Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hi! I don't think I'm infected,but would like to check

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hi! I don't think I'm infected,but would like to check

Unread postby Dokie » November 28th, 2014, 12:46 pm

Hi! I'm brand new here. I've tried to read all the rules before posting. I hope I get it right.
I don't think I'm infected, but would like to check my PC.
I run MSE and MBAB Pro. I scanned my PC with AdwCleaner,Malwarebytes Rootkit,ESET on line scanner and JRT recently.
My Pro version of MBAM scans daily.
I'm in no hurry, so help other members first.
Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.65.2
Run by Gary at 10:23:30 on 2014-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.2860 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DS ... ller64.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{FB216050-DA3B-4FA8-AAE6-974E2006D7E9} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{FB216050-DA3B-4FA8-AAE6-974E2006D7E9}\2456C6B696E6F574F575962756C6563737F5037383333453 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FB216050-DA3B-4FA8-AAE6-974E2006D7E9}\2557269734865656471686 : DHCPNameServer = 192.168.1.1 208.180.42.68 208.180.42.100
TCP: Interfaces\{FB216050-DA3B-4FA8-AAE6-974E2006D7E9}\25F4 : DHCPNameServer = 192.168.0.11
TCP: Interfaces\{FB216050-DA3B-4FA8-AAE6-974E2006D7E9}\3757464656E6C696E6B6E2E65647D283343424 : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{FB216050-DA3B-4FA8-AAE6-974E2006D7E9}\74F6C64656E6F416B637D275966696 : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: javascript - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\windows\System32\rundll32.exe C:\windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files (x86)\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: AutorunsDisabled - <Clsid value has no data>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: javascript - <Clsid value has no data>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\ua9dkwx9.default-1396548239037\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-11-5 83176]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-11-5 43240]
R0 amdide64;amdide64;C:\windows\System32\drivers\amdide64.sys [2014-11-5 11944]
R0 hotcore3;hc3ServiceName;C:\windows\System32\drivers\hotcore3.sys [2011-10-25 37456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-10-6 63000]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-8-19 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-10-24 162824]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-4-1 49464]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-10-6 441144]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-11 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-11 968504]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-11-11 517632]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-6-12 290520]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2014-11-5 94720]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-10-26 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-11 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-11 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-24 38096]
R3 PSMounterEx;Macrium Reflect Image Explorer Driver;C:\windows\System32\drivers\psmounterex.sys [2014-10-30 166384]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-11-5 939224]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 2974424]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2014-6-12 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 PCCUJobMgr;Common Client Job Manager Service; [x]
S3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2012-4-9 46136]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-9 21712]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 PSVolAcc;PSVolAcc;C:\windows\System32\drivers\PSVolAcc.sys [2014-7-21 12760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-4-23 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-24 250984]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-24 880272]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-10-24 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-25 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .ini: inifile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-27 23:54:57 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21A5C668-3F51-4BD8-9F3B-14987DC00586}\mpengine.dll
2014-11-27 16:57:58 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-22 16:58:57 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF4A78AC-9713-4515-8D84-A2BF8E9613B6}\gapaengine.dll
2014-11-21 22:44:12 -------- d-----w- C:\ProgramData\UAB
2014-11-21 22:43:56 -------- d-----w- C:\ProgramData\Drivers For Free
2014-11-21 22:42:57 -------- d-----w- C:\Program Files (x86)\Drivers For Free
2014-11-20 09:30:01 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{250C7A3B-E02A-416B-970A-5AB213F90790}\gapaengine.dll
2014-11-19 02:46:55 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-19 02:46:55 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-19 02:46:55 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-19 02:46:55 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-17 17:19:49 -------- d-sh--w- C:\Users\Gary\AppData\Local\EmieBrowserModeList
2014-11-11 22:30:01 304640 ----a-w- C:\windows\System32\generaltel.dll
2014-11-11 22:30:00 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-11-11 22:30:00 228864 ----a-w- C:\windows\System32\aepdu.dll
2014-11-11 22:28:38 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-11-10 15:50:04 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-11-07 16:13:42 -------- d-----w- C:\Users\Gary\AppData\Local\{A9045017-FB5A-47B7-AA60-F6F9A476C96D}
2014-11-06 03:32:10 -------- d-----w- C:\windows\SysWow64\RTCOM
2014-11-06 03:06:01 11944 ----a-w- C:\windows\System32\drivers\amdide64.sys
2014-11-06 03:05:01 94720 ----a-w- C:\windows\System32\drivers\AtihdW76.sys
2014-11-06 03:04:52 110080 ----a-w- C:\windows\System32\DelayAPO.dll
2014-11-06 02:37:24 -------- d-----w- C:\AMD
2014-11-06 02:18:02 939224 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2014-11-06 02:18:02 73800 ----a-w- C:\windows\System32\RtNicProp64.dll
2014-11-04 05:49:06 -------- d-----w- C:\Program Files (x86)\RegSeeker
2014-10-30 12:18:59 166384 ----a-w- C:\windows\System32\drivers\psmounterex.sys
.
==================== Find3M ====================
.
2014-11-28 11:46:04 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-26 05:29:32 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 05:29:32 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll
2014-10-30 11:25:26 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-10-01 17:11:26 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-01 17:11:16 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-01 17:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
.
============= FINISH: 10:24:17.62 ===============
Dokie
Banned Member
 
Posts: 35
Joined: November 28th, 2014, 2:10 am
Advertisement
Register to Remove

Re: Hi! I don't think I'm infected,but would like to check

Unread postby Gary R » November 29th, 2014, 1:51 am

No obvious signs of any infection in the log you supplied.

There are a couple of minor matters that probably need attending to ...

I see you have "Poker Stars" installed. Whilst this is not "malicious" as such, programs like this tend to be a security risk, and often send back information that you might not want to share.

You also have "RegSeeker" installed. We do not recommend the use of "registry cleaners" of any type. They serve little or no purpose, and will give no discernible improvement to the performance of your computer.

The Registry can be a somewhat temperamental entity, it will happily deal with any number of "orphans" without the slightest measurable dip in your computer's performance. However remove the wrong entry, and you can easily turn your functioning computer into a far less useful doorstop.

The gain vs risk equation is not a good one, so my recommendation is that you uninstall this program.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hi! I don't think I'm infected,but would like to check

Unread postby Dokie » November 29th, 2014, 11:55 am

Thank you for your time Gary! I'm glad to hear I'm clear of infections. Will be a good time to create a back up image of my OS while my PC is clean.
Yes I play poker on "Poker Stars". I really don't have any thing thing important they would want to know, but that's good to know.
I also have "RegSeeker". The reason I have it is for searching for left overs after uninstalling a program with REVO. It works really well to find the registry entries that REVO misses. Even though REVO gets most of them, it does miss a few and RegSeeker will find them. I realize that the registry can deal with the left overs or orphans, but I like to keep my PC as clean as possible and I always have a back up image of my OS if I need to restore.
I have only had a PC for 10 years. I'm 76 and have a lot to learn. I'm going to look around on your forum and see if I can learn and maybe help a little.
Thanks again for your time and assuring me that my PC is free of infections. I live in a retirement center and help the 400+ seniors here with their PC's and printers,so I need to learn how to deal with malware. I'm seriously thinking about trying your training school. I just don't learn as fast as I use to.
Gary
Dokie
Banned Member
 
Posts: 35
Joined: November 28th, 2014, 2:10 am

Re: Hi! I don't think I'm infected,but would like to check

Unread postby Gary R » November 29th, 2014, 1:04 pm

You're welcome, glad to be of assistance. :)

I'm glad to hear you have a good backup strategy in place, so few people seem to pay attention to this crucial area of computer safety. A good set of backups, kept on detachable media (the backup disk should only be connected to the computer when creating a backup or restoring from a backup) is IMO the only true defence against the current range of disk encrypting ransomeware that seems to be sweeping the web these days.

You're welcome to apply for training here any time, don't worry about learning fast, because we have successfully trained people with all sorts of experience and ability. All we really need is a steady conscientious effort from our students, and a willingness to work hard, and by the sound of it that shouldn't be a problem for you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hi! I don't think I'm infected,but would like to check

Unread postby Dokie » November 29th, 2014, 2:18 pm

Thanks again! I argree 100% with you on about having a back up image. I have a seagate 1TB external drive where I keep my images. I save the oldest image and the newest of a least 8 images and delete the ones in between. I just finished creating a image after your all clear of my system.
I use macrium reflect. Been using it for about 10 years. It has bailed me out several times, especially when I first started using a computer.
Won't bore you any more with my details. I'm seriously giving the school a try. Hate to start things and not finish them.
Thanks Gary R
Gary!
Dokie
Banned Member
 
Posts: 35
Joined: November 28th, 2014, 2:10 am

Re: Hi! I don't think I'm infected,but would like to check

Unread postby Gary R » November 30th, 2014, 2:12 am

Once again, you're welcome. :)

Been nice talking to you.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware