Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

missing dll file keeps popping up


  • This topic is locked This topic is locked
14 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 24 July 2013 - 09:33 PM

Hello,

I am coming from here, http://www.bleepingcomputer.com/forums/t/501820/infected-computer-what-to-do/page-2

 

I was referred to here because I had a malware infection and I still have one annoying thing, a popup on restart that states "the module "C:\Users\Mike\AppData\Local\TOSHIBA\kmbytkeu.dll" " failed to load"  There is some other text about making sure the file is stored in a specific path, and that the file could not be found  The title of the popup is RegScr32.  A google search for the dll file brings up nothing.
 

Here is the DDS log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Mike at 3:57:13 on 2013-07-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5610.3820 [GMT -4:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Explorer.EXE
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\AOL\1312435204\ee\aolsoftware.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622172944.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AmazonMP3DownloaderHelper] C:\Users\Mike\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [TOSHIBA] REGSVR32.EXE C:\Users\Mike\AppData\Local\TOSHIBA\kmbytkeu.dll
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
uRun: [Adobe CSS5.1 Manager] C:\Users\Mike\AppData\Local\3b69445a-6d5f-47c4-b644-4e6f09fa0b8fad\badfcbeffabfad.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1312435204\ee\AOLSoftware.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{68807ACA-C439-48EC-AA25-6E4ECF8C4BED} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{68807ACA-C439-48EC-AA25-6E4ECF8C4BED}\0574B4A533 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{68807ACA-C439-48EC-AA25-6E4ECF8C4BED}\546444 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{68807ACA-C439-48EC-AA25-6E4ECF8C4BED}\65444475D264275656 : DHCPNameServer = 168.95.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622172944.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-3 201304]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-8-4 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-8-4 340216]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-8-5 204288]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-8-5 162824]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 335888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-3 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-3 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-3 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-4 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-8-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-8-4 182752]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-8-5 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-8-5 115216]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-8-4 70112]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-8-4 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-8-4 515968]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-8-5 38096]
R3 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB20 [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-8-5 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-8-5 1142376]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-8-5 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-3 201304]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-8-5 135608]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-12-3 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-8-4 106552]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-5 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-25 08:26:00 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6572FA91-9C50-4575-8A72-D2FACC461737}\mpengine.dll
2013-07-24 07:25:55 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-24 06:44:50 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-24 05:15:55 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-07-24 05:15:47 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-24 05:11:54 -------- d-----w- C:\ProgramData\Viewpoint
2013-07-24 05:11:51 -------- d-----w- C:\Program Files (x86)\Viewpoint
2013-07-24 04:43:43 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42B24B45-F27F-4F4F-B036-B7B6F392384B}\gapaengine.dll
2013-07-24 04:43:36 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-24 04:41:06 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-07-24 04:41:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-07-23 18:34:58 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF158CB0-D10C-4037-A27C-E34DDA3CA7E9}\offreg.dll
2013-07-22 21:01:51 253440 ----a-w- C:\Users\Mike\notepad.exe
2013-07-22 21:01:51 0 ----a-w- C:\Users\Mike\opera.exe
2013-07-22 19:17:00 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2013-07-22 19:16:55 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-22 19:16:54 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-22 19:16:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-22 19:16:46 -------- d-----w- C:\Users\Mike\AppData\Local\Programs
2013-07-22 15:38:16 -------- d-----w- C:\Users\Mike\AppData\Local\3b69445a-6d5f-47c4-b644-4e6f09fa0b8fad
2013-07-22 15:37:51 0 ----a-w- C:\Users\Mike\acrobatreader.exe
2013-07-20 06:16:32 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF158CB0-D10C-4037-A27C-E34DDA3CA7E9}\mpengine.dll
2013-07-12 21:07:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-12 21:07:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-12 21:07:58 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-12 21:07:56 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-12 21:07:56 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-12 01:34:26 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-12 01:34:25 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-07-24 05:15:27 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-12 11:29:16 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:29:16 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-05-02 20:42:14 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH:  3:59:31.74 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 25 July 2013 - 06:56 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 25 July 2013 - 10:05 AM

Nice to meet you.  Thanks ahead of time,.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-26 01:21:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK5076GSXN rev.GB001M 465.76GB
Running: kibk6o8t.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxldypow.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\windows\system32\taskhost.exe [1752:1524]                        000007fefb351010
Thread  C:\windows\system32\taskhost.exe [1752:5340]                        000007fef57a5170
Thread  C:\Program Files\Microsoft Security Client\msseces.exe [3492:4224]  000007fefb972a7c
 
---- EOF - GMER 2.1 ----


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 26 July 2013 - 12:26 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 26 July 2013 - 10:19 AM

ComboFix 13-07-25.02 - Mike 07/27/2013   7:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5610.4115 [GMT -4:00]
Running from: c:\users\Mike\Downloads\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\acrobatreader.exe
c:\users\Mike\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
c:\users\Mike\GoToAssistDownloadHelper.exe
c:\users\Mike\notepad.exe
c:\users\Mike\opera.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-27 to 2013-07-27  )))))))))))))))))))))))))))))))
.
.
2013-07-27 11:50 . 2013-07-27 11:50 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2013-07-27 11:50 . 2013-07-27 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 05:23 . 2013-07-02 05:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D76D2E8-BE4C-4C99-A118-F6295E4D683C}\mpengine.dll
2013-07-24 07:25 . 2013-07-24 07:25 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-24 07:13 . 2013-07-24 07:13 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-24 07:13 . 2013-07-24 07:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-24 07:11 . 2013-07-24 07:11 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-07-24 06:44 . 2013-07-24 06:44 -------- d-----w- c:\program files (x86)\ESET
2013-07-24 05:43 . 2013-07-24 05:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-24 05:16 . 2013-07-24 05:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-24 05:15 . 2013-07-24 05:15 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-24 05:15 . 2013-07-24 05:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-24 05:15 . 2013-07-24 05:15 -------- d-----w- c:\program files (x86)\Java
2013-07-24 05:11 . 2013-07-24 05:11 -------- d-----w- c:\programdata\Viewpoint
2013-07-24 05:11 . 2013-07-24 05:11 -------- d-----w- c:\program files (x86)\Viewpoint
2013-07-24 04:43 . 2013-07-24 04:43 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42B24B45-F27F-4F4F-B036-B7B6F392384B}\gapaengine.dll
2013-07-24 04:43 . 2013-07-02 05:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-24 04:41 . 2013-07-24 04:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-24 04:41 . 2013-07-24 04:41 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-23 18:34 . 2013-07-23 18:34 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF158CB0-D10C-4037-A27C-E34DDA3CA7E9}\offreg.dll
2013-07-22 19:17 . 2013-07-22 19:17 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2013-07-22 19:16 . 2013-07-22 19:16 -------- d-----w- c:\programdata\Malwarebytes
2013-07-22 19:16 . 2013-07-22 19:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-22 19:16 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-22 19:16 . 2013-07-22 20:51 -------- d-----w- c:\users\Mike\AppData\Local\Programs
2013-07-22 15:38 . 2013-07-25 08:10 -------- d-----w- c:\users\Mike\AppData\Local\3b69445a-6d5f-47c4-b644-4e6f09fa0b8fad
2013-07-20 06:16 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF158CB0-D10C-4037-A27C-E34DDA3CA7E9}\mpengine.dll
2013-07-12 21:07 . 2013-06-11 23:26 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-07-12 21:07 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-12 21:07 . 2013-06-11 23:43 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-12 21:07 . 2013-06-11 23:26 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-12 21:07 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-07-12 21:07 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-12 21:07 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-07-12 21:07 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-07-12 21:07 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-07-12 01:34 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-12 01:34 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-24 05:15 . 2011-04-28 03:24 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-12 12:15 . 2011-08-04 13:40 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 11:29 . 2012-05-03 03:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 11:29 . 2011-10-04 01:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-13 05:51 . 2013-06-12 09:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 09:14 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 09:14 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 09:14 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 09:14 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 09:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 09:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 09:14 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:14 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:14 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 09:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 09:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 09:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 20:44 . 2013-05-02 20:44 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-02 20:44 . 2013-05-02 20:44 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-02 20:44 . 2013-05-02 20:44 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-02 20:44 . 2013-05-02 20:44 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-02 20:44 . 2013-05-02 20:44 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-02 20:44 . 2013-05-02 20:44 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-02 20:44 . 2013-05-02 20:44 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-02 20:44 . 2013-05-02 20:44 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-02 20:44 . 2013-05-02 20:44 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-02 20:44 . 2013-05-02 20:44 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-02 20:44 . 2013-05-02 20:44 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-02 20:44 . 2013-05-02 20:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-02 20:44 . 2013-05-02 20:44 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-02 20:44 . 2013-05-02 20:44 441856 ----a-w- c:\windows\system32\html.iec
