Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a ZeroAccess.in trojan and have now ran DDS


  • This topic is locked This topic is locked
8 replies to this topic

#1 mikm

mikm

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 July 2013 - 04:41 AM

(I have ran DDS and have attached the logs with this post)

 

I have a Toshiba Satellite laptop. I run Windows 7 64bit and Firefox is my default browser. I have McAfee Total Protection.

I keep getting a message from McAfee telling me I have a Trojan, that it can't be deleted while the programme is still in use and that I need to restart my computer but, it just keeps happening when I do. So I looked on YouTube to see if I was doing something wrong and to see if there was a video explaining what to do. I then ran the McAfee Stinger but it didn't help, it found two things

 

C\:Windows\assembly\GAC_32\desktop.ini

C\:Windows\assembly\GAC_64\desktop.ini

 

But still couldn't delete them.

I was then advised to run MBAM but it didn't delete them, it did say that they were quarentined and I didn't have to bother about it.

However, things seem to have gotten worse since I ran those. My McAfee firewall randomly switches off, cookies keep switching off, I can't restore my laptop to an earlier point as it says the restore function is switched off but, when I go to turn it on, it's already on but I still can't restore and now I keep getting fake security pop-ups. I haven't been able to update Windows for a week or two now, I don't know if that has anything to do with this, as it happened a while before getting the warning from McAfee about the Trojan.

 

I also keep getting a note pop up at the bottom right of the screen from MBAM now, saying;

Successfully blocked access to malicious website: 79.133.196.50

Type: Outgoing

Port:49152

Process: Services.exe

 

Thanks in advance for any help whatsoever, offered to me.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.25.2
Run by Toshiba at 9:30:42 on 2013-07-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3955.1956 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\SysWOW64\PnkBstrB.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B80688AE1DE82DA1&affID=122471&tt=250613_gr3&tsp=4928
uDefault_Page_URL = hxxp://toshiba.msn.com
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: mysearchdial Helper Object: {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: mysearchdial Toolbar: {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
StartupFolder: C:\Users\Toshiba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{75F860E7-B920-49E6-B15D-BCABBA3975D1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{75F860E7-B920-49E6-B15D-BCABBA3975D1}\35B4957313538323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{75F860E7-B920-49E6-B15D-BCABBA3975D1}\35B4959323537333 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://bing.com/
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Toshiba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Toshiba\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Toshiba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Toshiba\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Toshiba\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-21 19:27; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-25 16:17; torntv2@torntv.com; C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: 2013-05-25 16:17; plugin@getwebcake.com; C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-06-02 14:17; en-gb@flyingtophat.co.uk; C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\en-gb@flyingtophat.co.uk
FF - ExtSQL: 2013-06-09 21:11; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 7f124bec-eb86-427e-842d-5ea7218286bf
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=&q=
FF - user.js: extensions.mysearchdial.id - 88AE1DE82DA17957
FF - user.js: extensions.mysearchdial.instlDay - 15885
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 10:26:54
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 2908999
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDtByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q
FF - user.js: extensions.irmysearch.aflt - coolmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 2908999
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDtByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q
FF - user.js: extensions.irspeeddial.aflt - dnldmsd
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1172157324
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - b806795700000000000088ae1de82da1
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15885
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.510:30:04
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=250613_gr3&tsp=4928
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2010-1-5 772944]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-12-26 342416]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-3-27 482384]
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2013-5-23 66040]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-5-23 221296]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-29 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-29 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-6-26 120592]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-5-23 221296]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-5-23 221296]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-5-23 221296]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-5-23 221296]
R2 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-5-23 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-5-23 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-5-23 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-3-28 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2012-3-27 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-27 2320920]
R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-5-25 23552]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-12-26 70112]
R3 enecir;ENE CIR Receiver;C:\windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\drivers\enecirhid.sys [2009-5-19 14848]
R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\System32\drivers\enecirhidma.sys [2008-4-24 6656]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-3-27 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-29 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-12-26 309968]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-12-26 516608]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2013-2-18 337120]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2013-6-26 448288]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-27 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-27 331880]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-27 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-5-23 197264]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2013-2-18 95856]
S3 phaudlwr;Philips Audio Filter;C:\windows\System32\drivers\phaudlwr.sys [2009-10-20 114608]
S3 spc999;Philips SPZ3000/SPC640 Webcam;C:\windows\System32\drivers\spc999.sys [2012-10-20 584192]
S3 spc999m;Philips SPZ3000/SPC640 Webcam filter;C:\windows\System32\drivers\spc999m.sys [2012-10-20 8192]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-3-31 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-29 1255736]
.
=============== Created Last 30 ================
.
2013-06-29 12:21:04    --------    d-----w-    C:\Users\Toshiba\AppData\Roaming\Malwarebytes
2013-06-29 12:20:46    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-29 12:20:41    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-06-29 12:20:41    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-29 12:19:34    --------    d-----w-    C:\Users\Toshiba\AppData\Local\Programs
2013-06-29 09:29:51    --------    d-----w-    C:\Program Files\Unlocker
2013-06-29 09:26:54    --------    d-----w-    C:\Program Files (x86)\Mysearchdial
2013-06-29 09:26:42    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-06-29 09:26:26    --------    d-----w-    C:\Users\Toshiba\AppData\Local\TopArcadeHits
2013-06-28 23:20:37    --------    d-----w-    C:\Stinger_Quarantine
2013-06-28 23:10:37    --------    d-----w-    C:\Program Files\stinger
2013-06-28 20:10:59    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{9A86D3B6-0875-4A25-82E3-B975B6AA664F}
2013-06-28 20:05:58    --------    d-sh--w-    C:\windows\SysWow64\%APPDATA%
2013-06-28 19:30:02    225280    ----a-w-    C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-06-28 19:29:45    --------    d-----w-    C:\Program Files (x86)\x264 Video Codec
2013-06-28 19:13:56    --------    d-----w-    C:\Users\Toshiba\AppData\Roaming\BabSolution
2013-06-28 19:13:28    --------    d-----w-    C:\Users\Toshiba\AppData\Roaming\DSite
2013-06-28 19:13:26    --------    d-----w-    C:\Program Files (x86)\VideoConverter
2013-06-27 22:46:59    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{2207EFC6-E42B-43BE-84FF-42BB2A2EA1DC}
2013-06-27 19:17:07    --------    d-----w-    C:\Program Files (x86)\Gophoto.it
2013-06-27 11:25:56    9793536    ----a-w-    C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-06-27 07:34:28    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{567E0E01-01D1-4D12-A085-DF45C3476FB3}
2013-06-26 18:03:38    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 13:10:41    --------    d-----w-    C:\Users\Toshiba\AppData\Local\NVIDIA
2013-06-26 02:02:30    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{628E2C22-6AB7-4936-96D2-9E61F84A8EEA}
2013-06-25 23:19:09    --------    d-----w-    C:\Users\Toshiba\AppData\Local\SCE
2013-06-25 22:59:28    --------    d-----w-    C:\ProgramData\SystemRequirementsLab
2013-06-25 07:11:22    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{018179A5-69CC-4DE5-973C-EC52A2F94FE6}
2013-06-24 01:02:15    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{37B68600-9D4F-459A-A7F0-8462F784DA66}
2013-06-23 06:40:26    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{26860E32-9E63-4E76-BC48-917860F3BFBE}
2013-06-22 10:12:31    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{87919330-1AF4-4A7B-ABC2-48CEFB915185}
2013-06-22 06:59:32    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{4190589D-D38E-4767-BC81-E15960CC3463}
2013-06-20 22:04:16    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{E4B607BB-2154-4285-AED0-1CC56977AA67}
2013-06-20 17:45:34    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{772F4204-D2EB-4C17-9561-19AC46D3EC6D}
2013-06-19 18:58:53    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{3CB57AC3-EBA9-4807-9980-1757BFD58CC2}
2013-06-19 16:21:21    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{8D4BFE36-0E57-44BF-B222-599216D2038C}
2013-06-19 10:25:58    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{DF043F2C-62F1-464E-8302-43096D7B2875}
2013-06-19 08:20:41    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{18D48EAD-1630-47E6-B11E-5A589AC44AFD}
2013-06-18 17:05:35    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{1161DA7C-CA46-466A-8503-63649315E14A}
2013-06-17 07:28:05    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{1C719E2E-DF11-4712-9664-890C383A7B9E}
2013-06-15 06:41:46    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{56558E63-2F3A-41AE-8FEC-DFD0B676CF37}
2013-06-14 20:32:06    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{40AE34A8-AAFC-4DE3-871B-7F04984118D2}
2013-06-14 08:32:09    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{ED42832D-78DB-4B4A-B1A7-A42CB3FF305A}
2013-06-14 08:13:03    77656    ----a-w-    C:\windows\System32\XAPOFX1_5.dll
2013-06-14 08:13:03    518488    ----a-w-    C:\windows\System32\XAudio2_7.dll
2013-06-14 08:13:01    239960    ----a-w-    C:\windows\SysWow64\xactengine3_7.dll
2013-06-14 08:13:01    176984    ----a-w-    C:\windows\System32\xactengine3_7.dll
2013-06-14 08:11:33    --------    d-----w-    C:\windows\SysWow64\directx
2013-06-14 06:57:44    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{1E3C1360-59D6-40B4-8D54-E82EB468CC5B}
2013-06-14 06:43:59    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{A8AD9AFE-F403-4378-81ED-5FC54127F34B}
2013-06-13 07:44:13    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{DCAC49F6-41B4-4E4F-BF62-D94E7DB779F2}
2013-06-12 08:24:02    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{8599AD11-872E-40BD-83A4-E48964799ECB}
2013-06-11 08:41:48    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{5227763D-5493-4BE6-AAF1-C5A547399731}
2013-06-10 19:45:28    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{1B760C86-0C12-4336-8B33-11E666D5F9EB}
2013-06-10 07:44:53    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{CD185B22-B345-4169-A7D2-C51450ED8BB0}
2013-06-09 18:48:19    --------    d-----w-    C:\Users\Toshiba\AppData\Roaming\mysearchdial
2013-06-08 16:18:55    --------    d-----w-    C:\Users\Toshiba\Samples
2013-06-08 13:27:10    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{030AA284-7097-4966-A32D-350A5FF6B13A}
2013-06-08 06:17:43    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{C20EDD09-A0BC-4BD8-803D-8E6381398F09}
2013-06-06 16:43:49    --------    d-----w-    C:\Program Files\iPod
2013-06-06 16:43:48    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 16:43:48    --------    d-----w-    C:\Program Files\iTunes
2013-06-06 16:43:48    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-06-06 06:52:18    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{D8AC79EE-F786-4FAB-B524-D9F84EF441E6}
2013-06-04 19:48:27    --------    d-----w-    C:\Users\Toshiba\AppData\Roaming\NetMedia Providers
2013-06-04 19:21:30    --------    d-----w-    C:\Users\Toshiba\AppData\Local\Sony
2013-06-04 19:18:36    --------    d-----w-    C:\Program Files (x86)\Sony
2013-06-04 19:17:07    --------    d-----w-    C:\Program Files (x86)\Sony Setup
2013-06-03 17:04:14    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{CEEB9212-B638-438B-8950-6A71F3C21E14}
2013-06-03 11:00:04    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{91CB2E0B-E4C4-4AE4-B569-9AF55E9DF189}
2013-06-03 06:58:21    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{19C36CAA-AB14-4B1C-A889-05D0130E7066}
2013-06-02 14:23:42    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{594ED6E9-7A28-48FA-AA30-A6B6565DFFE7}
2013-06-01 23:34:00    --------    d-----w-    C:\Users\Toshiba\AppData\Local\{95CFE097-9D09-4021-9133-38FB36B745A7}
.
==================== Find3M  ====================
.
2013-06-26 18:03:30    867240    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-06-26 18:03:30    789416    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-06-11 22:44:10    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:44:10    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-12 21:37:58    448288    ----a-w-    C:\windows\System32\drivers\nvstusb.sys
2013-05-12 21:37:58    1510176    ----a-w-    C:\windows\System32\nvir3dgenco6420172.dll
2013-05-12 20:34:14    6491936    ----a-w-    C:\windows\System32\nvcpl.dll
2013-05-12 20:34:14    3514656    ----a-w-    C:\windows\System32\nvsvc64.dll
2013-05-12 20:34:12    884512    ----a-w-    C:\windows\System32\nvvsvc.exe
2013-05-12 20:34:12    63776    ----a-w-    C:\windows\System32\nvshext.dll
2013-05-12 20:34:12    2555680    ----a-w-    C:\windows\System32\nvsvcr.dll
2013-05-12 20:34:11    237856    ----a-w-    C:\windows\System32\nvmctray.dll
2013-05-12 14:43:36    566048    ----a-w-    C:\windows\SysWow64\nvStreaming.exe
2013-05-01 02:59:12    94208    ----a-w-    C:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 02:59:12    69632    ----a-w-    C:\windows\SysWow64\QuickTime.qts
2013-04-22 14:46:12    74560    ----a-w-    C:\windows\System32\drivers\McPvDrv.sys
2013-04-03 12:37:38    70112    ----a-w-    C:\windows\System32\drivers\cfwids.sys
2013-04-03 12:34:58    342416    ----a-w-    C:\windows\System32\drivers\mfewfpk.sys
2013-04-03 12:34:46    182752    ----a-w-    C:\windows\System32\mfevtps.exe
2013-04-03 12:33:06    772944    ----a-w-    C:\windows\System32\drivers\mfehidk.sys
2013-04-03 12:32:14    516608    ----a-w-    C:\windows\System32\drivers\mfefirek.sys
2013-04-03 12:31:36    309968    ----a-w-    C:\windows\System32\drivers\mfeavfk.sys
2013-04-03 12:31:14    179664    ----a-w-    C:\windows\System32\drivers\mfeapfk.sys
.
============= FINISH:  9:33:17.89 ===============
 

Attached Files


Edited by mikm, 01 July 2013 - 04:55 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 01 July 2013 - 09:09 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 mikm

mikm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 02 July 2013 - 07:09 AM

Hey Marius, thank you very much for your time and your help, it is very much appreciated!! I'm Michael btw.

I have now ran MBAR and have attached the log.

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 02 July 2013 - 08:36 AM

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 mikm

mikm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 03 July 2013 - 02:23 PM

Hello again Marius! :thumbup2:

I had no need to press clean-up after the 2nd scan. So far my laptop seems to be working better. We've had nothing pop-up from MBAM or McAfee, my firewall hasn't turned itself off and I've had no problem with cookies.

I haven't tried to update Windows, as I wasn't sure if you wanted me to try that yet.

This is the log from the 2nd scan:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Toshiba :: TOSHIBA-TOSH [administrator]

03/07/2013 16:14:35
mbar-log-2013-07-03 (16-14-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 385778
Time elapsed: 2 hour(s), 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 04 July 2013 - 05:25 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 mikm

mikm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 04 July 2013 - 07:41 AM

ComboFix 13-07-03.01 - Toshiba 04/07/2013  13:18:22.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3955.1578 [GMT 1:00]
Running from: c:\users\Toshiba\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\3D.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-04 to 2013-07-04  )))))))))))))))))))))))))))))))
.
.
2013-07-04 12:35 . 2013-07-04 12:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-04 12:35 . 2013-07-04 12:35    --------    d-----w-    c:\users\games\AppData\Local\temp
2013-07-02 19:34 . 2013-05-24 00:10    262552    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-07-02 19:34 . 2013-05-24 00:10    74136    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-07-02 19:34 . 2013-05-24 00:10    19352    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-06-29 12:21 . 2013-06-29 12:21    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\Malwarebytes
2013-06-29 12:20 . 2013-06-29 12:20    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-29 12:20 . 2013-06-29 12:20    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-29 12:20 . 2013-04-04 13:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-29 12:19 . 2013-06-29 12:19    --------    d-----w-    c:\users\Toshiba\AppData\Local\Programs
2013-06-29 09:29 . 2013-06-29 12:02    --------    d-----w-    c:\program files\Unlocker
2013-06-29 09:26 . 2013-06-29 09:27    --------    d-----w-    c:\program files (x86)\Mysearchdial
2013-06-29 09:26 . 2013-06-29 15:25    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-06-29 09:26 . 2013-06-29 09:26    --------    d-----w-    c:\users\Toshiba\AppData\Local\TopArcadeHits
2013-06-28 23:20 . 2013-06-29 10:18    --------    d-----w-    C:\Stinger_Quarantine
2013-06-28 23:10 . 2013-06-29 12:41    --------    d-----w-    c:\program files\stinger
2013-06-28 20:05 . 2013-06-28 20:05    --------    d-sh--w-    c:\windows\SysWow64\%APPDATA%
2013-06-28 19:30 . 2013-06-28 19:30    225280    ----a-w-    c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-06-28 19:29 . 2013-06-28 22:18    --------    d-----w-    c:\program files (x86)\x264 Video Codec
2013-06-28 19:13 . 2013-06-28 22:18    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\BabSolution
2013-06-28 19:13 . 2013-06-28 19:13    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\DSite
2013-06-28 19:13 . 2013-06-28 22:18    --------    d-----w-    c:\program files (x86)\VideoConverter
2013-06-27 19:17 . 2013-06-27 19:17    --------    d-----w-    c:\program files (x86)\Gophoto.it
2013-06-27 11:25 . 2013-06-27 11:25    9793536    ----a-w-    c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-06-26 18:03 . 2013-06-26 18:03    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 13:23 . 2013-06-26 13:23    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-06-26 13:10 . 2013-06-28 22:18    --------    d-----w-    c:\users\Toshiba\AppData\Local\NVIDIA
2013-06-26 13:08 . 2013-06-28 22:20    --------    d-----w-    c:\users\UpdatusUser
2013-06-25 23:19 . 2013-06-25 23:19    --------    d-----w-    c:\users\Toshiba\AppData\Local\SCE
2013-06-25 23:16 . 2013-06-25 23:16    --------    d-----w-    c:\users\Public\Sony Online Entertainment
2013-06-25 22:59 . 2013-06-25 22:59    --------    d-----w-    c:\programdata\SystemRequirementsLab
2013-06-25 06:38 . 2013-06-25 06:38    --------    d-----w-    c:\users\games\AppData\Local\Macromedia
2013-06-14 08:13 . 2010-06-02 03:55    77656    ----a-w-    c:\windows\system32\XAPOFX1_5.dll
2013-06-14 08:13 . 2010-06-02 03:55    518488    ----a-w-    c:\windows\system32\XAudio2_7.dll
2013-06-14 08:13 . 2010-06-02 03:55    239960    ----a-w-    c:\windows\SysWow64\xactengine3_7.dll
2013-06-14 08:13 . 2010-06-02 03:55    176984    ----a-w-    c:\windows\system32\xactengine3_7.dll
2013-06-09 18:48 . 2013-06-09 18:48    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\mysearchdial
2013-06-08 16:18 . 2013-06-08 16:18    --------    d-----w-    c:\users\Toshiba\Samples
2013-06-07 07:39 . 2013-06-07 07:39    --------    d-----w-    c:\users\games\AppData\Local\Mozilla
2013-06-07 07:35 . 2013-06-07 07:35    --------    d-----w-    c:\users\games\AppData\Local\McAfee File Lock
2013-06-06 16:43 . 2013-06-06 16:43    --------    d-----w-    c:\program files\iPod
2013-06-06 16:43 . 2013-06-06 16:44    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 16:43 . 2013-06-06 16:44    --------    d-----w-    c:\program files\iTunes
2013-06-06 16:43 . 2013-06-06 16:44    --------    d-----w-    c:\program files (x86)\iTunes
2013-06-04 19:48 . 2013-06-14 10:21    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\Publish Providers
2013-06-04 19:48 . 2013-06-04 21:05    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\NetMedia Providers
2013-06-04 19:48 . 2013-06-09 21:36    --------    d-----w-    c:\users\Toshiba\AppData\Roaming\Sony
2013-06-04 19:21 . 2013-06-09 21:59    --------    d-----w-    c:\users\Toshiba\AppData\Local\Sony
2013-06-04 19:18 . 2013-06-09 20:16    --------    d-----w-    c:\program files (x86)\Sony
2013-06-04 19:17 . 2013-06-09 19:45    --------    d-----w-    c:\program files (x86)\Sony Setup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 18:03 . 2012-07-20 11:49    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 18:03 . 2012-04-08 23:26    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-14 10:54 . 2012-04-09 00:18    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-11 22:44 . 2012-03-28 19:12    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:44 . 2012-03-28 19:12    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 23:08 . 2011-03-28 17:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-12 21:42 . 2010-06-10 04:21    2935696    ----a-w-    c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2010-06-10 04:21    2597344    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2010-06-10 04:21    15910736    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2010-06-10 04:21    13403168    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-05-12 21:42 . 2010-06-10 04:21    12426216    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-05-12 20:34 . 2010-06-09 01:36    6491936    ----a-w-    c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2010-06-09 01:36    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2010-06-09 01:36    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2010-06-09 01:36    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2010-06-09 01:36    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2010-06-09 01:36    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-05-12 14:43 . 2013-05-12 14:43    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-05-01 02:59 . 2013-05-01 02:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 02:59 . 2013-05-01 02:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-22 14:46 . 2013-05-23 11:42    74560    ----a-w-    c:\windows\system32\drivers\McPvDrv.sys
2013-04-10 16:11 . 2013-05-23 14:33    92304    ----a-w-    c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-05-24 18:58    197912    ----a-w-    c:\program files (x86)\WebCake\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}]
2013-06-29 09:26    251800    ----a-w-    c:\progra~2\MYSEAR~1\bh\mysearchdial.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3004627E-F8E9-4E8B-909D-316753CBA923}"= "c:\progra~2\MYSEAR~1\mysearchdialTlbr.dll" [2013-06-29 325016]
.
[HKEY_CLASSES_ROOT\clsid\{3004627e-f8e9-4e8b-909d-316753cba923}]
[HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys;c:\windows\SYSNATIVE\DRIVERS\phaudlwr.sys [x]
R3 spc999;Philips SPZ3000/SPC640 Webcam;c:\windows\system32\drivers\spc999.sys;c:\windows\SYSNATIVE\drivers\spc999.sys [x]
R3 spc999m;Philips SPZ3000/SPC640 Webcam filter;c:\windows\system32\drivers\spc999m.sys;c:\windows\SYSNATIVE\drivers\spc999m.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhidma.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 22:44]
.
2013-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-801284763-2958453955-735506328-1000Core.job
- c:\users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-01 21:45]
.
2013-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-801284763-2958453955-735506328-1000UA.job
- c:\users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-01 21:45]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-801284763-2958453955-735506328-1000Core1ce562b476c0f2e.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-07 19:53]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-801284763-2958453955-735506328-1000UA.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-07 19:53]
.
2013-06-29 c:\windows\Tasks\TopArcadeHits.job
- c:\users\Toshiba\AppData\Local\TopArcadeHits\updater.exe [2013-06-29 09:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11    3816248    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11    3816248    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11    3816248    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B80688AE1DE82DA1&affID=122471&tt=250613_gr3&tsp=4928
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://bing.com/
FF - ExtSQL: 2013-05-21 19:27; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-25 16:17; torntv2@torntv.com; c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: 2013-05-25 16:17; plugin@getwebcake.com; c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-06-02 14:17; en-gb@flyingtophat.co.uk; c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\en-gb@flyingtophat.co.uk
FF - ExtSQL: 2013-06-09 21:11; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\rc10cpqc.default-1369166473977\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - user.js: extentions.webcake.installId - 7f124bec-eb86-427e-842d-5ea7218286bf
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1172157324&ir=&q=
FF - user.js: extensions.mysearchdial.id - 88AE1DE82DA17957
FF - user.js: extensions.mysearchdial.instlDay - 15885
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 10:26
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 2908999
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDtByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q
FF - user.js: extensions.irmysearch.aflt - coolmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 2908999
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDtByCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q
FF - user.js: extensions.irspeeddial.aflt - dnldmsd
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1172157324
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0EzztB0D0AtCyBzyyDyBtN0D0Tzu0CyDyEyDtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - b806795700000000000088ae1de82da1
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15885
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.510:30
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=250613_gr3&tsp=4928
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-95247407.go.sky.com - c:\program files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-801284763-2958453955-735506328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-801284763-2958453955-735506328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-04  13:40:02
ComboFix-quarantined-files.txt  2013-07-04 12:40
.
Pre-Run: 354,459,828,224 bytes free
Post-Run: 370,698,031,104 bytes free
.
- - End Of File - - F60FB9E39C621BD5AC46702A6D8021A5
D41D8CD98F00B204E9800998ECF8427E
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 04 July 2013 - 08:16 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 08 July 2013 - 03:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users