Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with possible infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with possible infection

Unread postby rmrrar » July 26th, 2014, 10:12 pm

I have been getting alerts from my avast antivirus about infections but when I do scans nothing comes up. also avast keeps saying in order to remove infections I need to upgrade. I don't want to if it isn't a free program .Any help would be great also my wireless connection has been real weird sometimes it works sometimes it wont and there is a chrome bell that pops up on its own as well. Thank You rmrrar


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by ROBERT at 21:08:05 on 2014-07-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2155 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local;192.168.*.*
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2C42FF12-A26B-49CF-95AC-E1FCD6686B28} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\144545431373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2375942554338343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D37F6B86-617F-44FB-8D81-EFFCBC1C359E}\2456374702755637475627E6 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.toshiba.com/
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [ATT_McciTrayApp] "C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-10-17 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-10-17 224896]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2013-10-17 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-11-7 427360]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-10-23 202752]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-2 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-10-17 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2013-12-27 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-12 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;C:\windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-6-23 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-29 460800]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2010-10-24 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 CAXHWAZL;CAXHWAZL;C:\windows\System32\drivers\CAXHWAZL.sys [2009-2-13 292864]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-10-23 325152]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-23 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Andbus;LGE Android Composite USB Device;C:\windows\System32\drivers\lgandbus.sys [2013-9-16 27944]
S3 AT&T Troubleshoot & Resolve;AT&T Troubleshoot & Resolve;C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe [2014-4-2 321024]
S3 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-8-26 321024]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\windows\System32\drivers\hitmanpro36.sys [2012-4-28 27936]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-5-10 111616]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2011-8-29 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-23 232992]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2010-10-23 932384]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-5-9 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-3 1255736]
S4 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [?]
.
=============== Created Last 30 ================
.
2014-07-17 19:29:48 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-07-17 19:28:56 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-07-17 19:28:56 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-07-17 19:28:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-13 02:14:27 43152 ----a-w- C:\windows\avastSS.scr
2014-07-12 18:04:11 -------- d-----w- C:\Users\ROBERT\AppData\Roaming\SmartDraw
2014-07-12 18:01:17 -------- d-----w- C:\SmartDraw CI
.
==================== Find3M ====================
.
2014-07-13 02:14:28 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-07-13 02:14:28 92008 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-07-13 02:14:28 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-07-13 02:14:28 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-07-13 02:14:28 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-07-13 02:14:28 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-07-13 02:14:28 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-12 12:25:56 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-03 00:00:15 59888 ------w- C:\windows\SysWow64\pxwma.dll
2014-04-29 13:40:58 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-04-29 12:34:22 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-04-28 22:16:15 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-28 22:16:15 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 21:08:37.24 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2011 10:51:07 PM
System Uptime: 7/26/2014 8:47:07 PM (1 hours ago)
.
Motherboard: TOSHIBA | | NALAE
Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket M2/S1G1 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 205.788 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
Amazon Links
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve
ATI Catalyst Install Manager
Audacity 2.0.3
avast! Free Antivirus
Bonjour
Canon MG2100 series MP Drivers
ccc-utility64
CopyTrans Suite Remove Only
Corel WinDVD
ffdshow [rev 2527] [2008-12-19]
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Label@Once 1.0
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Quickbooks Financial Center
RealDownloader
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.3
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SketchUp 2013
Skype Launcher
Synaptics Pointing Device Driver
Torres Box Tuning Calculator version 1.1
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Utility Common Driver
V.92 Modem On Hold
Vivitar Experience Image Manager
Vodafone WCDMA Composite Device Drive Software
Windows 7 USB/DVD Download Tool
Windows Live Sync
.
==== Event Viewer Messages From Past Week ========
.
7/26/2014 8:52:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHlpa64
7/26/2014 8:51:30 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/26/2014 8:51:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126
7/26/2014 8:51:13 PM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
7/26/2014 8:51:03 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am
Advertisement
Register to Remove

Re: Help with possible infection

Unread postby nunped » July 28th, 2014, 6:04 am

Hello rmrrar, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help with possible infection

Unread postby nunped » July 28th, 2014, 6:17 am

Hi rmrrar,

Lets run a few more scans, please:

Step 1 - Scan with FRST
Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Step 2 - ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while (sometimes a few hours) so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help with possible infection

Unread postby rmrrar » July 28th, 2014, 9:32 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by ROBERT (administrator) on ROBERT-PC on 28-07-2014 20:29:52
Running from C:\Users\ROBERT\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe [2834432 2014-04-02] (Alcatel-Lucent)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-12] (AVAST Software)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1876674280-98715098-3197743793-1001\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [3218792 2010-06-02] (Toshiba)
HKU\S-1-5-21-1876674280-98715098-3197743793-1001\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9C9A7121-333C-4183-94FE-593770E56758} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {413D6B5A-DDF9-452B-8138-3FB88131DF57} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKCU - {413D6B5A-DDF9-452B-8138-3FB88131DF57} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKCU - {9C9A7121-333C-4183-94FE-593770E56758} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plug-in) - C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Motive Management Plug-in) - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-03]
CHR Extension: (Google Search) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-03]
CHR Extension: (Video Downloader professional) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-06-13]
CHR Extension: (Planner 5D) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2014-03-03]
CHR Extension: (Google Wallet) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (Gmail) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe [321024 2014-04-02] (Alcatel-Lucent) [File not signed]
S3 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-22] (Alcatel-Lucent) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [27944 2013-09-16] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
S3 hitmanpro35; C:\windows\system32\drivers\hitmanpro36.sys [27936 2012-04-28] ()
S3 motmodem; No ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-11-13] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 20:29 - 2014-07-28 20:30 - 00017564 _____ () C:\Users\ROBERT\Downloads\FRST.txt
2014-07-28 20:29 - 2014-07-28 20:29 - 00000000 ____D () C:\FRST
2014-07-28 20:28 - 2014-07-28 20:29 - 00001463 _____ () C:\Users\ROBERT\Desktop\FRST64 - Shortcut.lnk
2014-07-28 20:27 - 2014-07-28 20:27 - 02093568 _____ (Farbar) C:\Users\ROBERT\Downloads\FRST64.exe
2014-07-26 21:08 - 2014-07-26 21:08 - 00013192 _____ () C:\Users\ROBERT\Desktop\dds.txt
2014-07-26 21:08 - 2014-07-26 21:08 - 00004725 _____ () C:\Users\ROBERT\Desktop\attach.txt
2014-07-26 20:57 - 2014-07-26 20:57 - 00001432 _____ () C:\Users\ROBERT\Desktop\dds - Shortcut.lnk
2014-07-26 20:56 - 2014-07-26 20:56 - 00688992 _____ (Swearware) C:\Users\ROBERT\Downloads\dds (1).scr
2014-07-25 00:31 - 2014-07-25 00:42 - 81864650 _____ () C:\Users\ROBERT\Downloads\TubeXClipscom - Free porn videos XXX porn movies Tube x clips (1).flv
2014-07-25 00:19 - 2014-07-25 00:19 - 20004281 _____ () C:\Users\ROBERT\Downloads\TubeXClipscom - Free porn videos XXX porn movies Tube x clips.flv
