Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittently losing internet connection - Suspect Virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 rmilunas

rmilunas

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 01 January 2015 - 02:49 PM

This computer repeatedly loses internet connection. The internet connection icon will sometime show (local only - no internet) and then will lose connection with the wireless router completely.    After a bit it will auto connect again.   Also intermittently it will take a very long time to load web pages.  I have checked the upload and download speed with speedtest and everything looks normal.    I dont know if it is related, but I also am getting a windows security alert that I dont have anti virus and anti spyware enabled, but the AVAST dashboard shows that avast is fully functional.   I am concerned that I might have malware affecting all of this. 

 

DS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16599
Run by Rim at 13:30:22 on 2015-01-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.1514 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\lxblcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Users\Rim\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES (X86)\GARMIN\EXPRESS TRAY\EXPRESSTRAY.EXE
C:\PROGRAM FILES (X86)\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE
C:\PROGRAM FILES (X86)\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {85E0B171-04FA-11d1-B7DA-00A0C90348D6} - LocalServer32 - <no file>
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Google Update] "C:\Users\Rim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Linked&In Search - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Windows\System32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16E3BC6E-545F-4DC4-9BD9-02B4E380E378} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{84AFA9BD-6C1D-490A-915C-0F060A6DE130} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A17D8BA3-5FD4-4251-8C17-C7168C7CF6FD} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Users\Rim\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-11 224896]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2008-9-11 504912]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-3-11 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-3-11 427360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-29 238080]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-21 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-11 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-11 50344]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-1-23 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-1-23 55296]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-20 186200]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]
R2 lxbl_device;lxbl_device;C:\Windows\System32\lxblcoms.exe -service --> C:\Windows\System32\lxblcoms.exe -service [?]
R2 OpenLibSys;OpenLibSys;C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys [2008-9-11 14544]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-14 8704]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-4-28 4730368]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
R3 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-1-23 291352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2012-8-9 207872]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2008-6-10 36424]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-21 90776]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-14 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-14 237568]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-12-12 14:12:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-12 14:12:30 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-12 09:13:51 112710672 ----a-w- C:\Windows\System32\mrt.exe
2014-12-03 02:06:01 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-12-03 01:51:29 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-11-24 22:12:45 17874432 ----a-w- C:\Windows\System32\mshtml.dll
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:54:00 10921984 ----a-w- C:\Windows\System32\ieframe.dll
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:43 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:45:37 237056 ----a-w- C:\Windows\System32\url.dll
2014-11-24 21:45:29 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:44:51 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-11-24 21:44:49 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-11-24 21:44:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-11-24 21:44:21 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-11-24 21:44:11 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-11-24 21:44:08 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-11-24 21:44:05 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-11-24 21:43:51 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 21:42:58 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:41:46 12369920 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:37:23 9740800 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-11-24 20:35:45 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:34:05 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-11-24 20:33:59 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:33:26 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-11-24 20:33:21 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-11-24 20:33:15 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-11-24 20:33:03 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-11-24 20:32:53 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-11-24 20:32:49 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-11-24 20:32:48 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-24 20:32:17 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-23 19:51:55 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-18 20:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-07 01:33:21 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-07 01:28:24 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-04 00:35:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-04 00:19:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
.
============= FINISH: 13:31:37.88 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 06 January 2015 - 02:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561740 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rmilunas

rmilunas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 06 January 2015 - 07:35 PM

  • I have not performed any additional trouble shooting,  
  • new DDS log is below and attached
  • I do have access to my original WIndows DVD

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16599
Run by Rim at 18:29:58 on 2015-01-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.1572 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\lxblcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES (X86)\GARMIN\EXPRESS TRAY\EXPRESSTRAY.EXE
C:\PROGRAM FILES (X86)\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\PROGRAM FILES (X86)\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {85E0B171-04FA-11d1-B7DA-00A0C90348D6} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\Rim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Linked&In Search - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Windows\System32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16E3BC6E-545F-4DC4-9BD9-02B4E380E378} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{84AFA9BD-6C1D-490A-915C-0F060A6DE130} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A17D8BA3-5FD4-4251-8C17-C7168C7CF6FD} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Users\Rim\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-11 224896]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2008-9-11 504912]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-3-11 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-3-11 427360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-29 238080]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-21 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-11 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-11 50344]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-1-23 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-1-23 55296]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-20 186200]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]
R2 lxbl_device;lxbl_device;C:\Windows\System32\lxblcoms.exe -service --> C:\Windows\System32\lxblcoms.exe -service [?]
R2 OpenLibSys;OpenLibSys;C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys [2008-9-11 14544]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-14 8704]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-4-28 4730368]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
R3 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-1-23 291352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2012-8-9 207872]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2008-6-10 36424]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-21 90776]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-14 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-14 237568]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-12-12 14:12:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-12 14:12:30 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-12 09:13:51 112710672 ----a-w- C:\Windows\System32\mrt.exe
2014-12-03 02:06:01 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-12-03 01:51:29 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-11-24 22:12:45 17874432 ----a-w- C:\Windows\System32\mshtml.dll
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:54:00 10921984 ----a-w- C:\Windows\System32\ieframe.dll
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:43 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:45:37 237056 ----a-w- C:\Windows\System32\url.dll
2014-11-24 21:45:29 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:44:51 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-11-24 21:44:49 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-11-24 21:44:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-11-24 21:44:21 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-11-24 21:44:11 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-11-24 21:44:08 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-11-24 21:44:05 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-11-24 21:43:51 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 21:42:58 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:41:46 12369920 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:37:23 9740800 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-11-24 20:35:45 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:34:05 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-11-24 20:33:59 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:33:26 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-11-24 20:33:21 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-11-24 20:33:15 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-11-24 20:33:03 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-11-24 20:32:53 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-11-24 20:32:49 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-11-24 20:32:48 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-24 20:32:17 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-23 19:51:55 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-18 20:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-07 01:33:21 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-07 01:28:24 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-04 00:35:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-04 00:19:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
.
============= FINISH: 18:31:43.59 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 AM

Posted 07 January 2015 - 11:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 rmilunas

rmilunas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 January 2015 - 09:14 PM

Hi NASDAQ

 

Adware  Log is below,  I unchecked ANT downloader entries since I want that program, but I have also heard there are issues with it???

 

Farber log is below that and the addition.txt is attached

 

 AdwCleaner v4.107 - Report created 08/01/2015 at 19:50:37
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Rim - RIM-PC
# Running from : C:\Users\Rim\Desktop\Bleeping Computer\adwcleaner_4.107.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\Ask
[!] Folder Deleted : C:\Users\Guest\AppData\LocalLow\Yahoo! Companion
[!] Folder Deleted : C:\Users\Rim\AppData\LocalLow\AGI
[!] Folder Deleted : C:\Users\Rim\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Users\Rim\AppData\LocalLow\Yahoo! Companion
[!] Folder Deleted : C:\Users\Rim\Documents\Dock
[!] Folder Deleted : C:\Users\Settings\AppData\LocalLow\Yahoo! Companion
[x] Not Deleted : C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\Extensions\anttoolbar@ant.com
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
File Deleted : C:\Users\Rim\AppData\Local\Temp\Uninstall.exe
[x] Not Deleted : C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\AGI
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
[ham4oyrx.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://us.yhs4.search.yahoo.com/yhs/search");
[ham4oyrx.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://us.yhs4.search.yahoo.com/yhs/search");
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
[C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
[C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.collegeconfidential.com/search-results?q={searchTerms}
[C:\Users\Settings\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Settings\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7468 octets] - [08/01/2015 19:38:40]
AdwCleaner[S0].txt - [6693 octets] - [08/01/2015 19:50:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6753 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Rim (administrator) on RIM-PC on 08-01-2015 20:01:09
Running from C:\Users\Rim\Desktop\Bleeping Computer
Loaded Profile: Rim (Available profiles: Rim & Settings & Family & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
( ) C:\Windows\System32\lxblcoms.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [325512 2011-05-15] (BillP Studios)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Run: [Google Update] => C:\Users\Rim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-23] (Google Inc.)
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-4021887201-1993260024-3482237381-1002\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {1A1DAC8C-074D-440F-8707-7009A672D7D1} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4021887201-1993260024-3482237381-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4021887201-1993260024-3482237381-1000 -> No Name - {BB670D0B-5C46-40C7-B38B-40DD26987723} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F8FC1530-0608-11DF-2008-0800200C9A66} https://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4021887201-1993260024-3482237381-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKU\S-1-5-21-4021887201-1993260024-3482237381-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rim\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4021887201-1993260024-3482237381-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rim\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\wot-safe-search.xml
FF SearchPlugin: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\yahoo-avast.xml
FF Extension: Ant Video Downloader - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\Extensions\anttoolbar@ant.com [2014-08-13]
FF Extension: WOT - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
FF Extension: OptimizeGoogle - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\Extensions\optimizegoogle@optimizegoogle.com.xpi [2011-12-08]
FF Extension: NoScript - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-08]
FF Extension: Adblock Plus - C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-08]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-11]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR Profile: C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-02]
CHR Extension: (Google Drive) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-02]
CHR Extension: (Google Cast) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-26]
CHR Extension: (Google Search) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-02]
CHR Extension: (PictaCast for Chromecast® - Trial) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekgaebaencakkggokbokmgojdbafnefi [2014-12-26]
CHR Extension: (AdBlock) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Avast Online Security) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Hangouts) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-02]
CHR HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-12] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2008-06-27] (TOSHIBA CORPORATION) [File not signed]
R2 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-07-10] (TOSHIBA CORPORATION) [File not signed]
S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1371136 2008-04-30] (Intel® Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [186200 2013-03-20] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
R2 lxbl_device; C:\Windows\SysWOW64\lxblcoms.exe [537520 2007-04-20] ( )
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-04-30] (Intel® Corporation) [File not signed]
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [207872 2012-08-09] () [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
R2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-12] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-08-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-08-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-12] ()
S1 Beep; No ImagePath
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
R2 OpenLibSys; C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys [14544 2007-10-19] (OpenLibSys.org)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 Tosrfcom; No ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 20:00 - 2015-01-08 20:01 - 00000000 ____D () C:\FRST
2015-01-08 19:38 - 2015-01-08 19:50 - 00000000 ____D () C:\AdwCleaner
2015-01-08 19:37 - 2015-01-08 20:01 - 00000000 ____D () C:\Users\Rim\Desktop\Bleeping Computer
2015-01-01 13:34 - 2015-01-06 18:33 - 00020464 _____ () C:\Users\Rim\Desktop\dds.txt
2015-01-01 13:34 - 2015-01-06 18:33 - 00018713 _____ () C:\Users\Rim\Desktop\attach.txt
2015-01-01 13:28 - 2015-01-01 13:28 - 00688992 ____R (Swearware) C:\Users\Rim\Desktop\dds.com
2014-12-26 14:22 - 2014-12-26 14:22 - 00002028 _____ () C:\Users\Rim\Desktop\Chrome App Launcher.lnk
2014-12-26 14:22 - 2014-12-26 14:22 - 00000000 ____D () C:\Users\Rim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-26 12:02 - 2014-12-26 12:02 - 00007796 _____ () C:\Users\Rim\Desktop\Fitbit Scale Logs.zip
2014-12-26 11:48 - 2014-12-26 11:48 - 06931816 _____ (Fitbit, Inc) C:\Users\Rim\Downloads\[FitbitScaleSetup][Win][20140925][1.0.3.155].exe
2014-12-12 03:11 - 2014-11-03 18:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 03:11 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 03:10 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 03:10 - 2014-11-06 19:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 03:08 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-12 03:08 - 2014-12-02 19:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-11 19:48 - 2014-11-24 16:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 19:48 - 2014-11-24 15:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 19:48 - 2014-11-24 15:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 19:48 - 2014-11-24 15:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 19:48 - 2014-11-24 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 19:48 - 2014-11-24 15:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 19:48 - 2014-11-24 15:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 19:48 - 2014-11-24 15:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-11 19:48 - 2014-11-24 15:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 19:48 - 2014-11-24 15:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-11 19:48 - 2014-11-24 15:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-11 19:48 - 2014-11-24 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 19:48 - 2014-11-24 15:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 19:48 - 2014-11-24 15:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-11 19:48 - 2014-11-24 15:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 19:48 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-11 19:48 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 19:48 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 19:48 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 19:48 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 19:48 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 19:48 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 19:48 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-11 19:48 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 19:48 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-11 19:48 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 19:48 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 19:48 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 19:48 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 19:48 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-11 19:48 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 19:48 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 19:48 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 19:48 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 19:48 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 19:48 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-11 19:48 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 20:03 - 2008-09-11 16:37 - 01193528 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 19:58 - 2009-05-06 06:58 - 00000000 ____D () C:\Users\Rim\AppData\Roaming\Skype
2015-01-08 19:57 - 2012-09-23 13:24 - 00000000 ___RD () C:\Users\Rim\Google Drive
2015-01-08 19:55 - 2010-02-12 19:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 19:52 - 2013-06-23 08:52 - 00278830 _____ () C:\Windows\PFRO.log
2015-01-08 19:52 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 19:52 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 19:52 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 19:51 - 2010-01-10 21:21 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-08 19:51 - 2006-11-02 09:42 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-08 19:27 - 2013-04-13 10:52 - 00000000 ____D () C:\Users\Rim\Desktop\Expense Account Receipts
2015-01-08 19:21 - 2014-08-23 13:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021887201-1993260024-3482237381-1000UA.job
2015-01-08 19:21 - 2011-07-06 18:18 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DDCFA446-E9EA-46C6-A334-B1ED7E0025BE}
2015-01-08 19:21 - 2010-02-12 19:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 19:20 - 2012-04-25 19:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 06:18 - 2014-08-23 13:13 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021887201-1993260024-3482237381-1000Core.job
2015-01-06 18:24 - 2013-03-11 07:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-04 10:06 - 2013-08-31 06:41 - 00005416 _____ () C:\Windows\system32\spsys.log
2015-01-02 18:43 - 2013-12-13 07:59 - 00000000 ____D () C:\Users\Family\AppData\Local\CrashDumps
2015-01-01 13:05 - 2014-03-21 18:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-01 13:05 - 2009-05-06 06:58 - 00000000 ____D () C:\ProgramData\Skype
2014-12-26 11:56 - 2009-06-04 07:49 - 00000000 ____D () C:\Users\Settings
2014-12-26 11:56 - 2009-05-13 07:31 - 00000000 ____D () C:\Users\Guest
2014-12-12 08:12 - 2012-04-25 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 08:12 - 2012-04-25 19:59 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 08:12 - 2012-01-21 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 04:11 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:31 - 2008-09-11 16:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 03:30 - 2013-08-22 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:13 - 2006-11-02 06:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-11 19:23 - 2013-06-02 11:53 - 00001952 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\Rim\AppData\Local\temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Rim\AppData\Local\temp\2c48a12f-896f-e0ac-28ca-aa982a38071a.tmp.exe
C:\Users\Rim\AppData\Local\temp\a3f726d0-3ac4-6ad6-3ee6-a9e399fada57.tmp.exe
C:\Users\Rim\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmy3c6y.dll
C:\Users\Rim\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Rim\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Rim\AppData\Local\temp\oi_{EF26BA41-FB81-4237-B4A2-7A2AB1F5B5E7}.exe
C:\Users\Rim\AppData\Local\temp\Quarantine.exe
C:\Users\Rim\AppData\Local\temp\raptrpatch.exe
C:\Users\Rim\AppData\Local\temp\Second_Life_Updater.exe
C:\Users\Rim\AppData\Local\temp\SkypeSetup.exe
C:\Users\Rim\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-08 20:01
 
==================== End Of Log ============================
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 AM

Posted 09 January 2015 - 08:57 AM


Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

GroupPolicyUsers\S-1-5-21-4021887201-1993260024-3482237381-1002\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {51291AF4-31C1-45CF-9B25-959153B720BD} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM-x32 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7617&uid=0&did=%7bb533276c-11fc-4124-b436-c5b36fcf4709%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {1A1DAC8C-074D-440F-8707-7009A672D7D1} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-4021887201-1993260024-3482237381-1000 -> No Name - {BB670D0B-5C46-40C7-B38B-40DD26987723} -  No File
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF SearchPlugin: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\yahoo-avast.xml
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR Extension: (Google Wallet) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S1 Beep; No ImagePath
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 rmilunas

rmilunas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 10 January 2015 - 01:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Rim at 2015-01-10 11:49:52 Run:1
Running from C:\Users\Rim\Desktop\Bleeping Computer
Loaded Profile: Rim (Available profiles: Rim & Settings & Family & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
GroupPolicyUsers\S-1-5-21-4021887201-1993260024-3482237381-1002\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {1A1DAC8C-074D-440F-8707-7009A672D7D1} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-4021887201-1993260024-3482237381-1000 -> No Name - {BB670D0B-5C46-40C7-B38B-40DD26987723} -  No File
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF SearchPlugin:
C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\yahoo-avast.xml
CHR Extension: (Google Wallet) - C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S1 Beep; No ImagePath
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SVRPEDRV;
\??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
 
End
 
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4021887201-1993260024-3482237381-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51291AF4-31C1-45CF-9B25-959153B720BD}" => Key deleted successfully.
HKCR\CLSID\{51291AF4-31C1-45CF-9B25-959153B720BD} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} => Key not found. 
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} => Error: No automatic fix found for this entry.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A1DAC8C-074D-440F-8707-7009A672D7D1}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1A1DAC8C-074D-440F-8707-7009A672D7D1} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB670D0B-5C46-40C7-B38B-40DD26987723} => value deleted successfully.
HKCR\CLSID\{BB670D0B-5C46-40C7-B38B-40DD26987723} => Key not found. 
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"FF SearchPlugin:" => not found.
C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\SearchResults.xml => Moved successfully.
C:\Users\Rim\AppData\Roaming\Mozilla\Firefox\Profiles\ham4oyrx.default\searchplugins\yahoo-avast.xml => Moved successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Rim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
Beep => Service deleted successfully.
Tosrfcom => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SVRPEDRV => Service deleted successfully.
\??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-4021887201-1993260024-3482237381-1000\Software\Classes\.exe" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:50:26 ====
 

Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 4.5    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 MBAM out of Date!  
 Java 7 Update 45  
 Java version 32-bit out of Date! 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 33.1 Firefox out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 15 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 AM

Posted 10 January 2015 - 01:47 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45

===



Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 rmilunas

rmilunas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 13 January 2015 - 08:35 PM

Thanks Nasdaq,

 

Should I assume that after the updates recommended that I am done?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 AM

Posted 14 January 2015 - 09:49 AM

Do you have any issues with this computer?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 AM

Posted 20 January 2015 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users