Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible virus,mutiple process running unknown.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 22nd, 2013, 10:23 am

The file from avast I moved to chest b/c it kept on telling me i needed to do something with it. it is still there .

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\ROBERT\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\50Z9G4DZ\app.mam.conduit[1].xml moved successfully.
File\Folder C:\Windows\System32\config\components.iobit not found.
File\Folder C:\Windows\System32\config\default.iobit not found.
File\Folder C:\Windows\System32\config\sam.iobit not found.
File\Folder C:\Windows\System32\config\security.iobit not found.
File\Folder C:\Windows\System32\config\software.iobit not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ROBERT
->Temp folder emptied: 130570 bytes
->Temporary Internet Files folder emptied: 94649 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 368471291 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 352.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10222013_091830

Files\Folders moved on Reboot...
C:\Users\ROBERT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ROBERT\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

here is the first part, im doing the next step now.
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am
Advertisement
Register to Remove

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 22nd, 2013, 12:45 pm

C:\Users\ROBERT\Downloads\CheatEngine62.exe multiple threats
C:\Users\ROBERT\Downloads\Firefox_Setup.exe a variant of Win32/InstallCore.CM application
C:\_OTL\MovedFiles\05272013_162809\C_ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

no problems doing tasks , but computer is been taking a long time to shut down and boot up not normal for this computer. thanks
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 23rd, 2013, 10:37 am

Hi rmrrar,

There is not much left in the way of malware so I am not sure why your machine is shutting down and booting up slow. Try running defrag after the following.

Please move these tools to your desktop. The desired effect may not be obtained from running them in a download directory.

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Files
    C:\Users\ROBERT\Downloads\CheatEngine62.exe
    C:\Users\ROBERT\Downloads\Firefox_Setup.exe
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 2.
Junkware Removal Tool
  • Please download and run the following program: JRT.exe
  • Right-click JRT.exe and select " Run as administrator " to run it.
  • When the program is finished running, post the log JRT.txt in your next reply.




Step 3.
Download HijackThis
Please download HijackThis.msi © Trend Micro Incorporated. Save it to your desktop.

NOTE:If you have used HijackThis before to remove entries, do not uninstall the old version yet.
We may need to see/use it's backups. I will let you know when it's OK to uninstall the old version.

  1. Right click on HiJackThis.msi and select Run as Administrator, if prompted by Windows UAC, allow it.
  2. Follow the prompts... allow the defaults... once installed ...it will create a HijackThis icon on the desktop. Default install location: C:\Program Files\Trend Micro\HijackThis
  3. Once installed, it will launch HijackThis...if not...double click the HijackThis desktop icon.
      If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  4. Click on the "Do a system scan and save a Log file"...button.
    When the scan is finished...Notepad will open with a log file called "hijackthis.log".
  5. In the Hijackthis log, go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  6. Copy and paste the contents of hijackthis.log file in your next reply. Save the file in the HijackThis folder.
Do not fix anything yourself... Removing any needed entries... could render your computer inoperable!.



Step 4.
DDS Scan
  1. You should still have DDS on your desktop.
    Disable any script blocking software you have running before running DDS.
  2. Right click on DDS and select Run as Administrator, if prompted by Windows UAC, allow it.
  3. An "Options" box will appear... leave the options set to their defaults... click the Start button.
    A black window will open with some instructions/comments...
  4. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved... you must save them to your desktop.
  5. Please post both the DDS.txt and Attach.txt files in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 23rd, 2013, 5:22 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\ROBERT\Downloads\CheatEngine62.exe moved successfully.
C:\Users\ROBERT\Downloads\Firefox_Setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ROBERT
->Temp folder emptied: 3829 bytes
->Temporary Internet Files folder emptied: 14736924 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 369947608 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4030 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1089 bytes

Total Files Cleaned = 367.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10232013_160451

Files\Folders moved on Reboot...
C:\Users\ROBERT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by ROBERT on Wed 10/23/2013 at 16:13:06.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Users\ROBERT\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\ROBERT\appdata\local\cre"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\ROBERT\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/23/2013 at 16:20:40.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 23rd, 2013, 5:30 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by ROBERT on Wed 10/23/2013 at 16:13:06.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Users\ROBERT\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\ROBERT\appdata\local\cre"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\ROBERT\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/23/2013 at 16:20:40.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 23rd, 2013, 5:33 pm