2014-07-25 00:11 - 2014-07-25 00:35 - 53815583 _____ () C:\Users\ROBERT\Downloads\Old Guy Young Girl Homade Sextape H2Porn.flv
2014-07-22 02:47 - 2014-07-22 02:57 - 49737795 _____ () C:\Users\ROBERT\Downloads\Extreme teen daughter abuse on Red Tube Now.flv
2014-07-22 02:47 - 2014-07-22 02:52 - 32172308 _____ () C:\Users\ROBERT\Downloads\2 teens get fucked on Red Tube Now.flv
2014-07-20 04:23 - 2014-07-20 04:36 - 194000119 _____ () C:\Users\ROBERT\Downloads\Almost virgin all natural pussies closeup - beeg.mp4
2014-07-20 03:57 - 2014-07-20 04:30 - 120606129 _____ () C:\Users\ROBERT\Downloads\2 teens 1 man - xHamstercom.flv
2014-07-20 03:33 - 2014-07-20 03:36 - 17634493 _____ () C:\Users\ROBERT\Downloads\Happy Porn - Free Porn Movies.flv
2014-07-18 13:44 - 2014-07-18 13:44 - 00895120 _____ (Google Inc.) C:\Users\ROBERT\Downloads\GoogleVoiceAndVideoSetup.exe
2014-07-17 16:07 - 2014-07-17 16:07 - 01016261 _____ (Thisisu) C:\Users\ROBERT\Downloads\JRT.exe
2014-07-17 14:29 - 2014-07-23 07:44 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 14:29 - 2014-07-17 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 14:28 - 2014-07-17 14:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 14:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-17 14:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-17 14:10 - 2014-07-17 14:12 - 17743333 _____ () C:\Users\ROBERT\Downloads\Play video - Gandalf Free Porn.flv
2014-07-12 21:14 - 2014-07-12 21:14 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-12 20:41 - 2014-07-12 20:41 - 01348263 _____ () C:\Users\ROBERT\Downloads\adwcleaner_3.215.exe
2014-07-12 20:05 - 2014-07-12 21:03 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-12 13:04 - 2014-07-12 14:32 - 00000000 ____D () C:\Users\ROBERT\AppData\Roaming\SmartDraw
2014-07-12 13:04 - 2014-07-12 13:04 - 00000000 ____D () C:\Users\ROBERT\AppData\System
2014-07-12 13:01 - 2014-07-12 14:44 - 00000000 ____D () C:\SmartDraw CI
2014-07-09 08:36 - 2014-07-09 08:42 - 56541666 _____ () C:\Users\ROBERT\Downloads\Extreme Daughter Abuse - Malus Tube.mp4
2014-07-09 07:57 - 2014-07-09 07:58 - 08226495 _____ () C:\Users\ROBERT\Downloads\HQ Sex Tube - Free Porn Movies.flv
2014-07-09 07:50 - 2014-07-09 07:53 - 32099163 _____ () C:\Users\ROBERT\Downloads\Young teen daughter rougly hatefucked - Pornhubcom.mp4
2014-07-09 05:58 - 2014-07-09 06:03 - 52218082 _____ () C:\Users\ROBERT\Downloads\my bang van orgy - Free Porn Videos - YouPorn.mp4
2014-07-09 01:50 - 2014-07-09 01:51 - 07730246 _____ () C:\Users\ROBERT\Downloads\Play video - Oh Free Sex.flv
2014-07-09 00:41 - 2014-07-09 00:44 - 51946295 _____ () C:\Users\ROBERT\Downloads\my horny ex girlfriend - Free Porn Videos - YouPorn.mp4
2014-07-09 00:41 - 2014-07-09 00:43 - 28997098 _____ () C:\Users\ROBERT\Downloads\Daddy hatefucks a daughter - KeezMoviescom.mp4
2014-07-07 17:44 - 2014-07-07 17:48 - 37572967 _____ () C:\Users\ROBERT\Downloads\Curly haired lass is licked from the back.mp4
2014-07-07 17:37 - 2014-07-07 17:42 - 62715421 _____ () C:\Users\ROBERT\Downloads\You can calls us professional amateurs - Pornhubcom.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 20:30 - 2014-07-28 20:29 - 00017564 _____ () C:\Users\ROBERT\Downloads\FRST.txt
2014-07-28 20:29 - 2014-07-28 20:29 - 00000000 ____D () C:\FRST
2014-07-28 20:29 - 2014-07-28 20:28 - 00001463 _____ () C:\Users\ROBERT\Desktop\FRST64 - Shortcut.lnk
2014-07-28 20:27 - 2014-07-28 20:27 - 02093568 _____ (Farbar) C:\Users\ROBERT\Downloads\FRST64.exe
2014-07-28 20:04 - 2013-07-21 12:27 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 19:28 - 2013-07-21 12:27 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 19:28 - 2010-10-23 23:42 - 02037930 _____ () C:\windows\WindowsUpdate.log
2014-07-27 14:32 - 2013-11-14 22:37 - 00003344 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1876674280-98715098-3197743793-1001
2014-07-27 14:32 - 2013-11-14 22:37 - 00003212 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1876674280-98715098-3197743793-1001
2014-07-26 21:08 - 2014-07-26 21:08 - 00013192 _____ () C:\Users\ROBERT\Desktop\dds.txt
2014-07-26 21:08 - 2014-07-26 21:08 - 00004725 _____ () C:\Users\ROBERT\Desktop\attach.txt
2014-07-26 21:01 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 21:01 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:57 - 2014-07-26 20:57 - 00001432 _____ () C:\Users\ROBERT\Desktop\dds - Shortcut.lnk
2014-07-26 20:57 - 2012-10-26 20:02 - 00783468 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-26 20:56 - 2014-07-26 20:56 - 00688992 _____ (Swearware) C:\Users\ROBERT\Downloads\dds (1).scr
2014-07-26 20:52 - 2013-11-07 11:46 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-26 20:51 - 2014-06-06 02:31 - 00000560 _____ () C:\windows\setupact.log
2014-07-26 20:51 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-25 00:42 - 2014-07-25 00:31 - 81864650 _____ () C:\Users\ROBERT\Downloads\TubeXClipscom - Free porn videos XXX porn movies Tube x clips (1).flv
2014-07-25 00:35 - 2014-07-25 00:11 - 53815583 _____ () C:\Users\ROBERT\Downloads\Old Guy Young Girl Homade Sextape H2Porn.flv
2014-07-25 00:19 - 2014-07-25 00:19 - 20004281 _____ () C:\Users\ROBERT\Downloads\TubeXClipscom - Free porn videos XXX porn movies Tube x clips.flv
2014-07-24 01:35 - 2013-03-26 16:50 - 00317044 _____ () C:\windows\PFRO.log
2014-07-24 01:34 - 2013-09-03 01:32 - 00000000 ____D () C:\AdwCleaner
2014-07-23 07:44 - 2014-07-17 14:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 03:26 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-22 02:57 - 2014-07-22 02:47 - 49737795 _____ () C:\Users\ROBERT\Downloads\Extreme teen daughter abuse on Red Tube Now.flv
2014-07-22 02:52 - 2014-07-22 02:47 - 32172308 _____ () C:\Users\ROBERT\Downloads\2 teens get fucked on Red Tube Now.flv
2014-07-20 04:36 - 2014-07-20 04:23 - 194000119 _____ () C:\Users\ROBERT\Downloads\Almost virgin all natural pussies closeup - beeg.mp4
2014-07-20 04:30 - 2014-07-20 03:57 - 120606129 _____ () C:\Users\ROBERT\Downloads\2 teens 1 man - xHamstercom.flv
2014-07-20 03:36 - 2014-07-20 03:33 - 17634493 _____ () C:\Users\ROBERT\Downloads\Happy Porn - Free Porn Movies.flv
2014-07-18 14:49 - 2011-01-03 00:00 - 00000000 ____D () C:\Users\ROBERT\AppData\Local\Google
2014-07-18 14:14 - 2012-08-03 13:31 - 00000000 ____D () C:\Users\ROBERT\AppData\Roaming\Mozilla
2014-07-18 13:44 - 2014-07-18 13:44 - 00895120 _____ (Google Inc.) C:\Users\ROBERT\Downloads\GoogleVoiceAndVideoSetup.exe
2014-07-18 12:07 - 2013-07-21 12:29 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 20:55 - 2014-06-03 06:59 - 00000000 ____D () C:\Users\ROBERT\Desktop\New folder
2014-07-17 16:20 - 2013-06-02 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-17 16:18 - 2013-08-23 03:09 - 00000000 ____D () C:\Users\ROBERT\Desktop\ROBERTS STUFF
2014-07-17 16:07 - 2014-07-17 16:07 - 01016261 _____ (Thisisu) C:\Users\ROBERT\Downloads\JRT.exe
2014-07-17 14:29 - 2014-07-17 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 14:29 - 2013-08-02 16:17 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 14:29 - 2013-01-15 07:37 - 00000000 ____D () C:\Users\ROBERT\AppData\Roaming\Malwarebytes
2014-07-17 14:28 - 2014-07-17 14:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 14:28 - 2013-01-15 07:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 14:12 - 2014-07-17 14:10 - 17743333 _____ () C:\Users\ROBERT\Downloads\Play video - Gandalf Free Porn.flv
2014-07-13 18:51 - 2011-01-14 19:36 - 00000000 ____D () C:\Users\ROBERT\AppData\Local\CrashDumps
2014-07-12 21:14 - 2014-07-12 21:14 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-12 21:14 - 2014-05-02 09:22 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-12 21:14 - 2013-12-27 14:23 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-12 21:14 - 2013-11-07 11:46 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-12 21:14 - 2013-10-17 12:39 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-12 21:14 - 2013-10-17 12:39 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-12 21:14 - 2013-10-17 12:39 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-12 21:14 - 2013-10-17 12:39 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-12 21:14 - 2013-10-17 12:39 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-12 21:14 - 2013-10-17 12:39 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-12 21:14 - 2013-10-17 12:38 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-12 21:03 - 2014-07-12 20:05 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-12 20:41 - 2014-07-12 20:41 - 01348263 _____ () C:\Users\ROBERT\Downloads\adwcleaner_3.215.exe
2014-07-12 14:44 - 2014-07-12 13:01 - 00000000 ____D () C:\SmartDraw CI
2014-07-12 14:32 - 2014-07-12 13:04 - 00000000 ____D () C:\Users\ROBERT\AppData\Roaming\SmartDraw
2014-07-12 13:04 - 2014-07-12 13:04 - 00000000 ____D () C:\Users\ROBERT\AppData\System
2014-07-11 18:39 - 2011-03-01 16:06 - 00000000 ____D () C:\Users\ROBERT\AppData\Roaming\SoftGrid Client
2014-07-09 08:42 - 2014-07-09 08:36 - 56541666 _____ () C:\Users\ROBERT\Downloads\Extreme Daughter Abuse - Malus Tube.mp4
2014-07-09 07:58 - 2014-07-09 07:57 - 08226495 _____ () C:\Users\ROBERT\Downloads\HQ Sex Tube - Free Porn Movies.flv
2014-07-09 07:53 - 2014-07-09 07:50 - 32099163 _____ () C:\Users\ROBERT\Downloads\Young teen daughter rougly hatefucked - Pornhubcom.mp4
2014-07-09 06:03 - 2014-07-09 05:58 - 52218082 _____ () C:\Users\ROBERT\Downloads\my bang van orgy - Free Porn Videos - YouPorn.mp4
2014-07-09 01:51 - 2014-07-09 01:50 - 07730246 _____ () C:\Users\ROBERT\Downloads\Play video - Oh Free Sex.flv
2014-07-09 00:44 - 2014-07-09 00:41 - 51946295 _____ () C:\Users\ROBERT\Downloads\my horny ex girlfriend - Free Porn Videos - YouPorn.mp4
2014-07-09 00:43 - 2014-07-09 00:41 - 28997098 _____ () C:\Users\ROBERT\Downloads\Daddy hatefucks a daughter - KeezMoviescom.mp4
2014-07-07 17:48 - 2014-07-07 17:44 - 37572967 _____ () C:\Users\ROBERT\Downloads\Curly haired lass is licked from the back.mp4
2014-07-07 17:42 - 2014-07-07 17:37 - 62715421 _____ () C:\Users\ROBERT\Downloads\You can calls us professional amateurs - Pornhubcom.mp4

Some content of TEMP:
====================
C:\Users\ROBERT\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 02:44

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by ROBERT at 2014-07-28 20:31:04
Running from C:\Users\ROBERT\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.11 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{BE3DFCA2-6F42-509D-555C-68A923314062}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version: - )
ccc-utility64 (Version: 2010.0315.1050.17562 - ATI) Hidden
CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.36 - WindSolutions)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Torres Box Tuning Calculator version 1.1 (HKLM-x32\...\{D9B30331-BBF9-4CC7-940A-D735A324E100}_is1) (Version: 1.1 - Chris Torres)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.2.0 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.24 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
V.92 Modem On Hold (HKLM-x32\...\{154C378D-D990-42DF-BDFD-5225E2EE3D8C}) (Version: 2.5.70.0 - Avanquest software)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - )
Vodafone WCDMA Composite Device Drive Software (HKLM-x32\...\Vodafone WCDMA Composite Device Drive) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

27-07-2014 07:54:28 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-10-26 02:22 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {005893B3-4F15-4919-A680-9E14C4D505D8} - System32\Tasks\{5F64B320-E5A6-4A3E-9078-769652F8124A} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {082556B8-9CCC-42C1-9B21-F6E5E54ECF1B} - System32\Tasks\{C2C74A66-9930-4FD6-B8A2-5A1FF6B5F3EB} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {0953C3F3-ECCA-48D0-B043-EA70F3F12D17} - System32\Tasks\{E2EE6893-A9B9-4642-9D23-14BD74B1CAE5} => C:\Program Files (x86)\GIMP\GIMPLauncher.exe
Task: {17C0AB24-61C2-4B9F-8A1A-B2E47299EF90} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {2E096CBC-8650-429A-A960-9BB69753EA73} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {39246825-E3ED-425D-B616-61D24511C4DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-12] (AVAST Software)
Task: {3BC7D623-EA42-493F-97BC-9D31B1093608} - System32\Tasks\{C4E8BFF4-22CE-4474-962D-546C22C7F882} => C:\program files (x86)\real\realplayer\RealPlay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {4938F010-3BFF-40DD-8B89-5DFC5F7D9AC4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {4A7ED03A-5698-46F9-BA62-DB88DED04D43} - \UpdaterEX No Task File <==== ATTENTION
Task: {4F8AF656-D546-4220-BB5D-D0A468329E94} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {536D4E5E-4B47-4E33-B33C-B9A107384DD5} - System32\Tasks\{3A445A40-E2B1-4BF7-9F8C-2871D073A49B} => C:\program files (x86)\real\realplayer\RealPlay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {65433B6D-2EB1-40DF-AD22-23A6A499D087} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21] (Google Inc.)
Task: {73C4CF91-CBB6-484E-B9E3-7DFB895B11CC} - System32\Tasks\{A049C56A-77AF-491E-8510-33C67791F48F} => C:\program files (x86)\real\realplayer\RealPlay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {73DA9E71-AB99-48DA-8B06-539CD8FAC420} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21] (Google Inc.)
Task: {7580EA54-F61F-481A-9A4A-396BE21C9A22} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {79AEF640-4942-4F77-BBD3-66E563A6D4B0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7D44E355-0F15-4A86-BC55-0E85D0C1ED09} - System32\Tasks\{0417DECD-3CAA-43EC-83D8-1A3C854B94FE} => C:\program files (x86)\real\realplayer\RealPlay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {8185451F-6AF4-429B-A5B6-E3BC46A336EF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8B78C795-68B2-43DC-B9C8-FD0F1F2DDE31} - System32\Tasks\{C2E12BFC-FAEC-48D4-B878-DAE3917500D6} => C:\Program Files (x86)\GIMP\GIMPLauncher.exe
Task: {8E34750F-0E12-4E44-B0E6-9955FC1A3B08} - System32\Tasks\{B16255F1-9D31-417A-B505-AA40E4BF958B} => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A6B8E513-2DF1-458C-806A-7E090D8DBE5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD2BBE8B-9668-4898-A0D7-4010937CD41F} - System32\Tasks\{A3332D92-BE66-44BB-AF49-2940243E408D} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {B0A5B457-8386-4183-B640-A2376AF06F9C} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {B4254462-76D1-451A-8551-E9D639A7C9CA} - System32\Tasks\{5F8A4A8C-F288-4F5F-B50B-79CAD03BE51A} => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B90D54E4-BE7F-49BE-929A-0A6482FC37D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C67DD978-9F93-4823-81AD-16997FE275F5} - System32\Tasks\{6D5C31A3-29C2-40BB-B2F1-4FCEF98C11A7} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {DA496A86-ECBD-476E-9E8D-DAA7BB400AFE} - System32\Tasks\{640559F6-CD62-4D6F-B65F-1C7AE8EF1D5A} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {E019972F-2562-41F2-8BC1-739A0ADFF4D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {E1B18526-91B1-44B0-B449-353DA3AF35AA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E61DCD44-D6BE-4315-924C-F0DEDA03CF69} - System32\Tasks\{284E5893-D00D-47A9-88FC-05C2A398D2D7} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2013-07-21] (RealNetworks, Inc.)
Task: {FA5B39B3-1921-4324-8367-D8D92BC93288} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {FFB660C3-4B90-4540-BCC9-513BDA5CF5E2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1876674280-98715098-3197743793-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-12 21:14 - 2014-07-12 21:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-24 17:59 - 2014-07-24 17:59 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072401\algo.dll
2014-07-26 20:52 - 2014-07-26 20:52 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072602\algo.dll
2014-07-28 13:39 - 2014-07-28 13:39 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072802\algo.dll
2014-07-12 21:14 - 2014-07-12 21:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-18 12:07 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 12:07 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 12:07 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 12:07 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 12:07 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: DragonSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\pcTrayApp.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk => "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291326\plugins\TBVerifier.dll",RunConduitFloatingPlugin njljkdinboobkmkihgcohanchjnjpgjk
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: ISTray => "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SMessaging =>
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 04:44:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/27/2014 02:48:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 02:16:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x4b4
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (07/26/2014 09:02:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/26/2014 08:56:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2014 02:35:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2014 01:47:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/23/2014 11:40:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/22/2014 03:29:55 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/21/2014 02:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/26/2014 08:52:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PxHlpa64

Error: (07/26/2014 08:51:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error:
%%1058

Error: (07/26/2014 08:51:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (07/26/2014 08:51:13 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Error: (07/26/2014 08:51:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:17:57 AM on ‎7/‎25/‎2014 was unexpected.

Error: (07/26/2014 08:51:12 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Error: (07/26/2014 08:51:03 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (07/24/2014 03:44:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (07/24/2014 01:39:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (07/24/2014 01:36:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PxHlpa64


Microsoft Office Sessions:
=========================
Error: (07/28/2014 04:44:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/27/2014 02:48:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/27/2014 02:16:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e04b401cfa968f101d356C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\windows\SysWOW64\ntdll.dllfb08d189-155d-11e4-8f28-88ae1df4a0b2

Error: (07/26/2014 09:02:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/26/2014 08:56:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ROBERT\Downloads\esetsmartinstaller_enu.exe

Error: (07/24/2014 02:35:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/24/2014 01:47:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/23/2014 11:40:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
ErrorCode: 14007(0x36b7).

Error: (07/22/2014 03:29:55 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/21/2014 02:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe


CodeIntegrity Errors:
===================================
Date: 2013-10-26 02:19:31.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-26 02:19:30.785
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 19:43:22.607
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 19:34:42.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 19:18:54.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 19:11:18.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 19:01:13.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 18:44:21.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 01:57:42.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-03 01:12:37.821
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\NlsDax64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3835.68 MB
Available physical RAM: 2361.87 MB
Total Pagefile: 7669.55 MB
Available Pagefile: 5876.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105955W0C) (Fixed) (Total:285.75 GB) (Free:204.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: FF592F49)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)

==================== End Of Log ============================
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby rmrrar » July 28th, 2014, 11:40 pm

Here is the log from eset online scanner.

C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted application
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby nunped » July 29th, 2014, 5:45 am

Hi rmrrar,

You have some stuff that should be removed, but nothing that would require a paid upgrade of avast!... Can you please post me the exact message you see from your antivirus?

Also, proceed with the cleaning:
Step 1 - Registry Backup (TCRB)

Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

Step 2 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    S4 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
    Task: {4A7ED03A-5698-46F9-BA62-DB88DED04D43} - \UpdaterEX No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
    C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help with possible infection

Unread postby rmrrar » July 29th, 2014, 9:17 pm

I wanted to ask on the step 2 do I want to paste the code in the search box on the FRST program or ?
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby rmrrar » July 29th, 2014, 9:21 pm

Nevermind my last post here is the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by ROBERT at 2014-07-29 20:19:37 Run:1
Running from C:\Users\ROBERT\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
S4 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
Task: {4A7ED03A-5698-46F9-BA62-DB88DED04D43} - \UpdaterEX No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
*****************

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
vToolbarUpdater15.4.0 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A7ED03A-5698-46F9-BA62-DB88DED04D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A7ED03A-5698-46F9-BA62-DB88DED04D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe" => File/Directory not found.
C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx => Moved successfully.

==== End of Fixlog ====
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby nunped » July 30th, 2014, 5:14 am

Hi rmrrar,

please answer to the question in my previous post:
You have some stuff that should be removed, but nothing that would require a paid upgrade of avast!... Can you please post me the exact message you see from your antivirus?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help with possible infection

Unread postby rmrrar » July 30th, 2014, 12:16 pm

I cant seem to get it to show its self it only does it at random. It says threat detected and pops up a window on my screen and wants me to upgrade .
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby nunped » August 1st, 2014, 1:00 pm

Hi rmrrar,

Sorry for the delay answering you. I am having some problems with my internet connection. I'll review your logs tomorrow and give you further steps.
Meanwhile, please take note of any new messages from your antivirus.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help with possible infection

Unread postby rmrrar » August 1st, 2014, 2:28 pm

ok will do
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby nunped » August 2nd, 2014, 6:32 am

Hi rmrrar,

Let's check for further signs of infection:

Step 1 - Search with FRST
  • Right-click FRST64.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Copy and Paste the following script into the Search: box Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
Code: Select all
vtoolbar;trolltech;conduit;datamngr;Fun4IM;Bandoo;Searchqu;iLivid;whitesmoke;kelkoopartners

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help with possible infection

Unread postby rmrrar » August 3rd, 2014, 2:55 am

Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by ROBERT at 2014-08-03 01:55:16
Running from C:\Users\ROBERT\Desktop
Boot Mode: Normal

================== Search Registry: "vtoolbar;trolltech;conduit;datamngr;Fun4IM;Bandoo;Searchqu;iLivid;whitesmoke;kelkoopartners" ===========


===================== Search result for "vtoolbar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}]
"DllName"="IEDevToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CC7E636D-39AA-49B6-B511-65413DA137A1}]
"DllName"="IEDevToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}]
"DllName"="IEDevToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{CC7E636D-39AA-49B6-B511-65413DA137A1}]
"DllName"="IEDevToolbar.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\vToolbarUpdater15.4.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\vToolbarUpdater15.4.0]
"DisplayName"="vToolbarUpdater15.4.0"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech]

[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]

[HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_njljkdinboobkmkihgcohanchjnjpgjk]
"command"=""C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291326\plugins\TBVerifier.dll",RunConduitFloatingPlugin njljkdinboobkmkihgcohanchjnjpgjk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\FAEB67A6F1D637247AB9AD48012A5EB6]
"File"="iSyncConduit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"FAEB67A6F1D637247AB9AD48012A5EB6"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VBMZ]
"P1"="conduit"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "whitesmoke" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"9C226B2701AA7D741AC073C79FCB5820"="C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm"

====== End Of Search ======
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: Help with possible infection

Unread postby nunped » August 4th, 2014, 9:51 am

Hi rmrrar,

Let's fix a couple more entries and you should be good to go. Please tell me how your computer is behaving.

Step 1 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\vToolbarUpdater15.4.0" /f
    Reg: reg delete "HKEY_USERS\S-1-5-21-1876674280-98715098-3197743793-1001\Software\Trolltech" /f
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware