HI, thanks for your prompt reply. I did what you said word to word.
However I have a question with regards to JAVA. I have the latest version, do I still have to down load Sun Java Runtime Environment and/or JavaRa?
Here are the logs needed:
JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by TOSHIBA on 08/11/2013 at 8:47:00.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{4CA4DC98-88A9-4FDD-9DA5-F36ADD38AF6C}
Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{E9DAB58C-6490-4BC6-ACC1-751767BACC74}
Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{FDBCDC58-5980-468A-9768-5A1C844D3E29}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/11/2013 at 8:52:13.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix logComboFix 13-11-07.01 - TOSHIBA 08/11/2013 9:12.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1907.923 [GMT 2:00]
Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
c:\windows\file_3.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-08 to 2013-11-08 )))))))))))))))))))))))))))))))
.
.
2013-11-08 07:03 . 2013-11-08 07:03 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Oracle
2013-11-08 06:59 . 2013-11-08 06:59 -------- d-----w- c:\programdata\Oracle
2013-11-08 06:59 . 2013-11-08 06:59 -------- d-----w- c:\program files\Common Files\Java
2013-11-08 06:58 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-08 06:46 . 2013-11-08 06:46 -------- d-----w- c:\windows\ERUNT
2013-11-07 18:26 . 2013-11-07 18:30 -------- d-----w- C:\AdwCleaner
2013-11-07 18:18 . 2013-11-07 18:18 -------- d-----w- c:\program files\CCleaner
2013-11-07 16:43 . 2013-11-07 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-06 09:08 . 2013-11-06 09:08 -------- d-----w- c:\program files\VerbAce Research
2013-11-02 21:24 . 2004-03-09 04:00 224016 ------w- c:\windows\system32\tabctl32.ocx
2013-11-02 21:24 . 2013-03-08 01:46 94208 --sh--w- c:\windows\system32\SalaatTime.dll
2013-11-02 21:24 . 2013-11-02 21:24 -------- d-----w- c:\program files\Salaat Time
2013-11-02 21:24 . 2013-11-02 21:24 -------- d-----w- c:\programdata\InstallMate
2013-11-01 12:45 . 2013-11-07 13:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5F0173-722E-4CE9-912B-7D2DA42F8122}\offreg.dll
2013-11-01 11:46 . 2013-11-01 11:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Svchost
2013-11-01 07:27 . 2013-11-07 16:50 -------- d-----w- c:\programdata\GlarySoft
2013-11-01 07:02 . 2013-11-07 16:50 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\GlarySoft
2013-11-01 07:01 . 2013-11-01 07:01 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Glary_Utilities_Pro__3.9.4.144
2013-10-31 10:50 . 2013-10-31 10:50 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes
2013-10-31 10:49 . 2013-10-31 10:49 -------- d-----w- c:\programdata\Malwarebytes
2013-10-31 10:49 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-31 10:49 . 2013-10-31 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-31 10:48 . 2013-11-01 07:01 158 ----a-w- c:\programdata\patch.dll
2013-10-31 10:47 . 2013-10-31 10:47 253440 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
2013-10-31 10:47 . 2013-10-31 10:47 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes Anti-Malware PRO v1.75.0.1300
2013-10-30 12:24 . 2013-10-30 12:24 -------- d-----w- c:\windows\system32\gs
2013-10-30 12:24 . 2013-10-30 12:27 -------- d-----w- c:\program files\GreetingCardStudio
2013-10-29 10:50 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5F0173-722E-4CE9-912B-7D2DA42F8122}\mpengine.dll
2013-10-23 11:24 . 2011-09-22 17:55 487424 ----a-w- c:\windows\system32\msvcp70.dll
2013-10-23 11:24 . 2011-09-22 17:55 974848 ----a-w- c:\windows\system32\mfc70.dll
2013-10-23 11:24 . 2011-09-22 17:55 344064 ----a-w- c:\windows\system32\msvcr70.dll
2013-10-23 11:00 . 2013-10-23 13:37 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Media Player Classic
2013-10-22 18:26 . 2013-10-22 18:26 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-10-22 18:26 . 2013-10-22 18:26 679128 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2013-10-22 10:06 . 2013-10-23 11:25 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\AVS4YOU
2013-10-22 10:04 . 2013-10-27 08:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2013-10-22 10:04 . 2012-03-23 17:59 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-10-22 10:04 . 2013-10-27 08:22 -------- d-----w- c:\program files\AVS4YOU
2013-10-22 10:04 . 2013-10-22 10:06 -------- d-----w- c:\programdata\AVS4YOU
2013-10-22 10:04 . 2012-03-23 17:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2013-10-21 12:14 . 2013-10-21 12:14 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\SolidDocuments
2013-10-20 08:51 . 2013-04-17 18:20 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-10-20 08:08 . 2013-10-20 08:08 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-20 08:08 . 2013-10-22 17:59 -------- d-----w- c:\programdata\IObit
2013-10-20 08:08 . 2013-10-22 18:01 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\IObit
2013-10-19 14:57 . 2013-10-19 14:57 -------- d-----w- c:\program files\Google
2013-10-19 14:46 . 2013-10-19 14:46 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Programs
2013-10-19 14:41 . 2013-10-19 14:47 -------- d-----w- c:\program files\FotoSketcher
2013-10-19 14:37 . 2013-10-19 14:40 -------- d-----w- c:\program files\YouTube Downloader
2013-10-17 13:04 . 2013-10-17 13:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-10-16 04:53 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-16 04:53 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-10-16 04:52 . 2012-08-23 14:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-16 04:52 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-10-16 04:51 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-10-16 04:50 . 2012-08-23 13:18 37376 ----a-w- c:\windows\system32\tsgqec.dll
2013-10-16 04:50 . 2012-08-23 13:46 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2013-10-16 04:50 . 2012-08-23 13:32 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-10-16 04:50 . 2012-08-23 13:47 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-10-16 04:50 . 2012-08-23 11:15 269312 ----a-w- c:\windows\system32\aaclient.dll
2013-10-16 04:50 . 2012-08-23 11:40 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-10-16 04:50 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2013-10-16 04:49 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-10-16 04:49 . 2012-08-23 11:32 317440 ----a-w- c:\windows\system32\wksprt.exe
2013-10-16 04:49 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\system32\mstsc.exe
2013-10-16 04:49 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2013-10-16 04:49 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2013-10-16 04:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-10-16 04:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-10-16 04:46 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-10-16 04:46 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-10-16 04:46 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-10-15 15:38 . 2013-10-15 15:41 -------- d-----w- c:\windows\system32\MRT
2013-10-15 15:35 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-15 15:35 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-15 15:35 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-15 15:35 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-15 15:35 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-15 15:35 . 2013-09-22 23:27 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-10-15 15:25 . 2013-10-15 15:25 -------- d-----w- c:\program files\MSXML 4.0
2013-10-15 15:19 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-15 15:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-15 15:18 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-15 15:18 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-10-15 15:18 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-10-15 15:18 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-15 15:18 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-15 15:17 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-15 15:16 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-15 15:16 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-15 15:16 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-15 15:16 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-15 15:16 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-15 15:16 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-15 15:14 . 2013-08-02 01:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-15 15:13 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-15 15:13 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-15 15:13 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-15 15:13 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-15 15:13 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-10-15 15:12 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-10-15 08:52 . 2013-10-15 08:52 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\HTC Sync
2013-10-15 08:52 . 2013-10-19 17:36 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\HTC
2013-10-15 08:51 . 2013-11-08 07:23 -------- d-----w- c:\users\TOSHIBA\AppData\Local\HTC MediaHub
2013-10-15 08:51 . 2013-10-15 08:51 -------- d-----w- c:\users\TOSHIBA\.android
2013-10-15 08:51 . 2013-10-15 08:51 -------- d-----w- c:\programdata\Motorola
2013-10-15 08:49 . 2013-10-15 08:49 -------- d-----w- c:\program files\Spirent Communications
2013-10-15 08:33 . 2013-10-15 08:50 -------- d-----w- c:\program files\HTC
2013-10-15 08:32 . 2009-06-09 13:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-10-15 08:32 . 2009-10-26 15:54 25088 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2013-10-15 08:32 . 2013-10-15 08:32 -------- d-----w- c:\programdata\HTC
2013-10-15 08:32 . 2013-11-06 11:21 -------- d-----w- C:\Temp
2013-10-15 06:28 . 2013-09-03 12:35 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-10-09 12:11 . 2013-10-09 12:38 -------- d-----w- c:\program files\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-22 18:26 . 2012-04-07 15:18 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-10-09 17:28 . 2012-04-08 07:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 17:28 . 2012-04-08 07:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 07:32 . 2012-04-08 08:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-03-08 01:46 94208 --sh--w- c:\windows\System32\SalaatTime.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2013-03-10 17199104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 170520]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 171032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 136216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-08-06 280576]
.
