to have worked perfectly..

Link to post
Share on other sites

  • Staff

 

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

 

 

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.