2013-05-02 20:44 . 2013-05-02 20:44 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-02 20:44 . 2013-05-02 20:44 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-02 20:44 . 2013-05-02 20:44 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-02 20:44 . 2013-05-02 20:44 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-02 20:44 . 2013-05-02 20:44 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-02 20:44 . 2013-05-02 20:44 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-02 20:44 . 2013-05-02 20:44 235008 ----a-w- c:\windows\system32\url.dll
2013-05-02 20:44 . 2013-05-02 20:44 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-02 20:44 . 2013-05-02 20:44 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-02 20:44 . 2013-05-02 20:44 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-02 20:44 . 2013-05-02 20:44 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-02 20:44 . 2013-05-02 20:44 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-02 20:44 . 2013-05-02 20:44 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-02 20:44 . 2013-05-02 20:44 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-02 20:44 . 2013-05-02 20:44 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-02 20:44 . 2013-05-02 20:44 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-02 20:44 . 2013-05-02 20:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-02 20:44 . 2013-05-02 20:44 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-02 20:44 . 2013-05-02 20:44 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-02 20:44 . 2013-05-02 20:44 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-02 20:44 . 2013-05-02 20:44 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-02 20:44 . 2013-05-02 20:44 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-02 20:44 . 2013-05-02 20:44 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-02 20:44 . 2013-05-02 20:44 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-02 20:44 . 2013-05-02 20:44 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-02 20:44 . 2013-05-02 20:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-02 20:44 . 2013-05-02 20:44 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-02 20:44 . 2013-05-02 20:44 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-02 20:44 . 2013-05-02 20:44 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-02 20:44 . 2013-05-02 20:44 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-02 20:44 . 2013-05-02 20:44 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-02 20:44 . 2013-05-02 20:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-02 20:44 . 2013-05-02 20:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-02 20:44 . 2013-05-02 20:44 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-02 20:44 . 2013-05-02 20:44 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-02 20:42 . 2013-05-02 20:42 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-02 20:42 . 2013-05-02 20:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-02 20:42 . 2013-05-02 20:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-02 20:42 . 2013-05-02 20:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-02 20:42 . 2013-05-02 20:42 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-02 20:42 . 2013-05-02 20:42 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-02 20:42 . 2013-05-02 20:42 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-02 20:42 . 2013-05-02 20:42 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-02 20:42 . 2013-05-02 20:42 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-02 20:42 . 2013-05-02 20:42 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-02 20:42 . 2013-05-02 20:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-02 20:42 . 2013-05-02 20:42 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-02 20:42 . 2013-05-02 20:42 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-02 20:42 . 2013-05-02 20:42 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-02 20:42 . 2013-05-02 20:42 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-02 20:42 . 2013-05-02 20:42 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-02 20:42 . 2013-05-02 20:42 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"HostManager"="c:\program files (x86)\Common Files\AOL\1312435204\ee\AOLSoftware.exe" [2010-03-08 41800]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KXLDYPOW
*Deregistered* - kxldypow
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 07:07 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 11:29]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 17:29]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Mike\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Wow6432Node-HKCU-Run-TOSHIBA - c:\users\Mike\AppData\Local\TOSHIBA\kmbytkeu.dll
Wow6432Node-HKCU-Run-Adobe CSS5.1 Manager - c:\users\Mike\AppData\Local\3b69445a-6d5f-47c4-b644-4e6f09fa0b8fad\badfcbeffabfad.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Applet - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,
   be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
   71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
   33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,
   3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
   f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
   25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b1,8c,1a,6a,2e,3f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-27  07:53:02
ComboFix-quarantined-files.txt  2013-07-27 11:53
.
Pre-Run: 423,015,301,120 bytes free
Post-Run: 422,474,592,256 bytes free
.
- - End Of File - - 836B359FBDEBA39877117CD244917E0A
5B5E648D12FCADC244C1EC30318E1EB9


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 27 July 2013 - 07:35 AM

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or MSE.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 July 2013 - 08:53 AM

OK I will do that, anything else?



#8 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 July 2013 - 03:24 PM

The person who owns this computer pays a monthly fee to Verizon for the Verizon Internet Security Suite (powered by McAfee) and I recently installed MSE, so I will uninstall MSE.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 29 July 2013 - 12:59 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 29 July 2013 - 02:10 PM

Here is the Malwarebytes scan results, I will do ESET later.

 

Thanks

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.29.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mike :: MIKE-PC [administrator]
 
8/1/2013 8:28:01 AM
mbam-log-2013-08-01 (08-28-01).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401608
Time elapsed: 1 hour(s), 36 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Qoobox\Quarantine\C\Users\Mike\notepad.exe.vir (Trojan.Agent.ED) -> Quarantined and deleted successfully.
 
(end)


#11 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 29 July 2013 - 09:21 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb07374c7f04af4cad3e7f0788164881
# engine=14497
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-24 10:39:38
# local_time=2013-07-24 06:39:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 88 11158231 123336974 0 0
# compatibility_mode=5893 16776574 100 94 0 126205828 0 0
# scanned=166661
# found=3
# cleaned=3
# scan_time=13925
sh=BCB71D0B67FCC6CFF91E27CD44CC95C55F9DDB02 ft=1 fh=c71c001181fab7bc vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\Mike\AppData\Local\Programs\Program Files\ajcf.dll"
sh=7474CFC50764D21E618D37974836CC926148E7F1 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.DH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mike\AppData\Local\Temp\V.class"
sh=6DDF690D1039996D836D91CB4BBFC70F2433721E ft=1 fh=c71c001183148c69 vn="Win32/Boaxxe.G trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\Mike\AppData\Local\TOSHIBA\kmbytkeu.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb07374c7f04af4cad3e7f0788164881
# engine=14581
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-29 01:59:05
# local_time=2013-07-29 09:59:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 88 11605798 123780941 0 0
# compatibility_mode=5893 16776573 100 94 0 126649795 0 0
# scanned=158921
# found=0
# cleaned=0
# scan_time=8597


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 30 July 2013 - 04:25 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 30 July 2013 - 08:15 PM

# AdwCleaner v2.306 - Logfile created 07/30/2013 at 08:53:18
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Viewpoint
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [3399 octets] - [23/07/2013 15:27:38]
AdwCleaner[S2].txt - [1746 octets] - [30/07/2013 08:53:18]
 
########## EOF - C:\AdwCleaner[S2].txt - [1806 octets] ##########
 

 

 

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 31 July 2013 - 03:36 AM

Then your system is clean! :)

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 01 August 2013 - 03:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users