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
alga.exe [2013-10-31 253440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe AutoRun [2013-11-6 1667072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-11 10:37 3478600 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-20 05:27 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 18:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-09-27 14:02 1279120 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2011-04-01 14:42 80840 ----a-w- c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 08:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2010-08-15 16:54 34160 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 17:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-03-29 05:48 408576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2013-04-01 09:45 298616 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
2010-07-28 15:23 1493608 ------w- c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-07-28 15:23 9398888 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 15:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 15:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-04-08 08:25 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 06:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-24 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-24 11136]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-03-24 85760]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-03-24 26496]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-03-24 168448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-04-08 85152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-08 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-04-08 162928]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-10-17 108816]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-10-28 340432]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-10-17 157264]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-10-17 230448]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-09-02 87368]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-04-08 145936]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-17 1444120]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-04-08 17520]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-24 348160]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-24 72832]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-10-22 679128]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:28]
.
2013-11-02 c:\windows\Tasks\ReclaimerUpdateFiles_TOSHIBA.job
- c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
.
2013-11-02 c:\windows\Tasks\ReclaimerUpdateXML_TOSHIBA.job
- c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
.
2013-11-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_TOSHIBA.job
- c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://www.google.co.za/?gws_rd=cr&ei=Wr97UpqJIMbAtQbaroGIDguInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 196.207.35.29 196.207.35.30
TCP: Interfaces\{02FE2E07-03F4-426B-9774-125C012BEC21}: NameServer = 163.121.128.134 212.103.160.18
TCP: Interfaces\{98513050-6C5D-44C0-A99E-45978941BB38}: NameServer = 163.121.128.134 212.103.160.18
TCP: Interfaces\{F93B3222-C7BF-4FBA-921D-D5D0CEBC092A}: NameServer = 163.121.128.134 212.103.160.18
FF - ProfilePath - c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\
FF - ExtSQL: 2013-10-01 22:58;
[email protected]; c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\extensions\
[email protected]FF - ExtSQL: 2013-10-07 16:34;
[email protected]; c:\program files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-39980888.sys
MSConfigStartUp-FilmFanatic Browser Plugin Loader - c:\progra~1\FILMFA~2\bar\1.bin\pabrmon.exe
MSConfigStartUp-FilmFanatic Search Scope Monitor - c:\progra~1\FILMFA~2\bar\1.bin\pasrchmn.exe
MSConfigStartUp-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
MSConfigStartUp-VideoDownloadConverter_4z Browser Plugin Loader - c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
MSConfigStartUp-VideoScavenger Search Scope Monitor - c:\progra~1\VIDEOS~2\bar\1.bin\1esrchmn.exe
MSConfigStartUp-VideoScavenger_1e Browser Plugin Loader - c:\progra~1\VIDEOS~2\bar\1.bin\1ebrmon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3344)
c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\windows\system32\conhost.exe
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-11-08 09:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-08 07:28
.
Pre-Run: 69,544,628,224 bytes free
Post-Run: 69,461,553,152 bytes free
.
- - End Of File - - 6C8780FD6B111A6EB69D1F04FCD75B59
A36C5E4F47E84449FF07ED3517B43A31