Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome keeps redirecting


  • This topic is locked This topic is locked
12 replies to this topic

#1 lucasa123

lucasa123

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 25 September 2013 - 11:37 PM

Half of all sites I go to I am first redirected to another random site. Once I close it out and try again I get to the correct site, but it is happening more regularly as time goes by. In addition, on startup I am asked to allow startup.exe access to my hard drive, to which I reply no.Attached File  attach.txt   21.14KB   0 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686
Run by tensaddler at 23:22:36 on 2013-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6046.3702 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\windows\system32\Dwm.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files\TOSHIBA\TOSHIBA Split Screen Utility\TSU64.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSHIBA Split Screen Utility\TSU32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Windows\System32\regsvr32.exe
C:\windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TECO\TecoHook.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>;*.local
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Web Protect: {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - C:\Program Files (x86)\Web Protect\WebProtect.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Best Buy pc app] C:\Users\tensaddler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [ROC_ROC_APR2013_AV] C:\Users\tensaddler\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3a88ee96aa7b47d3ba61d5343d1d6423-464c0223bc2cf60927a21250674313c5e28d5a86 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\tensaddler\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 3a88ee96aa7b47d3ba61d5343d1d6423-464c0223bc2cf60927a21250674313c5e28d5a86 --CMPID 0913a
uRun: [Apps] rundll32 "C:\Users\tensaddler\AppData\Local\SRS Labs\Apps\ionbndkbfh.dll",DllRegisterServer
uRun: [ELIGCHK Update] regsvr32.exe C:\Users\tensaddler\AppData\Local\ELIGCHK\MSGRRU32.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
mRun: [Intel AT Service signup] C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe -launchonboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\TENSAD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JOBULA~1.LNK - C:\Program Files (x86)\Jobulator\Jobulator.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E514396E-1A07-4696-8284-C61354BE572A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E514396E-1A07-4696-8284-C61354BE572A}\564786F63747275616D6 : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSU] C:\Program Files (x86)\TOSHIBA\TOSHIBA Split Screen Utility\TSU.exe /s
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-8-22 192824]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-8-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-8-1 31544]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-8-22 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-8-22 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-8-27 3534896]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-8-20 300640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-20 127320]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-8-20 192856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-20 162648]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [2012-8-20 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-8-20 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2012-2-28 342464]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-20 362840]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\windows\System32\drivers\irstrtdv.sys [2012-8-20 26504]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-3-2 104048]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-8-20 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2012-3-19 21264]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-20 57216]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-3-16 846208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-1-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-26 02:48:25 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-26 02:42:53 -------- d-s---w- C:\Combofix
2013-09-20 15:50:59 -------- d-----w- C:\Users\tensaddler\AppData\Roaming\AVG2014
2013-09-20 15:46:49 -------- d-----w- C:\ProgramData\AVG2014
2013-09-20 15:45:09 -------- d-----w- C:\Users\tensaddler\AppData\Local\Avg2014
2013-09-19 06:44:16 98816 ----a-w- C:\windows\sed.exe
2013-09-19 06:44:16 256000 ----a-w- C:\windows\PEV.exe
2013-09-19 06:44:16 208896 ----a-w- C:\windows\MBR.exe
2013-09-19 02:22:47 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 02:22:47 -------- d-----w- C:\Program Files\iTunes
2013-09-19 02:22:47 -------- d-----w- C:\Program Files\iPod
2013-09-19 02:22:47 -------- d-----w- C:\Program Files (x86)\iTunes
2013-09-18 20:49:19 -------- d-----w- C:\ProgramData\Conduit
2013-09-18 18:28:21 -------- d-----w- C:\Program Files (x86)\Common Files\337
2013-09-18 18:28:13 -------- d-----w- C:\Users\tensaddler\AppData\Local\Programs
2013-09-18 18:28:07 -------- d-----w- C:\ProgramData\eSafe
2013-09-13 05:34:10 -------- d-----w- C:\Users\tensaddler\AppData\Local\PokerStars
2013-09-13 05:33:54 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-09-12 18:15:50 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-09-10 03:15:23 -------- d-----w- C:\Users\tensaddler\AppData\Local\ELIGCHK
2013-09-01 22:01:39 -------- d-----r- C:\Program Files (x86)\Skype
2013-09-01 21:51:28 -------- d-----w- C:\Users\tensaddler\AppData\Roaming\SkypeTalking
2013-09-01 21:45:43 -------- d-----w- C:\Users\tensaddler\AppData\Local\DefineExt
2013-09-01 21:45:35 -------- d-----w- C:\Program Files (x86)\privoxy
2013-09-01 21:45:21 -------- d-----w- C:\Program Files (x86)\Web Protect
2013-09-01 21:44:22 -------- d-----w- C:\Users\tensaddler\AppData\Local\SwvUpdater
2013-08-29 13:59:11 -------- d-----w- C:\Users\tensaddler\AppData\Local\Intel
.
==================== Find3M  ====================
.
2013-09-19 23:45:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 23:45:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-23 04:25:44 212280 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-08-23 04:08:14 294712 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-08-23 03:55:04 241464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-08-23 03:54:54 192824 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-08-21 03:53:58 123704 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 21:07:06 251192 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2013-08-01 21:06:28 147768 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2013-08-01 21:04:56 31544 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 23:23:00.51 ===============
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 26 September 2013 - 06:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 lucasa123

lucasa123
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 26 September 2013 - 03:42 PM

Hey Marius,

And thanks in advance for your help. The ark.txt is below. Also, whilst the scan was in progress AVG blocked two threats, both Trojan Horse Downloader.Generic13.BMVC. I secured them.

 

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-26 15:35:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. 465.76GB
Running: i42yp2ib.exe; Driver: C:\Users\TENSAD~1\AppData\Local\Temp\kwliyuoc.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2192:6048]  000007fefa902a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2192:5940]  000007fee8ead618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2192:492]   000007fef6bc5124
 
---- EOF - GMER 2.1 ----


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 26 September 2013 - 04:23 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 lucasa123

lucasa123
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 27 September 2013 - 12:11 PM

Thanks, here's the log:
 

ComboFix 13-09-26.03 - tensaddler 09/27/2013  10:06:29.1.4 - x64
Running from: c:\users\tensaddler\AppData\Local\Temp\Combofix (1).exe\6e81bfa0b8e84edfaeb0c8588b17dabf\Software\Combofix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\Common Files\337
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
c:\program files (x86)\Jobulator\Jobulator.exe
c:\program files (x86)\Web Protect\WeBProtect.dll
c:\programdata\Roaming
c:\users\tensaddler\AppData\Local\Google\Desktop\Install
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\@
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\00000004.@
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\00000008.@
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\000000cb.@
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\80000000.@
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\80000032.@
c:\users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\80000064.@
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-27 to 2013-09-27  )))))))))))))))))))))))))))))))
.
.
2013-09-27 15:11 . 2013-09-27 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-20 15:50 . 2013-09-20 15:50 -------- d-----w- c:\users\tensaddler\AppData\Roaming\AVG2014
2013-09-20 15:46 . 2013-09-21 01:15 -------- d-----w- c:\programdata\AVG2014
2013-09-20 15:45 . 2013-09-21 02:15 -------- d-----w- c:\users\tensaddler\AppData\Local\Avg2014
2013-09-19 02:22 . 2013-09-19 02:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 02:22 . 2013-09-19 02:23 -------- d-----w- c:\program files\iTunes
2013-09-19 02:22 . 2013-09-19 02:23 -------- d-----w- c:\program files (x86)\iTunes
2013-09-19 02:22 . 2013-09-19 02:22 -------- d-----w- c:\program files\iPod
2013-09-18 20:49 . 2013-09-18 20:49 -------- d-----w- c:\programdata\Conduit
2013-09-18 18:28 . 2013-09-18 18:28 -------- d-----w- c:\users\tensaddler\AppData\Local\Programs
2013-09-18 18:28 . 2013-09-18 18:29 -------- d-----w- c:\programdata\eSafe
2013-09-13 05:34 . 2013-09-13 05:43 -------- d-----w- c:\users\tensaddler\AppData\Local\PokerStars
2013-09-13 05:33 . 2013-09-13 05:43 -------- d-----w- c:\program files (x86)\PokerStars
2013-09-12 18:15 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-10 17:12 . 2013-09-10 17:12 -------- d-----r- C:\MSOCache
2013-09-10 03:15 . 2013-09-10 23:29 -------- d-----w- c:\users\tensaddler\AppData\Local\ELIGCHK
2013-09-09 03:11 . 2013-09-09 03:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-02 15:59 . 2013-09-02 15:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 15:29 . 2013-09-02 15:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 15:26 . 2013-09-02 15:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 15:26 . 2013-09-02 15:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-09-01 22:01 . 2013-09-23 13:37 -------- d-----w- c:\users\tensaddler\AppData\Roaming\Skype
2013-09-01 22:01 . 2013-09-01 22:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-01 22:01 . 2013-09-01 22:01 -------- d-----r- c:\program files (x86)\Skype
2013-09-01 22:01 . 2013-09-01 22:01 -------- d-----w- c:\programdata\Skype
2013-09-01 21:45 . 2013-09-13 05:56 -------- d-----w- c:\users\tensaddler\AppData\Local\DefineExt
2013-09-01 21:45 . 2013-09-01 21:45 -------- d-----w- c:\program files (x86)\privoxy
2013-09-01 21:45 . 2013-09-27 15:11 -------- d-----w- c:\program files (x86)\Web Protect
2013-09-01 21:44 . 2013-09-01 21:44 -------- d-----w- c:\users\tensaddler\AppData\Local\SwvUpdater
2013-08-29 13:59 . 2013-09-04 04:46 -------- d-----w- c:\users\tensaddler\AppData\Local\Intel
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 23:45 . 2012-05-23 10:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 23:45 . 2012-05-23 10:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 21:23 . 2013-01-05 19:13 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-21 03:53 . 2013-08-21 03:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-12 18:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 21:07 . 2013-08-01 21:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 21:06 . 2013-08-01 21:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-25 09:25 . 2013-08-14 20:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 20:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 20:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 20:45 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 20:44 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 20:45 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 20:45 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 20:45 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 20:44 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 20:45 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 20:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 20:45 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 20:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 20:44 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ELIGCHK Update"="c:\users\tensaddler\AppData\Local\ELIGCHK\MSGRRU32.dll" [2013-09-10 790528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-16 382976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-9-22 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-29 13:57 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 23:45]
.
2013-09-27 c:\windows\Tasks\AmiUpdXp.job
- c:\users\tensaddler\AppData\Local\SwvUpdater\Updater.exe [2013-09-01 21:44]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 09:07]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 09:07]
.
2013-09-27 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-09-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-12-21 378968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-16 12481680]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-05-14 2170752]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - c:\program files (x86)\Web Protect\WebProtect.dll
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\tensaddler\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\tensaddler\AppData\Local\DefineExt\temp.dat
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\tensaddler\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\tensaddler\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
Wow6432Node-HKCU-Run-Apps - c:\users\tensaddler\AppData\Local\SRS Labs\Apps\ionbndkbfh.dll
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\users\tensaddler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jobulator.lnk - c:\program files (x86)\Jobulator\Jobulator.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TSU - c:\program files (x86)\TOSHIBA\TOSHIBA Split Screen Utility\TSU.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-27  10:52:16 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-27 15:52
.
Pre-Run: 359,647,272,960 bytes free
Post-Run: 360,917,483,520 bytes free
.
- - End Of File - - F0474C3B60B51F905B62FA5AB905E3CA


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 28 September 2013 - 11:30 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 lucasa123

lucasa123
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 28 September 2013 - 07:38 PM

Combo with cf script:

 

ComboFix 13-09-28.02 - tensaddler 09/28/2013  18:43:33.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6046.3905 [GMT -5:00]
Running from: c:\users\tensaddler\Downloads\ComboFix.exe
Command switches used :: c:\users\tensaddler\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk"
"c:\windows\Tasks\AmiUpdXp.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PokerStars
c:\program files (x86)\PokerStars\PokerStarsBr.exe
c:\program files (x86)\privoxy
c:\program files (x86)\privoxy\config.txt
c:\program files (x86)\privoxy\cyggcc_s-1.dll
c:\program files (x86)\privoxy\cygwin1.dll
c:\program files (x86)\privoxy\cygz.dll
c:\program files (x86)\privoxy\default.action
c:\program files (x86)\privoxy\default.filter
c:\program files (x86)\privoxy\default.filter.old
c:\program files (x86)\privoxy\match-all.action
c:\program files (x86)\privoxy\privoxy.exe
c:\program files (x86)\privoxy\privoxy.log
c:\program files (x86)\privoxy\start.bat
c:\program files (x86)\privoxy\starthelp.exe
c:\program files (x86)\privoxy\user.action
c:\program files (x86)\privoxy\user.filter
c:\program files (x86)\Web Protect
c:\program files (x86)\Web Protect\chrome-wp.crx
c:\program files (x86)\Web Protect\psetup.exe
c:\program files (x86)\Web Protect\status2.txt
c:\program files (x86)\Web Protect\status3.txt
c:\program files (x86)\Web Protect\webprotect.ico
c:\program files (x86)\Web Protect\wget.exe
c:\program files (x86)\Web Protect\wp-adk_uninstall.exe
c:\programdata\Best Buy pc app
c:\programdata\Best Buy pc app\3.3.0628.01\AppIcon.ico.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\AppMeasurement_DotNET_Strong.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Best Buy pc app.exe.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Best Buy pc app.exe.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Best Buy pc app.exe.manifest
c:\programdata\Best Buy pc app\3.3.0628.01\BestBuySoftwareInstaller.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\BestBuySoftwareInstaller.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Common.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Common.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\CommunicationNet.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Controls.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\FluidKit.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Interop.IWshRuntimeLibrary.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Ionic.Zip.Reduced.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Localization.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.Composite.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.Composite.Presentation.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.Composite.UnityExtensions.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.ObjectBuilder2.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.ServiceLocation.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.Unity.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Microsoft.Practices.Unity.Interception.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\pc app Installer.exe.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\pc app Installer.exe.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Default.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Default.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.Common.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.Common.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.Controller.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.ViewModels.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.ViewModels.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.Views.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.GeekSquad.Views.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Home.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Home.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Omniture.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Omniture.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Update.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImage.Modules.Update.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImageInfrastructure.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\PCImageInfrastructure.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\Localization\en-US\RTFs\About.rtf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\Localization\en-US\RTFs\license.rtf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\Localization\en-US\RTFs\WelcomeScreen.rtf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\Localization\en-US\Translations.xml.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\arrow_left.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\arrow_right.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\availableAgents.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\BBSI_Logo_Final.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\btn_connectNow.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\busy.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\card-CID-A.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\card-CID-B.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Cart-BtnSm.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\checkMark_12x12.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\CID_40x18.jpg.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Click_button5.wav.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\ESRB_Graphic.JPG.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\ApexNew-BoldItalic.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\ApexNew-Book.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\ApexNew-BookItalic.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\ApexNew-Medium.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\ApexNew-MediumItalic.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-66FullFlyweight.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-67FullBantamwt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-68FullFeatherwt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-69FullLiteweight.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-70FullWelterwt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-90UltmtWelterwt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-91UltmtMiddlewt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-92UltmtCruiserwt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-93UltmtHeviwt.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Fonts\Knockout-94UltmtSumo.ttf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\geek_squad_support_2.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\HelveticaLTStd-Bold.otf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\HelveticaLTStd-Roman.otf.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icon_error.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\icon_good.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\Cart.ico.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\Check.ico.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\Clock.ico.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\Home.ico.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_AdultsOnly.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_EarlyChildhood.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_Everyone.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_Everyone10plus.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_Mature.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_Pending.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\icon_ESRB_Teen.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Icons\Installed.ico.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\MajorUpdateBG.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\OfficeActivationImage.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\offline.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\OfflineBG.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\online.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\OutsideUS-BG.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\QuickUpdateBG.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\remoteSupportHeader.gif.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\StarEmpty.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\StarFull.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\Verisign_69x33.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\VeriSignLogo_76x36.jpg.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\StaticResources\WelcomeBG.png.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\tempCategories.xml.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Resources\TranslationSchema.xsd.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\Restarter.exe.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\SecureDownloadAPI.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\SecureDownloadAPI64.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\SecureDownloadAPIHelper.exe.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\SharpBITS.Base.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\ViewModels.dll.config.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\ViewModels.dll.deploy
c:\programdata\Best Buy pc app\3.3.0628.01\WCFCompression.dll.deploy
c:\programdata\Best Buy pc app\Best Buy pc app Launcher.exe
c:\programdata\Best Buy pc app\Best Buy pc app.application
c:\programdata\Best Buy pc app\Best Buy pc app.lnk
c:\programdata\Best Buy pc app\BestBuyPcAppDetector.ocx
c:\programdata\Best Buy pc app\ClickOnceSetup.exe
c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
c:\programdata\Best Buy pc app\npBestBuyPcAppDetector.dll
c:\programdata\Conduit
c:\programdata\eSafe
c:\programdata\eSafe\log\eGdpSvc.LOG
c:\users\tensaddler\AppData\Local\DefineExt
c:\users\tensaddler\AppData\Local\ELIGCHK
c:\users\tensaddler\AppData\Local\ELIGCHK\MSGRRU32.dll
c:\users\tensaddler\AppData\Local\ELIGCHK\MSGRRU32.lck
c:\users\tensaddler\AppData\Local\PokerStars
c:\users\tensaddler\AppData\Local\Programs
c:\users\tensaddler\AppData\Local\SwvUpdater
c:\users\tensaddler\AppData\Local\SwvUpdater\status.cfg
c:\users\tensaddler\AppData\Local\SwvUpdater\Updater.exe
c:\users\tensaddler\AppData\Local\SwvUpdater\Updater.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-28 to 2013-09-28  )))))))))))))))))))))))))))))))
.
.
2013-09-28 23:47 . 2013-09-28 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-20 15:50 . 2013-09-20 15:50 -------- d-----w- c:\users\tensaddler\AppData\Roaming\AVG2014
2013-09-20 15:46 . 2013-09-21 01:15 -------- d-----w- c:\programdata\AVG2014
2013-09-20 15:45 . 2013-09-21 02:15 -------- d-----w- c:\users\tensaddler\AppData\Local\Avg2014
2013-09-19 02:22 . 2013-09-19 02:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 02:22 . 2013-09-19 02:23 -------- d-----w- c:\program files\iTunes
2013-09-19 02:22 . 2013-09-19 02:23 -------- d-----w- c:\program files (x86)\iTunes
2013-09-19 02:22 . 2013-09-19 02:22 -------- d-----w- c:\program files\iPod
2013-09-12 18:15 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-10 17:12 . 2013-09-10 17:12 -------- d-----r- C:\MSOCache
2013-09-09 03:11 . 2013-09-09 03:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-02 15:59 . 2013-09-02 15:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 15:29 . 2013-09-02 15:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 15:26 . 2013-09-02 15:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 15:26 . 2013-09-02 15:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-09-01 22:01 . 2013-09-23 13:37 -------- d-----w- c:\users\tensaddler\AppData\Roaming\Skype
2013-09-01 22:01 . 2013-09-01 22:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-01 22:01 . 2013-09-01 22:01 -------- d-----r- c:\program files (x86)\Skype
2013-09-01 22:01 . 2013-09-01 22:01 -------- d-----w- c:\programdata\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 23:45 . 2012-05-23 10:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 23:45 . 2012-05-23 10:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 21:23 . 2013-01-05 19:13 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-21 03:53 . 2013-08-21 03:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-12 18:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 21:07 . 2013-08-01 21:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 21:06 . 2013-08-01 21:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-25 09:25 . 2013-08-14 20:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 20:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 20:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 20:45 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 20:44 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 20:45 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 20:45 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 20:45 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 20:44 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 20:45 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 20:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 20:45 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 20:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 20:44 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4}]
c:\program files (x86)\Web Protect\WebProtect.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\tensaddler\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
c:\users\tensaddler\AppData\Local\DefineExt\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-16 382976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-29 13:57 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 23:45]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 09:07]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 09:07]
.
2013-09-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-09-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-12-21 378968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-16 12481680]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-05-14 2170752]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TSU"="c:\program files (x86)\TOSHIBA\TOSHIBA Split Screen Utility\TSU.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Privoxy - c:\program files (x86)\privoxy\starthelp.exe
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application"
AddRemove-wp-adk - c:\program files (x86)\Web Protect\wp-adk_uninstall.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\tensaddler\AppData\Local\SwvUpdater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-28  18:52:27 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-28 23:52
ComboFix2.txt  2013-09-28 23:39
ComboFix3.txt  2013-09-27 15:52
.
Pre-Run: 362,673,795,072 bytes free
Post-Run: 362,245,758,976 bytes free
.
- - End Of File - - 7F9E4E810B35E5BE3D8E56DE94FB99B0
 
 
 
 
Malwarebytes Log:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.28.12
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
tensaddler :: TENSADDLER-PC [administrator]
 
9/28/2013 6:57:28 PM
mbam-log-2013-09-28 (18-57-28).txt
 
Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344477
Time elapsed: 34 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 21
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{35853321-818D-4B5D-AA6B-6C56DBBFEEE7} (PUP.Optional.WebProtect) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 5
c:\windows\temp\cookies (Backdoor.Agent) -> Delete on reboot.
C:\Users\tensaddler\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
 
Files Detected: 52
C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\tensaddler\.frostwire5\updates\frostwire-5.6.4.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\Download.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\FlashPlayer__2114_i35352757_il42840.exe (PUP.Optional.Amonetize.AS) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\Flash_515481 (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\Flash_515481.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\frostwire-5.5.1.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\iLividSetup-r541-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\mplayer.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall (1).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall (2).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall (3).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall (4).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall (5).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall (6).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\PluginInstall.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\Skype_Setup.exe.old (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\winzip.exe (PUP.OptionalBundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\Word_Setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\xvidly_setup (1).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\xvidly_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\tensaddler\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
c:\windows\temp\clientbar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\minihook.dll (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\windowsnw.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\history\firefox.ex (Backdoor.Zapchast) -> Delete on reboot.
c:\windows\temp\kdata (Malware.Trace) -> Delete on reboot.
c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> Delete on reboot.
c:\windows\temp\managee.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\cookies\venton.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\temporary\makeout.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\as.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\_ex-68.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\system32.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\volume.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\xregist.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\explorer.exe-min (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\internt.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\adobe_update.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\loadqq.exe (Trojan.ChinAd) -> Delete on reboot.
c:\windows\temp\udpmon.txt (Backdoor.Trace) -> Delete on reboot.
c:\windows\temp\ahnlab.exe (Trojan.Banker) -> Delete on reboot.
C:\Users\tensaddler\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
 
(end)
 


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 29 September 2013 - 10:31 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 lucasa123

lucasa123
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 29 September 2013 - 05:13 PM

 C:\Qoobox\Quarantine\C\Program Files (x86)\Web Protect\WeBProtect.dll.vir a variant of Win32/AdWare.Facetheme.F application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\00000004.@.vir Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\00000008.@.vir Win64/Conedex.I trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\80000000.@.vir a variant of Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\80000032.@.vir probably a variant of Win32/Sirefef.FV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\tensaddler\AppData\Local\Google\Desktop\Install\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\2E2F~1\28F0~1\E628~1\{f4e8fb6f-4727-898f-5e4b-ff21ab4e62e6}\U\80000064.@.vir a variant of Win64/Sirefef.AZ trojan cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\bonjourforwindows-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup (2).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup (3).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup (4).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup (5).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup (6).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\winrar setup (1).exe a variant of Win32/Soft32Downloader.D application cleaned by deleting - quarantined
C:\Users\tensaddler\Downloads\winrar setup.exe a variant of Win32/Soft32Downloader.D application cleaned by deleting - quarantined


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 30 September 2013 - 01:22 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Delete
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 lucasa123

lucasa123
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 30 September 2013 - 03:26 PM

# AdwCleaner v3.005 - Report created 30/09/2013 at 15:20:10
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : tensaddler - TENSADDLER-PC
# Running from : C:\Users\tensaddler\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup 
Folder Deleted : C:\Users\tensaddler\AppData\Local\Conduit
Folder Deleted : C:\Users\tensaddler\AppData\Local\cre
Folder Deleted : C:\Users\tensaddler\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\tensaddler\AppData\LocalLow\PriceGong
File Deleted : C:\Users\tensaddler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\tensaddler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v29.0.1547.62
 
[ File : C:\Users\tensaddler\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [3395 octets] - [30/09/2013 15:15:55]
AdwCleaner[S0].txt - [3278 octets] - [30/09/2013 15:20:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3338 octets] ##########
 
 
 
 
Security check:
 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 25  
 Java version out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.95  
 Google Chrome 29.0.1547.62  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 01 October 2013 - 01:22 AM

The system is free of malware! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

 

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:
 

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

 

How to protect yourself
 

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Edited by TB-Psychotic, 01 October 2013 - 01:22 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 08 October 2013 - 02:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users