Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Codec C infection/computer still slow (45min startup)


  • This topic is locked This topic is locked
17 replies to this topic

#1 Kamietus

Kamietus

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 May 2013 - 06:02 PM

I was/possibly still am infected with a Codec C virus, and also recently developed an internet "Check out this site!" virus. Basically, I open up firefox, it goes to my homescreen, and then the top of the screen flashes "Check out this site!" and I cant click on anything.

 

I am running Windows 7, on my laptop, and it is running incredibly slow. It has improved sinse removing the Codec C, however it is still nowhere near up to par. I just started the computer, and it took roughly 45 minutes to get to the log in screen, and then about an hour to log on. This is an improvement from the 14hrs it took before just to get to the log in screen.

 

Anyways, here is my log. Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Crosby at 17:34:07 on 2013-05-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.1603 [GMT -5:00]
.
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\McAfee\MSC\mcsvrcnt.exe
c:\PROGRA~2\mcafee\msc\mcupdui.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRENDM~1.LNK - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\05169747F6E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\2454354502755435455425E4 : DHCPNameServer = 0.0.0.0
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\2454354502755435455425E40263 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\342716E626572797021337470223E243 : DHCPNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\342716E6265727970223E6460266C6F6F627 : DHCPNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\44F65726C6560234 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Crosby\AppData\Roaming\Mozilla\Firefox\Profiles\vw8iputy.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.toshiba.com/g/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Crosby\AppData\Roaming\Mozilla\Firefox\Profiles\vw8iputy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-04-22 11:47; text_links@arcadeweb.com; C:\Users\Crosby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130502.011\BHDrvx64.sys [2013-5-13 1390680]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130527.011\IDSviA64.sys [2013-5-27 513184]
R1 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-6-20 307400]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-6-5 202752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-3-23 788000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-5 701512]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2012-6-20 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2012-6-20 153920]
R2 MSI_ComCenService;MSI_ComCenService;C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [2013-2-7 75280]
R2 MSI_SuiteCharger;MSI_SuiteCharger;C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [2013-2-7 122936]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-2-7 144008]
R2 MSIFileSyncMonitor;MSI FileSync Monitor;C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [2013-2-7 10752]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-1-24 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-6-5 126392]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-6-5 201872]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-11-3 143928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-30 138912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-2-5 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-6-20 102600]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-2-7 13368]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D;C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [2013-2-7 11080]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [2013-2-7 13368]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-5 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-2-7 676968]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-5 932384]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-5 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MSI_SuiteFastBoot;MSI_SuiteFastBoot;C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [2013-2-7 105016]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdk;McAfee Inc. mferkdk;C:\windows\System32\drivers\mferkdk.sys [2012-6-20 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\System32\drivers\mfesmfk.sys [2012-6-20 49480]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;C:\MSI\MSI SUITE\NTIOLib_X64.sys [2013-2-7 11888]
S3 OnlineStorageService;OnlineStorageService;C:\Program Files\Trend Micro SafeSync\hrfscore.exe [2013-2-7 7908664]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-27 19456]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-4-25 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-5 232992]
S3 SIUSBXP;SIUSBXP;C:\windows\System32\drivers\SiUSBXp.sys [2012-3-23 26856]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-11-3 34352]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-27 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S4 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2012-6-20 606736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-28 00:17:22    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{841545EB-2E4F-48F9-A2CF-82A7C1D15AAB}\mpengine.dll
2013-05-15 02:36:59    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-05-15 02:36:58    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-15 02:36:58    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-05-15 02:36:58    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-15 02:36:56    1767424    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-05-15 02:36:55    2242048    ----a-w-    C:\windows\System32\wininet.dll
2013-05-14 22:14:16    983400    ----a-w-    C:\windows\System32\drivers\dxgkrnl.sys
2013-05-14 22:14:15    265064    ----a-w-    C:\windows\System32\drivers\dxgmms1.sys
2013-05-14 22:14:15    144384    ----a-w-    C:\windows\System32\cdd.dll
2013-05-14 22:13:36    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-05-14 22:13:27    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-05-14 22:13:27    111448    ----a-w-    C:\windows\System32\consent.exe
2013-05-14 22:13:25    70144    ----a-w-    C:\windows\System32\appinfo.dll
2013-05-14 22:12:31    48640    ----a-w-    C:\windows\System32\wwanprotdim.dll
2013-05-14 22:12:31    230400    ----a-w-    C:\windows\System32\wwansvc.dll
2013-05-14 22:12:27    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-05-14 22:10:07    9460464    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-05-14 23:08:27    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 23:08:27    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-04-26 02:04:13    95648    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 02:04:11    866720    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-04-26 02:04:11    788896    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-04-05 06:50:31    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\windows\System32\smss.exe
.
============= FINISH: 17:36:48.96 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 31 May 2013 - 08:58 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 31 May 2013 - 09:34 PM

Good evening m0le,

I am here and awaiting your instructions. Thanks for taking the time to help me out with this.

#4 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 01 June 2013 - 12:38 AM

Unfortunately, my computer crashed and required a computer restore which backdated everything a month. I ran DDS again because I want to make sure you have the most current information, so here it is. Sorry for the inconvenience!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Crosby at 23:42:29 on 2013-05-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.1657 [GMT -5:00]
.
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\windows\system32\SearchIndexer.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\DoScan.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wuauclt.exe
C:\windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.151.1281.0.exe
C:\windows\system32\MpSigStub.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\System32\cscript.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRENDM~1.LNK - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\05169747F6E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\2454354502755435455425E4 : DHCPNameServer = 0.0.0.0
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\2454354502755435455425E40263 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\342716E626572797021337470223E243 : DHCPNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\342716E6265727970223E6460266C6F6F627 : DHCPNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\44F65726C6560234 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC0DFB99-01DE-467A-A6EC-4754AEB6D3FB}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Crosby\AppData\Roaming\Mozilla\Firefox\Profiles\vw8iputy.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.toshiba.com/g/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Crosby\AppData\Roaming\Mozilla\Firefox\Profiles\vw8iputy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-04-22 11:47; text_links@arcadeweb.com; C:\Users\Crosby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130521.011_11d\BHDrvx64.sys [2013-5-21 1390680]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130530.011\IDSviA64.sys [2013-5-30 513184]
R1 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-6-20 307400]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-30 138912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-2-5 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-6-20 102600]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D;C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [2013-2-7 11080]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-5 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-2-7 676968]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-5 932384]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 mferkdk;McAfee Inc. mferkdk;C:\windows\System32\drivers\mferkdk.sys [2012-6-20 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\System32\drivers\mfesmfk.sys [2012-6-20 49480]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;C:\MSI\MSI SUITE\NTIOLib_X64.sys [2013-2-7 11888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-27 19456]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-4-25 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-5 232992]
S3 SIUSBXP;SIUSBXP;C:\windows\System32\drivers\SiUSBXp.sys [2012-3-23 26856]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-11-3 34352]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-27 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
.
=============== Created Last 30 ================
.
2013-06-01 04:21:28    262552    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-01 04:20:47    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9557E469-A9CA-4196-817E-59FEF3A12B47}\mpengine.dll
2013-05-30 23:43:15    983400    ----a-w-    C:\windows\System32\drivers\dxgkrnl.sys
2013-05-30 23:43:15    265064    ----a-w-    C:\windows\System32\drivers\dxgmms1.sys
2013-05-30 23:43:15    144384    ----a-w-    C:\windows\System32\cdd.dll
2013-05-30 23:40:09    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-05-30 23:40:08    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-05-30 23:40:08    111448    ----a-w-    C:\windows\System32\consent.exe
2013-05-30 23:40:06    70144    ----a-w-    C:\windows\System32\appinfo.dll
2013-05-30 23:38:37    230400    ----a-w-    C:\windows\System32\wwansvc.dll
2013-05-30 23:38:36    48640    ----a-w-    C:\windows\System32\wwanprotdim.dll
2013-05-30 23:38:11    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-05-30 23:13:44    9460464    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE856105-C8E4-4BB7-9A1F-313E60A0FB26}\mpengine.dll
2013-05-30 21:47:54    9317456    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 02:37:14    235520    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
.
==================== Find3M  ====================
.
2013-05-14 23:08:27    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 23:08:27    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-04-26 02:04:13    95648    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 02:04:11    866720    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-04-26 02:04:11    788896    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14    2242048    ----a-w-    C:\windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\windows\System32\smss.exe
.
============= FINISH:  0:29:37.56 ===============
 



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 01 June 2013 - 07:21 PM

It sounds like you may have some leftovers. Let's try and run a tool outside of normal mode where the problems are

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Scan your computer's memory for errors.
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.


Posted Image
m0le is a proud member of UNITE

#6 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 01 June 2013 - 11:56 PM

Here is the FRST64 scan log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02
Ran by SYSTEM on 01-06-2013 23:48:46
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [1256080 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder [315392 2012-01-30] ()
HKLM-x32\...\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [507016 2012-12-21] (MSI)
HKLM-x32\...\Run: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe [576056 2012-07-05] ()
HKU\Crosby\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Crosby\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-31] (Google Inc.)
HKU\Crosby\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
ShortcutTarget: Trend Micro SafeSync.lnk -> C:\Program Files\Trend Micro SafeSync\HrfsClient.exe (Trend Micro Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S2 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [865832 2009-05-01] (McAfee, Inc.)
S2 McNASvc; c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe [2482848 2009-04-09] (McAfee, Inc.)
S3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [696848 2009-05-08] (McAfee, Inc.)
S2 McProxy; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [359952 2009-04-09] (McAfee, Inc.)
S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [153920 2009-05-13] (McAfee, Inc.)
S4 McSysmon; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [606736 2009-05-08] (McAfee, Inc.)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 MSIFileSyncMonitor; C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [10752 2012-04-23] ()
S2 MSI_ComCenService; C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [75280 2012-04-17] (MSI)
S2 MSI_SuiteCharger; C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [122936 2012-10-26] (MSI)
S2 MSI_SuiteFastBoot; C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [105016 2012-10-26] (MSI)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [144008 2012-12-21] (MSI)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-23] (Symantec Corporation)
S3 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7908664 2012-07-12] (Trend Micro Inc.)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll [132984 2009-08-29] (Symantec Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-02-19] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [103736 2012-02-19] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll [168912 2012-11-03] (Symantec Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
S2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130521.011_11d\BHDrvx64.sys [1390680 2013-05-20] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-27] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130530.011\IDSvia64.sys [513184 2013-05-30] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-05-13] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-05-13] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-05-13] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-05-13] (McAfee, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130530.017\ENG64.SYS [126040 2013-05-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130530.017\EX64.SYS [2098776 2013-05-30] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_C; C:\MSI\MSI SUITE\NTIOLib_X64.sys [11888 2012-03-30] (MSI)
S3 NTIOLib_1_0_D; C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [11080 2011-09-20] (MSI)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2011-11-29] (Duplex Secure Ltd.)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-01-27] (Symantec Corporation)
S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
S1 SRTSP; system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [x]
S1 SRTSPX; system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [x]
S0 SymDS; system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
S0 SymEFA; system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
S1 SymIRON; system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
S1 SYMNETS; system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
S1 SysPlant; system32\Drivers\SysPlant.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-01 23:48 - 2013-06-01 23:48 - 00000000 ____D C:\FRST
2013-06-01 10:40 - 2013-06-01 10:41 - 00002270 ____A C:\Users\Crosby\Desktop\Google Chrome.lnk
2013-05-31 21:30 - 2013-05-31 21:30 - 00011278 ____A C:\Users\Crosby\Desktop\attach.txt
2013-05-31 21:30 - 2013-05-31 21:29 - 00024399 ____A C:\Users\Crosby\Desktop\dds.txt
2013-05-31 20:35 - 2013-05-31 20:38 - 00688992 ____R (Swearware) C:\Users\Crosby\Downloads\dds.com
2013-05-30 18:56 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-30 18:56 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-30 18:56 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-30 18:56 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-30 18:56 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-30 18:56 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-30 18:56 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-30 18:56 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-30 18:56 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-30 18:56 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-30 18:56 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-30 18:56 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-30 18:55 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-30 18:55 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-30 18:55 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-30 18:55 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-30 15:43 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 15:43 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-30 15:43 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-30 15:40 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-30 15:40 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 15:40 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-30 15:40 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-30 15:40 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-30 15:40 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-30 15:40 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-30 15:40 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-30 15:38 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 15:38 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-30 15:38 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

==================== One Month Modified Files and Folders =======

2013-06-01 23:48 - 2013-06-01 23:48 - 00000000 ____D C:\FRST
2013-06-01 20:37 - 2012-06-20 05:19 - 00017601 ____A C:\Windows\System32\Config.MPF
2013-06-01 20:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-01 20:36 - 2009-07-13 20:51 - 00072697 ____A C:\Windows\setupact.log
2013-06-01 20:26 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 20:26 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 20:24 - 2011-06-04 21:26 - 01097713 ____A C:\Windows\WindowsUpdate.log
2013-06-01 20:24 - 2009-07-13 21:13 - 00005436 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 20:15 - 2012-04-19 13:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 20:15 - 2010-10-31 23:09 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-01 19:25 - 2011-11-13 10:30 - 00000000 ____D C:\Users\Crosby\AppData\Local\CrashDumps
2013-06-01 18:59 - 2010-10-31 23:09 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-01 18:57 - 2013-04-09 17:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-01 10:41 - 2013-06-01 10:40 - 00002270 ____A C:\Users\Crosby\Desktop\Google Chrome.lnk
2013-06-01 10:35 - 2012-05-05 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-31 21:30 - 2013-05-31 21:30 - 00011278 ____A C:\Users\Crosby\Desktop\attach.txt
2013-05-31 21:29 - 2013-05-31 21:30 - 00024399 ____A C:\Users\Crosby\Desktop\dds.txt
2013-05-31 20:38 - 2013-05-31 20:35 - 00688992 ____R (Swearware) C:\Users\Crosby\Downloads\dds.com
2013-05-31 20:21 - 2013-04-25 16:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-31 19:23 - 2009-07-13 20:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 19:41 - 2011-11-27 10:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-30 19:28 - 2011-06-04 21:13 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-28 21:24 - 2013-02-07 06:05 - 00000000 ____D C:\SuperChargerProfile
2013-05-28 21:24 - 2012-01-17 20:19 - 00000000 ____D C:\users\Guest
2013-05-28 21:24 - 2011-06-04 20:18 - 00000000 ____D C:\users\Crosby
2013-05-28 21:24 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-28 21:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-14 15:08 - 2012-04-19 13:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 15:08 - 2011-08-12 12:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-03 16:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-02 07:29 - 2011-07-05 08:58 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-04-26 14:40:50
Restore point made on: 2013-04-26 20:02:00
Restore point made on: 2013-04-27 06:43:24
Restore point made on: 2013-04-30 13:12:35
Restore point made on: 2013-04-30 16:00:26
Restore point made on: 2013-05-03 14:52:03
Restore point made on: 2013-05-14 13:32:35
Restore point made on: 2013-05-14 18:31:18
Restore point made on: 2013-05-30 18:47:13
Restore point made on: 2013-05-30 18:50:30

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3835.68 MB
Available physical RAM: 3268.96 MB
Total Pagefile: 3833.83 MB
Available Pagefile: 3255.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106050W0B) (Fixed) (Total:452.66 GB) (Free:148.72 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.69 GB) (Free:3.68 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 75A1DE07)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


Last Boot: 2013-05-30 19:11

==================== End Of Log ============================



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 02 June 2013 - 06:42 PM

Nothing untoward there. Please run adwcleaner - just a scan at this point please

 

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


Posted Image
m0le is a proud member of UNITE

#8 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 02 June 2013 - 07:20 PM

Here is the log from AdwCleaner by Xplode.

 

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 19:17:35
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Crosby - CROSBY-PC
# Boot Mode : Normal
# Running from : C:\Users\Crosby\Downloads\AdwCleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Crosby\AppData\Roaming\Mozilla\Firefox\Profiles\vw8iputy.default\prefs.js

Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,toolbar%40shopathome.com:5[...]

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Crosby\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5513 octets] - [09/04/2013 20:28:19]
AdwCleaner[R2].txt - [1023 octets] - [02/06/2013 19:17:35]
AdwCleaner[S1].txt - [5619 octets] - [09/04/2013 20:30:18]

########## EOF - C:\AdwCleaner[R2].txt - [1143 octets] ##########



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 03 June 2013 - 06:53 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Posted Image
m0le is a proud member of UNITE

#10 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 03 June 2013 - 07:17 PM

Here is the log.

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Crosby (administrator) on 03-06-2013 at 19:11:37
Running from "C:\Users\Crosby\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost,127.0.0.1"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Crosby-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DoubleC

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 88-25-2C-B9-FC-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : DoubleC
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 88-25-2C-B9-FC-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::19b4:bc70:eba6:53a3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, June 02, 2013 6:56:28 PM
   Lease Expires . . . . . . . . . . : Friday, July 11, 2149 1:40:15 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 310912300
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7C-CD-1E-1C-75-08-72-81-40
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 00031.geek.local
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 1C-75-08-72-81-40
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3C352238-80AB-4EF6-A1D4-FD69D2184EFA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c62:300a:b47b:269b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c62:300a:b47b:269b%22(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {45ACEACA-A462-4151-8A26-2C9576776718}:

   Connection-specific DNS Suffix  . : DoubleC
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.6%23(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {6E5732C7-18E1-420F-BF29-C431059461DB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.00031.geek.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  router.DoubleC
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4009:800::1007
      74.125.225.65
      74.125.225.70
      74.125.225.67
      74.125.225.68
      74.125.225.78
      74.125.225.72
      74.125.225.69
      74.125.225.64
      74.125.225.73
      74.125.225.71
      74.125.225.66


Pinging google.com [74.125.225.66] with 32 bytes of data:
Reply from 74.125.225.66: bytes=32 time=23ms TTL=54
Reply from 74.125.225.66: bytes=32 time=26ms TTL=54

Ping statistics for 74.125.225.66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 26ms, Average = 24ms
Server:  router.DoubleC
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=82ms TTL=51
Reply from 98.138.253.109: bytes=32 time=57ms TTL=51

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 82ms, Average = 69ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...88 25 2c b9 fc f2 ......Microsoft Virtual WiFi Miniport Adapter
 11...88 25 2c b9 fc f2 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 10...1c 75 08 72 81 40 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 22...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
 51...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.6    281
      192.168.2.6  255.255.255.255         On-link       192.168.2.6    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.6    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 22     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 22     58 2001::/32                On-link
 22    306 2001:0:4137:9e76:1c62:300a:b47b:269b/128
                                    On-link
 11    281 fe80::/64                On-link
 22    306 fe80::/64                On-link
 23    281 fe80::5efe:192.168.2.6/128
                                    On-link
 11    281 fe80::19b4:bc70:eba6:53a3/128
                                    On-link
 22    306 fe80::1c62:300a:b47b:269b/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
 22    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2013 07:03:20 PM) (Source: THSA) (User: )
Description:

Error: (06/02/2013 09:41:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15725

Error: (06/02/2013 09:41:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15725

Error: (06/02/2013 09:41:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/02/2013 07:15:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSI SUITE.exe, version: 1.0.28.0, time stamp: 0x50d45ea9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0x1958
Faulting application start time: 0xMSI SUITE.exe0
Faulting application path: MSI SUITE.exe1
Faulting module path: MSI SUITE.exe2
Report Id: MSI SUITE.exe3

Error: (06/02/2013 07:14:45 PM) (Source: .NET Runtime) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()

Error: (06/02/2013 07:05:03 PM) (Source: THSA) (User: )
Description:

Error: (06/01/2013 11:24:00 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/01/2013 11:24:00 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/01/2013 11:18:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (06/03/2013 07:03:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.

Error: (06/03/2013 07:03:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.

Error: (06/02/2013 07:11:38 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%16389

Error: (06/02/2013 07:11:12 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1070

Error: (06/02/2013 07:11:12 PM) (Source: DCOM) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (06/02/2013 07:11:09 PM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service hung on starting.

Error: (06/02/2013 07:10:56 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service hung on starting.

Error: (06/02/2013 07:09:26 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (06/02/2013 07:08:50 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/02/2013 07:06:26 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Management Client service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-04-09 19:48:57.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-09 19:48:56.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BitTorrent (Version: 7.2.1)
Bonjour (Version: 3.0.0.10)
Cake Mania - Lights, Camera, Action!™ (Version: 2.2.0.95)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562)
CCC Help Czech (Version: 2010.0315.1049.17562)
CCC Help Danish (Version: 2010.0315.1049.17562)
CCC Help Dutch (Version: 2010.0315.1049.17562)
CCC Help English (Version: 2010.0315.1049.17562)
CCC Help Finnish (Version: 2010.0315.1049.17562)
CCC Help French (Version: 2010.0315.1049.17562)
CCC Help German (Version: 2010.0315.1049.17562)
CCC Help Greek (Version: 2010.0315.1049.17562)
CCC Help Hungarian (Version: 2010.0315.1049.17562)
CCC Help Italian (Version: 2010.0315.1049.17562)
CCC Help Japanese (Version: 2010.0315.1049.17562)
CCC Help Korean (Version: 2010.0315.1049.17562)
CCC Help Norwegian (Version: 2010.0315.1049.17562)
CCC Help Polish (Version: 2010.0315.1049.17562)
CCC Help Portuguese (Version: 2010.0315.1049.17562)
CCC Help Russian (Version: 2010.0315.1049.17562)
CCC Help Spanish (Version: 2010.0315.1049.17562)
CCC Help Swedish (Version: 2010.0315.1049.17562)
CCC Help Thai (Version: 2010.0315.1049.17562)
CCC Help Turkish (Version: 2010.0315.1049.17562)
ccc-core-static (Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
CCleaner (Version: 4.01)
Chuzzle Deluxe (Version: 2.2.0.95)
cladDVD.NET v3.5.7 (Version: 3.5.7)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Toolbar (Version: 1.0.8.0552)
Dolphin 1.3 beta (Version: 1.3 beta)
EasyViewer (Version: 1.3.0.9)
FATE - The Traitor Soul (Version: 2.2.0.95)
FINAL FANTASY XI (Version: 1.010.0)
FINAL FANTASY XI: Chains of Promathia (Version: 1.27.0)
FINAL FANTASY XI: Rise of the Zilart (Version: 1.18.0)
FINAL FANTASY XI: Treasures of Aht Urhgan (Version: 1.35.0)
FINAL FANTASY XI: Wings of the Goddess (Version: 1.42.0)
FINAL FANTASY XIV (Version: 1.0.0000)
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0 (Version: 2.1.0)
Garmin City Navigator North America NT 2012.40 Update (Version: 15.40.0.0)
Garmin Lifetime Updater (Version: 2.1.11)
Google Chrome (Version: 27.0.1453.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Hoyle Casino Games 2011 (remove only)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.1.7)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Live Update 5 (Version: 5.0.101)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SecurityCenter
Media Go (Version: 1.8.121)
Media Go Video Playback Engine 1.64.107.02280 (Version: 1.64.107.02280)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSI SUITE (Version: 1.0.028)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton PC Checkup (Version: 3.0.2.90.0)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayOnline Viewer & Tetra Master (Version: 1.18.00)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PlayStation®Network Downloader (Version: 2.06.00741)
PlayStation®Store (Version: 4.3.3.12540)
Polar Bowler (Version: 2.2.0.95)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver (Version: 7.53.216.2012)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5992)
Realtek High Definition Audio Driver (Version: 6.0.1.6793)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Realtek WLAN Driver (Version: 2.00.0013)
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)
ShopAtHome.com Toolbar
SimCity 4 Deluxe
Skype Launcher (Version: 2.01)
Skype™ 5.10 (Version: 5.10.116)
Slingo Supreme (Version: 2.2.0.95)
Super-Charger (Version: 1.2.016)
Symantec Endpoint Protection (Version: 12.1.2015.2015)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.5271)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.11.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C)
TOSHIBA Hardware Setup (Version: 1.63.0.22C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.6.22)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.8.0)
Toshiba Online Backup (Version: 2.0.0.25)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.19.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Trend Micro SafeSync (Version: 5.1.0.1173)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Usb Lan Zheng Electronics Vibration Joystick (Version: 2007.08.17)
Utility Common Driver (Version: 1.0.52.1C)
VLC media player 1.1.5 (Version: 1.1.5)
WD SmartWare (Version: 1.4.5.5)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3835.68 MB
Available physical RAM: 2044.45 MB
Total Pagefile: 7669.55 MB
Available Pagefile: 5474.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.84 MB

========================= Partitions: =====================================

1 Drive c: (TI106050W0B) (Fixed) (Total:452.66 GB) (Free:148.3 GB) NTFS

========================= Users: ========================================

User accounts for \\CROSBY-PC

Administrator            Crosby                   Guest                    

========================= Minidump Files ==================================

No minidump file found


**** End of log ****



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 03 June 2013 - 07:47 PM

Please run Combofix next

 

Please download ComboFix from one of these locations:


* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.


Posted Image
m0le is a proud member of UNITE

#12 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 03 June 2013 - 08:59 PM

Here is the ComboFix log.

 

ComboFix 13-06-03.06 - Crosby 06/03/2013  20:14:27.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2233 [GMT -5:00]
Running from: c:\users\Crosby\Desktop\Comfix.exe.exe
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130602185343.359599
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-04 to 2013-06-04  )))))))))))))))))))))))))))))))
.
.
2013-06-04 01:30 . 2013-06-04 01:30    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-06-04 01:30 . 2013-06-04 01:30    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-06-04 01:30 . 2013-06-04 01:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-03 00:16 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8F3AA8E-27A6-4F28-BC6B-BFB2D50AB633}\mpengine.dll
2013-06-02 07:48 . 2013-06-02 07:48    --------    d-----w-    C:\FRST
2013-06-01 04:21 . 2013-06-01 04:21    262552    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-01 04:20 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 02:55 . 2013-04-05 06:50    19231232    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-31 02:55 . 2013-04-05 06:50    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-05-30 23:43 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-30 23:43 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-30 23:43 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-30 23:40 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-30 23:40 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-30 23:40 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-30 23:40 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-30 23:40 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-30 23:40 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-30 23:38 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-30 23:38 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-30 23:38 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 02:37 . 2013-04-05 05:26    235520    ----a-w-    c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 03:28 . 2011-06-05 05:13    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-30 22:39 . 2010-06-24 18:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-14 23:08 . 2012-04-19 21:19    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 23:08 . 2011-08-12 20:40    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2011-07-05 16:58    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-27 15:49 . 2013-04-27 15:49    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-27 15:49 . 2013-04-27 15:49    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-27 15:49 . 2013-04-27 15:49    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-27 15:49 . 2013-04-27 15:49    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-27 15:49 . 2013-04-27 15:49    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-27 15:49 . 2013-04-27 15:49    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-27 15:49 . 2013-04-27 15:49    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-27 15:49 . 2013-04-27 15:49    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-27 15:49 . 2013-04-27 15:49    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-27 15:49 . 2013-04-27 15:49    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-27 15:49 . 2013-04-27 15:49    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-27 15:49 . 2013-04-27 15:49    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-27 15:49 . 2013-04-27 15:49    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-27 15:49 . 2013-04-27 15:49    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-27 15:49 . 2013-04-27 15:49    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-27 15:49 . 2013-04-27 15:49    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-27 15:49 . 2013-04-27 15:49    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-27 15:49 . 2013-04-27 15:49    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-27 15:49 . 2013-04-27 15:49    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-27 15:49 . 2013-04-27 15:49    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-27 15:49 . 2013-04-27 15:49    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-27 15:49 . 2013-04-27 15:49    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-27 15:49 . 2013-04-27 15:49    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-27 15:49 . 2013-04-27 15:49    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-27 15:49 . 2013-04-27 15:49    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-27 15:49 . 2013-04-27 15:49    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-27 15:49 . 2013-04-27 15:49    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-27 15:49 . 2013-04-27 15:49    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-27 15:49 . 2013-04-27 15:49    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-27 15:49 . 2013-04-27 15:49    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-27 15:49 . 2013-04-27 15:49    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-27 15:49 . 2013-04-27 15:49    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-27 15:49 . 2013-04-27 15:49    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-27 15:49 . 2013-04-27 15:49    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-27 15:49 . 2013-04-27 15:49    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-27 15:49 . 2013-04-27 15:49    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-27 15:49 . 2013-04-27 15:49    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-27 15:49 . 2013-04-27 15:49    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-27 15:49 . 2013-04-27 15:49    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-27 15:49 . 2013-04-27 15:49    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-27 15:49 . 2013-04-27 15:49    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-27 15:49 . 2013-04-27 15:49    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-27 15:49 . 2013-04-27 15:49    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-27 15:49 . 2013-04-27 15:49    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-27 15:49 . 2013-04-27 15:49    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-27 15:49 . 2013-04-27 15:49    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-27 15:49 . 2013-04-27 15:49    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-27 15:49 . 2013-04-27 15:49    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-27 15:49 . 2013-04-27 15:49    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-26 02:04 . 2013-04-26 02:04    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 02:04 . 2013-04-26 02:04    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-26 02:04 . 2012-04-26 17:08    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-30 23:42    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-30 23:42    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-30 23:42    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-30 23:42    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-30 23:42    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-30 23:42    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 19:21    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 19:50 . 2013-02-05 21:36    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 06:45    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:45    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:45    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:45    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:45    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:45    112640    ----a-w-    c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 19:22    1186616    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 19:22    1186616    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 19:22    1186616    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 19:22    1186616    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 19:22    1186616    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 19:22    1186616    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-12-21 507016]
"MSI Suite"="c:\msi\MSI SUITE\StartMSISuite.exe" [2012-07-05 576056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Trend Micro SafeSync.lnk - c:\program files\Trend Micro SafeSync\HrfsClient.exe [2013-2-7 2083640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MSI_SuiteFastBoot;MSI_SuiteFastBoot;c:\msi\MSI SUITE\FastBoot\SuiteFastBootService.exe;c:\msi\MSI SUITE\FastBoot\SuiteFastBootService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130521.011_11d\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130521.011_11d\BHDrvx64.sys [x]
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130531.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130531.011\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe;c:\program files (x86)\Fitbit\fitbit.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSI_ComCenService;MSI_ComCenService;c:\msi\MSI SUITE\ControlCenter\ComCenService.exe;c:\msi\MSI SUITE\ControlCenter\ComCenService.exe [x]
S2 MSI_SuiteCharger;MSI_SuiteCharger;c:\msi\MSI SUITE\Super-Charger\SuiteChargeService.exe;c:\msi\MSI SUITE\Super-Charger\SuiteChargeService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSIFileSyncMonitor;MSI FileSync Monitor;c:\msi\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe;c:\msi\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_D;NTIOLib_1_0_D;c:\msi\MSI SUITE\ControlCenter\NTIOLib_X64.sys;c:\msi\MSI SUITE\ControlCenter\NTIOLib_X64.sys [x]
S3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
S3 OnlineStorageService;OnlineStorageService;c:\program files\Trend Micro SafeSync\hrfscore.exe;c:\program files\Trend Micro SafeSync\hrfscore.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_1_S
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-01 04:22    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 23:08]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-01 07:09]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-01 07:09]
.
2012-06-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2012-06-20 13:57]
.
2013-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2012-06-20 13:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 19:23    1748280    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 19:23    1748280    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 19:23    1748280    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 19:23    1748280    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 19:23    1748280    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 19:23    1748280    ----a-w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-29 13261456]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-28 1256080]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Crosby\AppData\Roaming\Mozilla\Firefox\Profiles\vw8iputy.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.toshiba.com/g/
FF - ExtSQL: !HIDDEN! 2012-04-22 11:47; text_links@arcadeweb.com; c:\users\Crosby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-SelectRebatesUninstall - c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-03  20:41:48
ComboFix-quarantined-files.txt  2013-06-04 01:41
.
Pre-Run: 159,058,718,720 bytes free
Post-Run: 158,962,675,712 bytes free
.
- - End Of File - - 078570E090BE19B5A7265AE501F10AF0



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 04 June 2013 - 07:31 PM

Whatever is slowing the PC it isn't looking like malware.

 

One more scan

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

I'm not expecting anything to pop up here. The slowness could be down to damage caused by malware but there's no active infection that I can see

 

I would suggest that if the ESET scan comes up empty that you look for further diagnosis in the Windows 7 forum here.


Posted Image
m0le is a proud member of UNITE

#14 Kamietus

Kamietus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 05 June 2013 - 08:14 AM

The total run time was 7 hours 33 minutes, with no threats found.

 

Thanks for helping me make sure all the viruses and malware were already removed. Hopefully the Codec C viruses I removed didn't cause too much damage to my laptop before I removed them.

 

Is there anything else you need me to do before I open up a new forum on the Windows 7 section of this site?



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:44 AM

Posted 05 June 2013 - 07:16 PM

You're clean but it may be that this infection has damaged system files and they can help you there.

 

We just need to clear up a few things.

 

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
 

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
 

 


Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users