Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible - Inline hook win32k.sys - Infection


  • Please log in to reply
19 replies to this topic

#1 CNHM

CNHM

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 20 August 2015 - 09:34 PM

Greetings, and my sincere apologies for the very lengthy narrative.

 

I have a laptop running Windows 7 64-Bit Premium Home Edition. I've always used Avast as my anti-virus, along with Malwarebytes Anti-Malware. Last week I ran a routine full system scan with Avast, and the end result was no infections found, but it also said that a large amount of files could not be scanned. I ran the full system scan a few more times and kept getting this same result that a lot of files could not be scanned (dozens, if not into the 100-200 range). This was very out of the ordinary, so I downloaded two more antivirus programs to perform full scans and see what they came up with. I realize now, after reading many other similar topics after the fact, that you should not run more than one antivirus program on one computer, but I did not now it at the time. I also ran MBAM, but it found no infections.

 

I installed and ran a full scan with Comodo, but it said I was not infected, and did not state that there were any files that couldn't be scanned. The second program I downloaded and ran a full system scan with (including rootkits) was AVG 2015. When this scan concluded, the report said that it found and fixed about 19 threats, and one other that it found but could not fix. The one it could not do anything about was an infection of my machine with Inline hook win32k.sys. I could not get the location of where it was located, and couldn't really do anything else other than to close the program. Then again I'm new at this, so this my have been a grave error not to try to get more information on it somehow. 

 

I did some research on that specific infection, and found that there were other people out there who had Avast and AVG at the same time on their machine as well, and when they did a scan with AVG, it also returned this same infection result of Inline hook win32k.sys. This is also where I read that you should not have more than one antivirus program. Thus, I proceeded to uninstall Avast and AVG. After this, I ran the Avast Uninstall Utility in safe mode, as prompted, in order to fully get rid of it. Then I ran the AVG remover (not in safe mode) to fully get rid of AVG 2015 (not sure if doing it in regular mode is bad? I forgot to since it didn't prompt me to do so). It was at this same time that my computer also began to run noticeably slower, especially at startup after the various times I had to re-start when getting rid of the AV programs. One very odd occurrence that I noted was that right before my Windows password screen came up on two separate restarts, which is right after the pulsing Windows symbol screen, my screen got darker very quickly for a few seconds then back to normal. This had never happened before. Not sure if this is relevant, but was noteworthy as I had never seen this. 

 

After having gotten rid of Avast and AVG, I then proceeded to download and install only one single antivirus, Panda Free Antivirus. I updated the definitions, and started a full scan. Before it hit 10% completed, I had to stop it because I was going to work. It did say that there was one threat found (tracking cookie), but I ended it and shut down. Next day I ran a full scan with Panda again, this time completing it, and the results were that I had no infections.

 

The previous scan with AVG 2015 that found the Inline hook win32k.sys infection still bothered me though, so I uninstalled Panda, restarted, downloaded and installed AVG once again to see if it would find that same infection again. I ran a whole computer scan (rootkits too), but this time it came up with zero infections. I also ran MBAM a few times and it also found nothing. I then ran the Microsoft Safety Scanner overnight, and it also found nothing. 

 

So, as of today my computer seemingly is not infected according to these latest scans, but as stated before, it is still running very slow at startup. Sometimes when I go on the internet using the Chrome browser, it sometimes takes way longer to process page requests than it did before, and sometimes I get the "Page cannot be found" message. It made me wonder if I should uninstall Chrome in case that got infected as well.

 

Lastly, I ordered from Toshiba a recovery DVD for my Windows 7 (did not come with one from the factory, only pre-installed) so that in the event that I don't have an infection, I can wipe everything, do a clean install, and start from scratch.

 

My question to the professionals on here is if you have any advice on how I can check to see if I really do have the Inline hook win32k.sys infection lurking in my computer, or any other infection that all these scans couldn't find for that matter;

Or, if I just got a false positive (maybe my Avast infection quarantine vault triggered it?) and if I maybe simply bogged down my laptop by foolishly downloading all these antivirus programs in the course of 2 days. Another question is that if my Avast had items in quarantine (I honestly cannot remember if it did or not), would uninstalling it unleash those items back on my PC, or does it get rid of them permanently during the uninstall? 

 

I appreciate any and all input or recommendations from the staff. 

 

Thank you.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:00 PM

Posted 21 August 2015 - 12:25 PM

I seriously doubt there is any malware on the computer. But....due to the install of the free antivirus programs it is likely you have installed their adware.

You can run the programs below to find and remove adware and malware. Often programs leave or install unnecessary startup entrees and we can check those too. Which

may be responsible for the recent slowness or not.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 01:31 PM

Thank you for the instructions, I will run these as soon as I get home from work and will post the requested information.

#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:00 PM

Posted 21 August 2015 - 03:13 PM

We'll keep a light on...:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 07:02 PM

# AdwCleaner v5.003 - Logfile created 21/08/2015 at 16:57:37
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Carlos N. Haro - CARLOSNHARO-PC
# Running from : C:\Users\Carlos N. Haro\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\Users\Carlos N. Haro\AppData\LocalLow\HPAppData
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Carlos N. Haro\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Carlos N. Haro\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2109 bytes] ##########


#6 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 07:10 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by Carlos N. Haro on Fri 08/21/2015 at 17:04:50.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\google
 
 
 
~~~ Chrome
 
 
[C:\Users\Carlos N. Haro\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Carlos N. Haro\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Carlos N. Haro\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Carlos N. Haro\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/21/2015 at 17:09:50.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 08:55 PM

Ran ESET, but it found no infections and did not create a log. 



#8 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 08:59 PM

CCleaner Windows Startup list:

 

Yes HKCU:Run AmazonMP3DownloaderHelper Amazon Services LLC C:\Users\Carlos N. Haro\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
Yes HKLM:Run BatteryManager TOSHIBA Corporation %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
Yes HKLM:Run DTS Sound DTS, Inc. "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
Yes HKLM:Run HotKeysCmds Intel Corporation C:\windows\system32\hkcmd.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpqSRMon Hewlett-Packard C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\windows\system32\igfxtray.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence Intel Corporation C:\windows\system32\igfxpers.exe
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run TCrdMain TOSHIBA Corporation C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
Yes HKLM:Run Teco "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
Yes HKLM:Run ToshibaAppPlace Toshiba "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
Yes HKLM:Run ToshibaServiceStation TOSHIBA Corporation "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
Yes HKLM:Run TosVolRegulator TOSHIBA Corporation C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
Yes HKLM:Run TPwrMain TOSHIBA CORPORATION %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes HKLM:Run XboxStat Microsoft Corporation "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

CCleaner Scheduled Tasks list:

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler


#9 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 09:01 PM

CCleaner list of programs installed:

 

Adobe Flash Player 18 ActiveX Adobe Systems Incorporated 8/11/2015 8.30 MB 18.0.0.232
Adobe Reader X (10.1.15) MUI Adobe Systems Incorporated 7/14/2015 481 MB 10.1.15
Amazon MP3 Downloader 1.0.18 Amazon Services LLC 3/30/2014 1.0.18
Apple Application Support (32-bit) Apple Inc. 7/11/2015 96.0 MB 3.2
Apple Application Support (64-bit) Apple Inc. 7/11/2015 109 MB 3.2
Apple Mobile Device Support Apple Inc. 7/11/2015 27.9 MB 8.2.1.3
Apple Software Update Apple Inc. 1/5/2014 2.38 MB 2.1.3.127
aTube Catcher DsNET Corp 7/10/2014 3.8.7971
aTube Catcher version 3.8 DsNET Corp 7/12/2015 54.4 MB 3.8
AVG 2015 AVG Technologies 8/18/2015 2015.0.6125
BitTorrent BitTorrent Inc. 7/30/2015 7.9.3.40761
Bonjour Apple Inc. 1/5/2014 2.00 MB 3.0.0.10
CCleaner Piriform 8/21/2015 5.08
DTS Sound DTS, Inc. 12/16/2013 3.92 MB 1.00.0079
ESET Online Scanner v3 8/21/2015
Fallout: New Vegas Obsidian Entertainment 10/30/2014
Google Chrome Google Inc. 1/10/2014 44.0.2403.155
Google Earth Google 1/19/2014 180 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 7/16/2015 7.5.6710.2136
HP Customer Participation Program 13.0 HP 6/21/2014 13.0
HP Imaging Device Functions 13.0 HP 6/21/2014 13.0
HP Photosmart Essential 3.5 HP 6/21/2014 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP 6/21/2014 13.0
HP Smart Web Printing 4.51 HP 6/21/2014 4.51
HP Solution Center 13.0 HP 6/21/2014 13.0
HP Update Hewlett-Packard 8/9/2014 3.99 MB 5.005.002.002
Intel® Management Engine Components Intel Corporation 12/16/2013 8.1.30.1349
Intel® Processor Graphics Intel Corporation 12/16/2013 9.17.10.3062
Intel® Rapid Storage Technology Intel Corporation 12/16/2013 12.0.4.1001
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 12/16/2013 2.0.0.37149
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 12/16/2013 1.0.7.248
iTunes Apple Inc. 7/11/2015 238 MB 12.2.0.145
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 6/28/2015 64.5 MB 2.1.8.1057
Microsoft .NET Framework 4.5.2 Microsoft Corporation 1/25/2015 38.8 MB 4.5.51209
Microsoft Office Microsoft Corporation 6/5/2013 297 MB 15.0.4454.1510
Microsoft Silverlight Microsoft Corporation 8/12/2015 150 MB 5.1.40728.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 1/11/2015 2.52 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 1/13/2015 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/30/2014 591 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11/1/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/16/2013 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/16/2013 15.0 MB 10.0.40219
Microsoft Xbox 360 Accessories 1.2 Microsoft 7/31/2014 7.78 MB 1.20.146.0
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 6/5/2013 8.03 MB 4.0.20823.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 6/5/2013 1.54 MB 4.30.2117.0
OCR Software by I.R.I.S. 13.0 HP 6/21/2014 13.0
PlayReady PC Runtime amd64 Microsoft Corporation 6/5/2013 2.05 MB 1.3.0
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Qualcomm Atheros Communications Inc. 12/16/2013 2.1.0.16
QuickTime 7 Apple Inc. 7/11/2015 70.3 MB 7.77.80.95
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/16/2013 6.0.1.6899
Realtek USB Card Reader Realtek Semiconductor Corp. 12/16/2013 6.2.9200.39041
Realtek WLAN Driver REALTEK Semiconductor Corp. 12/16/2013 2.00.0021
Steam Valve Corporation 7/22/2014
Super Meat Boy Team Meat 12/25/2014
Synaptics Pointing Device Driver Synaptics Incorporated 12/16/2013 46.4 MB 16.3.10.4
Team Fortress 2 Valve 7/22/2014
Toshiba App Place Toshiba 12/16/2013 538 KB 1.0.6.3
TOSHIBA Application Installer TOSHIBA 6/5/2013 9.0.1.2
TOSHIBA Assist TOSHIBA CORPORATION 6/5/2013 4.2.3.1
Toshiba Book Place K-NFB Reading Technology, Inc. 12/16/2013 97.5 MB 3.3.9661
TOSHIBA Disc Creator TOSHIBA Corporation 6/5/2013 1.84 MB 2.1.0.12 for x64
TOSHIBA eco Utility TOSHIBA Corporation 12/16/2013 19.2 MB 1.3.23.64
TOSHIBA Hardware Setup TOSHIBA Corporation 12/16/2013 3.1.0.10
TOSHIBA Quality Application TOSHIBA 1/5/2014 1.0.4
TOSHIBA Recovery Media Creator TOSHIBA CORPORATION 6/5/2013 2.1.7.52020010
TOSHIBA Service Station TOSHIBA 12/16/2013 2.2.13
TOSHIBA Supervisor Password TOSHIBA Corporation 12/16/2013 3.1.0.2
TOSHIBA User's Guide TOSHIBA 6/5/2013 1.00.02
TOSHIBA Value Added Package TOSHIBA Corporation 12/16/2013 281 MB 1.6.0035.6406
TOSHIBARegistration TOSHIBA 12/16/2013 1.1.1
Visual Studio 2012 x64 Redistributables AVG Technologies 8/18/2015 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 8/18/2015 10.5 MB 14.0.0.1
WildTangent Games WildTangent 6/5/2013 1.0.4.0
Windows Driver Package - Scientific-Atlanta (USBCM) Net  (06/10/2004 1.12.0.0000) Scientific-Atlanta 1/5/2014 06/10/2004 1.12.0.0000


#10 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 09:02 PM

All suggested scans completed, and logs pasted above. Please let me know how I should proceed.



#11 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:00 PM

Posted 21 August 2015 - 09:32 PM

Disable these Windows Startups: (Use CCleaner by clicking on each item to highlight and then choosing on the right either Disable, Remove or Uninstall)

Yes HKCU:Run AmazonMP3DownloaderHelper Amazon Services LLC C:\Users\Carlos N. Haro\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run IgfxTray Intel Corporation C:\windows\system32\igfxtray.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run XboxStat Microsoft Corporation "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 

Disable these Scheduled Tasks:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
Uninstall These Programs:
ESET Online Scanner v3 8/21/2015
Google Toolbar for Internet Explorer Google Inc. 7/16/2015 7.5.6710.2136
HP Customer Participation Program 13.0 HP 6/21/2014 13.0
WildTangent Games WildTangent 6/5/2013 1.0.4.0 (Keep.... if you actually use this)
 
Do the above and I think you are good to go...I think you are right...too many antivirus programs. But if it shows up again now that you have only
one installed....let me know.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 21 August 2015 - 10:25 PM

Above actions have been completed. Startup still a bit slow compared to before, but maybe that's to be expected after all the crap that I did to my PC in the last week. I am still feeling like I will do a full, from scratch, clean install of Windows 7 (especially since I already paid for the recovery disc). A few questions:

 

1. Since I've seemingly come away free from infections, what would've caused that Inline hook win32k.sys infection result to come up during my initial AVG full system scan ? Admittedly I'v used the internet in a very limited manner and especially didn't do any important or financial things on my laptop after what I read that virus could do, and am still a bit hesitant to do so even after these clean results since that result came up (must just be a mental thing).

 

2. Are false positives common with AVG, or in general ?

3. My very first concern was that Avast could not scan a slew of files (which led me to get multiple AV programs). What would cause files to be un-scannable ?

4. If I do go through with a full, clean re-install of Windows 7: Would doing this be a valid method to get rid of lingering slow performance issues?

5. Would it be safe to put files currently on my PC on an external drive (music) to put back on my PC after a clean Windows install ?



#13 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:00 PM

Posted 22 August 2015 - 06:15 AM

It's safe to backup any of your documents, music, etc. before reinstalling OS.

 

Would only be guessing as to whether it was a false positive or not. But I lean toward it was not active malware.

 

Avast blog » How do I handle files that avast! can’t scan?

 

Ninite offers adware free downloads for many popular programs...kind of a one stop shopping for popular programs. Check it out.

Ninite - Install or Update Multiple Apps at Once

 

Would doing this be a valid method to get rid of lingering slow performance issues? 

Maybe....it is a very good way to remove any malware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 CNHM

CNHM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 22 August 2015 - 10:35 AM

Thank you for the information. For one of my previous questions, I realize I should've worded it a little better: 

 

In general, is it risky to transfer media files (music, photos, etc) from an infected computer to an external hard drive in order to put them back on the same computer after a clean Windows install ? Do you run the risk of possibly re-infecting the PC after the windows clean install ?

 

Also, what is the best way to do a full, clean install of Windows from a disc to ensure any hidden infections are completely wiped ? Are there specific instructions for this, or is the general way of doing a clean install sufficient?



#15 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:00 PM

Posted 22 August 2015 - 10:59 AM

Pop in the disk and follow the prompts to format and install.

 

In your case, there is no risk of reinfecting from your personally saved documents, music, videos, etc.

 

Immediately after the Windows install is complete you should go to Windows Updates and install ALL except for some of the optional updates you may not want.

The Windows firewall, a very good firewall, and/ or the firewall in your router will protect you while downloading and installing updates.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users