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by ROBERT at 16:31:50 on 2013-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2210 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local;192.168.*.*
mWinlogon: Userinit = C:\WINDOWS\SYSWOW64\Userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [TkBellExe] "C:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\144545431373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2375942554338343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2456374702755637475627E6 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-10-17 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-10-17 205320]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-10-17 1032416]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-10-17 409832]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-10-23 202752]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-10-17 38984]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-10-17 84328]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-8-26 321024]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-17 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;C:\windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-10-24 123320]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-6-23 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-29 460288]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-10-24 126392]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-10-9 342528]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2010-10-24 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 CAXHWAZL;CAXHWAZL;C:\windows\System32\drivers\CAXHWAZL.sys [2009-2-13 292864]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-10-23 325152]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2010-10-23 932384]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [?]
S3 Andbus;LGE Android Composite USB Device;C:\windows\System32\drivers\lgandbus.sys [2013-9-16 27944]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\windows\System32\drivers\hitmanpro36.sys [2012-4-28 27936]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-2 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2011-8-29 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-23 232992]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-23 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-12 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-3 1255736]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
.
=============== Created Last 30 ================
.
2013-10-23 21:25:38 388096 ----a-r- C:\Users\ROBERT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-23 21:25:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-10-23 07:30:21 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F835A6B-9732-4E0D-8DAD-63525954D77C}\mpengine.dll
2013-10-17 17:39:54 -------- d-----w- C:\Users\ROBERT\AppData\Roaming\AVAST Software
2013-10-17 17:39:16 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-10-17 17:39:14 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-10-17 17:39:12 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-10-17 17:39:08 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-10-17 17:39:04 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-10-17 17:38:52 43152 ----a-w- C:\windows\avastSS.scr
2013-10-17 17:38:32 -------- d-----w- C:\Program Files\AVAST Software
2013-10-17 17:37:52 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-14 01:55:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 01:55:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 05:54:47 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-10-10 05:52:12 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52:11 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52:09 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-10-10 01:58:18 -------- d-----w- C:\Program Files (x86)\Motive
2013-10-09 23:21:18 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-10-09 23:19:20 -------- d-----w- C:\Program Files\ATT-SST
2013-10-09 23:19:09 -------- d-----w- C:\Program Files (x86)\ATT-SST
2013-10-09 05:44:00 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 19:06:08 -------- d-----w- C:\1c5ffd6c744d58c33beb8eec8e
2013-09-28 03:43:12 19169637 ----a-w- C:\windows\SysWow64\KBDcache.DLL
2013-09-28 03:42:54 3584 ----a-w- C:\windows\System32\thunk.dll
2013-09-28 03:42:54 1536 ----a-w- C:\windows\SysWow64\thunk.dll
2013-09-26 21:43:25 56 ----a-w- C:\windows\SysWow64\dot3com.dat.dll
.
==================== Find3M ====================
.
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-17 04:22:40 27944 ----a-w- C:\windows\System32\drivers\lgandbus.sys
2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-09-03 19:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-09-03 06:43:49 173 ----a-w- C:\windows\DeleteOnReboot.bat
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 16:32:15.64 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2011 10:51:07 PM
System Uptime: 10/23/2013 4:06:34 PM (0 hours ago)
.
Motherboard: TOSHIBA | | NALAE
Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket M2/S1G1 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 191.691 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP461: 10/9/2013 9:55:51 PM - Windows Update
RP462: 10/10/2013 3:00:18 AM - Windows Update
RP463: 10/13/2013 6:03:48 PM - Windows Update
RP464: 10/17/2013 12:38:15 PM - avast! antivirus system restore point
RP465: 10/18/2013 9:00:29 PM - Windows Update
RP466: 10/21/2013 3:30:30 AM - OTL Restore Point - 10/21/2013 3:30:25 AM
RP467: 10/22/2013 9:18:45 AM - OTL Restore Point - 10/22/2013 9:18:41 AM
RP468: 10/23/2013 2:29:46 AM - Windows Update
RP469: 10/23/2013 4:05:06 PM - OTL Restore Point - 10/23/2013 4:05:02 PM
RP470: 10/23/2013 4:25:14 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Amazon Links
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
ATI Catalyst Install Manager
ATT Management Agent
Audacity 2.0.3
avast! Free Antivirus
Bonjour
Canon MG2100 series MP Drivers
ccc-utility64
CopyTrans Suite Remove Only
Corel WinDVD
Dragon NaturallySpeaking 11
ffdshow [rev 2527] [2008-12-19]
Glary Utilities 2.43.0.1419
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Label@Once 1.0
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Quickbooks Financial Center
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Revo Uninstaller 1.94
Revo Uninstaller Pro 2.5.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SketchUp 2013
Skype Launcher
Synaptics Pointing Device Driver
Torres Box Tuning Calculator version 1.1
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Utility Common Driver
V.92 Modem On Hold
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Vivitar Experience Image Manager
Vodafone WCDMA Composite Device Drive Software
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Sync
.
==== End Of File ===========================
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 23rd, 2013, 8:51 pm

Hi rmrrar,

I would still like to see a hijackthis.log from step 3 please.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 24th, 2013, 11:03 am

I posted it in the post right above your last response
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 24th, 2013, 11:05 am

============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local;192.168.*.*
mWinlogon: Userinit = C:\WINDOWS\SYSWOW64\Userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [TkBellExe] "C:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/On ... canner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\144545431373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2375942554338343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2456374702755637475627E6 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-10-17 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-10-17 205320]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-10-17 1032416]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-10-17 409832]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-10-23 202752]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-10-17 38984]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-10-17 84328]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-8-26 321024]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-17 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;C:\windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-10-24 123320]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-6-23 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-29 460288]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-10-24 126392]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-10-9 342528]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2010-10-24 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 CAXHWAZL;CAXHWAZL;C:\windows\System32\drivers\CAXHWAZL.sys [2009-2-13 292864]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-10-23 325152]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2010-10-23 932384]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [?]
S3 Andbus;LGE Android Composite USB Device;C:\windows\System32\drivers\lgandbus.sys [2013-9-16 27944]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\windows\System32\drivers\hitmanpro36.sys [2012-4-28 27936]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-2 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2011-8-29 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-23 232992]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-23 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-12 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-3 1255736]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
.
=============== Created Last 30 ================
.
2013-10-23 21:25:38 388096 ----a-r- C:\Users\ROBERT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-23 21:25:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-10-23 07:30:21 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F835A6B-9732-4E0D-8DAD-63525954D77C}\mpengine.dll
2013-10-17 17:39:54 -------- d-----w- C:\Users\ROBERT\AppData\Roaming\AVAST Software
2013-10-17 17:39:16 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-10-17 17:39:14 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-10-17 17:39:12 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-10-17 17:39:08 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-10-17 17:39:04 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-10-17 17:38:52 43152 ----a-w- C:\windows\avastSS.scr
2013-10-17 17:38:32 -------- d-----w- C:\Program Files\AVAST Software
2013-10-17 17:37:52 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-14 01:55:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 01:55:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 05:54:47 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-10-10 05:52:12 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52:11 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52:09 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-10-10 01:58:18 -------- d-----w- C:\Program Files (x86)\Motive
2013-10-09 23:21:18 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-10-09 23:19:20 -------- d-----w- C:\Program Files\ATT-SST
2013-10-09 23:19:09 -------- d-----w- C:\Program Files (x86)\ATT-SST
2013-10-09 05:44:00 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 19:06:08 -------- d-----w- C:\1c5ffd6c744d58c33beb8eec8e
2013-09-28 03:43:12 19169637 ----a-w- C:\windows\SysWow64\KBDcache.DLL
2013-09-28 03:42:54 3584 ----a-w- C:\windows\System32\thunk.dll
2013-09-28 03:42:54 1536 ----a-w- C:\windows\SysWow64\thunk.dll
2013-09-26 21:43:25 56 ----a-w- C:\windows\SysWow64\dot3com.dat.dll
.
==================== Find3M ====================
.
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-17 04:22:40 27944 ----a-w- C:\windows\System32\drivers\lgandbus.sys
2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-09-03 19:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-09-03 06:43:49 173 ----a-w- C:\windows\DeleteOnReboot.bat
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 16:32:15.64 ===============
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 24th, 2013, 11:31 am

rmrrar,

What you posted is a "copy & paste" from the DDS.txt log. That is not a HJT.txt or hijackthis.log.

I would like you to post an actual hijackthis.log using the following:

Download HijackThis
Please download HijackThis.msi © Trend Micro Incorporated. Save it to your desktop.

NOTE:If you have used HijackThis before to remove entries, do not uninstall the old version yet.
We may need to see/use it's backups. I will let you know when it's OK to uninstall the old version.

  1. Right click on HiJackThis.msi and select Run as Administrator, if prompted by Windows UAC, allow it.
  2. Follow the prompts... allow the defaults... once installed ...it will create a HijackThis icon on the desktop. Default install location: C:\Program Files\Trend Micro\HijackThis
  3. Once installed, it will launch HijackThis...if not...double click the HijackThis desktop icon.
      If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  4. Click on the "Do a system scan and save a Log file"...button.
    When the scan is finished...Notepad will open with a log file called "hijackthis.log".
  5. In the Hijackthis log, go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  6. Copy and paste the contents of hijackthis.log file in your next reply. Save the file in the HijackThis folder.
Do not fix anything yourself... Removing any needed entries... could render your computer inoperable!.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 24th, 2013, 11:36 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:27:05 PM, on 10/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSWOW64\Userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: ATT MAHostService - Alcatel-Lucent - C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9059 bytes
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 24th, 2013, 1:01 pm

Thank you rmrrar,

Now please run the following:

Download and Run ComboFix
  1. Please download ComboFix from one of the following links.
    Link 1.
    Link 2.
    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  2. Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.
  3. Double click on ComboFix.exe and follow the prompts.
  4. When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use!
ComboFix SHOULD NOT be used unless requested by a forum helper.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 26th, 2013, 3:30 am

ComboFix 13-10-26.01 - ROBERT 10/26/2013 2:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2656 [GMT -5:00]
Running from: c:\users\ROBERT\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\uninstaller.exe
c:\users\Public\sdelevURL.tmp
c:\users\ROBERT\AppData\Roaming\ROBERTlog.dat
c:\users\ROBERT\AppData\Roaming\Windir
c:\windows\SysWow64\dot3com.dat.dll
c:\windows\wnUninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2013-09-26 to 2013-10-26 )))))))))))))))))))))))))))))))
.
.
2013-10-24 17:57 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-24 17:57 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-24 17:57 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-24 17:57 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-24 17:57 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-24 17:57 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-24 17:57 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-23 21:25 . 2013-10-23 21:25 388096 ----a-r- c:\users\ROBERT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-23 21:25 . 2013-10-23 21:25 -------- d-----w- c:\program files (x86)\Trend Micro
2013-10-23 07:30 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F835A6B-9732-4E0D-8DAD-63525954D77C}\mpengine.dll
2013-10-17 17:39 . 2013-10-17 17:39 -------- d-----w- c:\users\ROBERT\AppData\Roaming\AVAST Software
2013-10-17 17:39 . 2013-10-17 17:38 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-17 17:39 . 2013-10-17 17:38 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-17 17:39 . 2013-10-17 17:38 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-17 17:39 . 2013-10-17 17:38 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-17 17:39 . 2013-10-17 17:38 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-17 17:39 . 2013-10-17 17:38 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-17 17:39 . 2013-10-17 17:38 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-17 17:39 . 2013-10-17 17:38 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-17 17:38 . 2013-10-17 17:38 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-17 17:38 . 2013-10-17 17:38 43152 ----a-w- c:\windows\avastSS.scr
2013-10-17 17:38 . 2013-10-17 17:38 -------- d-----w- c:\program files\AVAST Software
2013-10-17 17:37 . 2013-10-17 17:37 -------- d-----w- c:\programdata\AVAST Software
2013-10-14 01:55 . 2013-10-14 01:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 01:55 . 2013-10-14 01:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 05:54 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 05:52 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:52 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-10 01:58 . 2013-10-10 01:58 -------- d-----w- c:\program files (x86)\Motive
2013-10-09 23:21 . 2013-10-10 05:49 -------- d-----w- c:\programdata\Yahoo!
2013-10-09 23:21 . 2013-10-09 23:21 -------- d-----w- c:\users\ROBERT\AppData\Roaming\Yahoo!
2013-10-09 23:21 . 2013-10-10 05:51 -------- d-----w- c:\program files (x86)\Yahoo!
2013-10-09 23:19 . 2013-10-09 23:19 -------- d-----w- c:\program files\ATT-SST
2013-10-09 23:19 . 2013-10-09 23:19 -------- d-----w- c:\program files (x86)\ATT-SST
2013-10-09 05:44 . 2013-10-09 05:44 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 19:06 . 2013-10-07 19:06 -------- d-----w- C:\1c5ffd6c744d58c33beb8eec8e
2013-09-28 03:43 . 2013-10-03 23:44 19169637 ----a-w- c:\windows\SysWow64\KBDcache.DLL
2013-09-28 03:42 . 2013-10-03 23:43 1536 ----a-w- c:\windows\SysWow64\thunk.dll
2013-09-28 03:42 . 2013-10-03 23:43 3584 ----a-w- c:\windows\system32\thunk.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 03:02 . 2011-01-03 22:37 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-17 04:22 . 2013-09-17 04:22 27944 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2013-09-03 19:35 . 2011-01-03 05:09 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-03 06:43 . 2013-09-03 06:43 173 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-29 01:48 . 2013-10-10 05:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-13 01:51 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-13 01:51 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-13 01:51 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-13 01:51 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-13 01:51 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-13 01:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-13 01:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-13 01:51 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-13 01:51 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-13 01:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-13 01:51 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-13 01:51 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-13 01:51 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 01:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 01:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 01:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2013-07-21 295512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-19 3567800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys;c:\windows\SYSNATIVE\drivers\hitmanpro36.sys [x]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 01:39 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-08 04:31]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 17:27]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-17 17:38 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2013-05-07 2794496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
AddRemove-Vodafone WCDMA Composite Device Drive - c:\windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
AddRemove-{711C28A5-B699-6680-D276-7F7C8BC7A2C5} - c:\progra~3\INSTAL~1\{3D9D6~1\Setup.exe
AddRemove-{FA48BB90-ACC2-3256-5B48-CF047375AB40} - c:\progra~3\INSTAL~1\{8EBA5~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\ATT\8.3.1.7\ma\bin\node.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2013-10-26 02:27:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-26 07:27
.
Pre-Run: 205,446,475,776 bytes free
Post-Run: 204,655,497,216 bytes free
.
- - End Of File - - 7611350BA17DECD18DA52DAD1DD38D94
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Possible virus,mutiple process running unknown.

Unread postby wannabeageek » October 27th, 2013, 10:17 am

Hi rmrrar,

Download and run MGA Diagnostic Tool
  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Possible virus,mutiple process running unknown.

Unread postby rmrrar » October 28th, 2013, 10:38 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {00612CAF-2CBF-43DB-8D1E-62CE63F88150}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{00612CAF-2CBF-43DB-8D1E-62CE63F88150}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-1876674280-98715098-3197743793</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L675D</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>1.70</Version><SMBIOSVersion major="2" minor="6"/><Date>20110802000000.000000+000</Date></BIOS><HWID>0A043007018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800057-02-1033-7600.0000-2032010
Installation ID: 000861318342926133051581088131437313411306441101786723
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: W8DQG
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 10/28/2013 9:34:47 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAAACAAAAAgABAAEA6GEit+CUcDhmfuTl6kWQzSQd5sYYeQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSCPL TOSCPL00
FACP TOSCPL TOSCPL00
HPET TOSCPL TOSCPL00
MCFG TOSCPL TOSCPL00
SLIC TOSCPL TOSCPL00
SSDT AMD POWERNOW



Also I had a blue screen error pop up this is what it said also .

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 0000000000000003
BCP2: FFFFFA80061F9060
BCP3: FFFFF80000B9C518
BCP4: FFFFFA8004309C10
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\102713-23072-01.dmp
C:\Users\ROBERT\AppData\Local\Temp\WER-3301885-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware