Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 Apollo767

Apollo767

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 24 May 2016 - 05:51 PM

Hello guys, 

 

OS: Win7

 

I have all my system sounds muted, now, whenever I run uTorrent I get sounds of a clicking mouse for some reason..

Especially when I bring it up from minimized, couple clicks, few seconds quiet, couple clicks, no interaction with the software involved.

 

All scans clean.

 

 

Please advise, thanks! 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 AM

Posted 24 May 2016 - 06:45 PM

Welcome to BC...

 

What programs have you scanned with?

 

Use the programs below to find and remove adware and malware. Using uTorrent pretty much guarantees you

will be infected especially if using to download free pirated and hacked stuff. uTorrent installs adware, too.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Apollo767

Apollo767
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 24 May 2016 - 08:58 PM

Hi, thanks, here are the logs: 

(problem persists)

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25/05/2016
Scan Time: 00:52
Logfile: mwb.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.24.07
Rootkit Database: v2016.05.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331472
Time Elapsed: 17 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [80372faaefaab6803bffeda243bf14ec], 
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
 
# AdwCleaner v5.117 - Logfile created 25/05/2016 at 01:15:16
# Updated 15/05/2016 by Xplode
# Database : 2016-05-23.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : John - JOHNS_LAPTOP
# Running from : H:\Downloads\Chrome\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\Application Data\apn
[-] Folder Deleted : C:\Program Files (x86)\BitLord
[-] Folder Deleted : C:\Users\John\AppData\Roaming\BitLord
[-] Folder Deleted : C:\Users\John\Documents\BitLord
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_ezuqijwnpc-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_ezuqijwnpc-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
 
***** [ Web browsers ] *****
 
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2639 bytes] - [25/05/2016 01:15:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [2600 bytes] - [25/05/2016 01:13:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2785 bytes] ##########
 
 
 
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64 
Ran by John (Administrator) on 25/05/2016 at  1:18:07.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 28 
 
Successfully deleted: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File) 
Successfully deleted: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage (File) 
Successfully deleted: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KXYFNIG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14VL0430 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OQZHFY3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFOFLR8C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRKGN5WP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6HJ39M4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U82GQ60Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXV5PH0P (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KXYFNIG (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14VL0430 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OQZHFY3 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFOFLR8C (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRKGN5WP (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6HJ39M4 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U82GQ60Z (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXV5PH0P (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E29641C-F825-493F-84E1-BA5D022B97AE} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/05/2016 at  1:21:08.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
 
 
No logs from ESET, no threats detected
 
 
 
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
 
 
Previously just scanned with AV (Avast) and CBF, log attached:
 
ComboFix 16-05-18.01 - John 24/05/2016  23:16:29.5.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8117.4814 [GMT 1:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-04-24 to 2016-05-24  )))))))))))))))))))))))))))))))
.
.
2016-05-24 22:27 . 2016-05-24 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-05-24 22:27 . 2016-05-24 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-21 15:44 . 2016-05-21 15:45 -------- d-----w- c:\windows\system32\vbox
2016-05-21 15:44 . 2016-05-21 15:45 -------- d-----w- c:\windows\SysWow64\vbox
2016-05-21 14:56 . 2016-05-21 14:57 -------- d-----w- C:\1
2016-05-21 14:15 . 2016-05-21 14:15 -------- d-----w- c:\users\John\AppData\Roaming\DOOM 3 BFG Edition
2016-05-15 19:05 . 2016-05-15 19:05 -------- d-----w- c:\program files (x86)\Skype
2016-05-13 19:14 . 2016-05-24 18:13 -------- d-----w- c:\users\John\AppData\Roaming\gnupg
2016-05-13 19:14 . 2016-05-13 19:14 -------- d-----w- c:\programdata\GNU
2016-05-10 17:58 . 2016-05-10 17:58 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-10 17:58 . 2016-05-10 17:58 52184 ----a-w- c:\windows\avastSS.scr
2016-05-10 17:57 . 2016-05-10 17:57 28312 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-10 17:58 . 2015-09-19 19:48 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-10 17:58 . 2015-09-19 19:48 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-10 17:58 . 2015-09-19 19:48 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-10 17:58 . 2015-09-19 19:48 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-10 17:58 . 2015-09-19 19:48 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-10 17:58 . 2015-09-19 19:48 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-10 17:58 . 2015-09-19 19:48 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-10 17:57 . 2015-09-19 19:48 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-10 17:57 . 2015-09-19 19:48 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-10 17:57 . 2015-09-19 19:48 161760 ----a-w- c:\windows\system32\drivers\ngvss.sys
2016-05-10 17:57 . 2016-02-14 21:05 536312 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-12 17:43 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-12 17:43 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-12 17:43 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\users\John\AppData\Roaming\uTorrent\uTorrent.exe" [2016-05-20 2530304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="h:\programs\System\avast\AvastUI.exe" [2016-05-12 7400576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;h:\programs\GnuPG\dirmngr.exe;h:\programs\GnuPG\dirmngr.exe [x]
R2 SkypeUpdate;Skype Updater;h:\programs\System\Skype\Updater\Updater.exe;h:\programs\System\Skype\Updater\Updater.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ngvss;ngvss; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;h:\programs\System\avast\afwServ.exe;h:\programs\System\avast\afwServ.exe [x]
S2 dts_apo_service;DTS APO Service;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [x]
S2 ExpressVpnService;ExpressVpn Service;h:\programs\System\ExpressVPN\bootstrap\AMD64\nssm.exe;h:\programs\System\ExpressVPN\bootstrap\AMD64\nssm.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;Intel® Smart Connect Technology Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe;c:\program files\Toshiba\3GUty\tw3gsvc.exe [x]
S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;h:\programs\System\Avast\ng\vbox\VBoxAswDrv.sys;h:\programs\System\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;h:\programs\System\avast\ng\vbox\AvastVBoxSVC.exe;h:\programs\System\avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 swg3kmbb06;Sierra Wireless QMI USB-NDIS 6.20 miniport for Toshiba;c:\windows\system32\DRIVERS\swg3kmbb06.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kmbb06.sys [x]
S3 swg3knmea06;Sierra Wireless QMI NMEA Serial Communication - Toshiba;c:\windows\system32\DRIVERS\swg3knmea06.sys;c:\windows\SYSNATIVE\DRIVERS\swg3knmea06.sys [x]
S3 swg3kser06;Sierra Wireless QMI USB Device for Legacy Serial Communication - Toshiba;c:\windows\system32\DRIVERS\swg3kser06.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kser06.sys [x]
S3 swibus06;Sierra Wireless Bus Enumerator 06;c:\windows\system32\DRIVERS\swibus06.sys;c:\windows\SYSNATIVE\DRIVERS\swibus06.sys [x]
S3 swibusflt06;Sierra Wireless Bus Enumerator Filter 06;c:\windows\system32\DRIVERS\swibusflt06.sys;c:\windows\SYSNATIVE\DRIVERS\swibusflt06.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 08:39 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24 21:04]
.
2016-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12 23:00]
.
2016-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12 23:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-12 17:37 2328776 ----a-w- h:\programs\System\MSOFFI~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-12 17:37 2328776 ----a-w- h:\programs\System\MSOFFI~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-12 17:37 2328776 ----a-w- h:\programs\System\MSOFFI~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-10 17:58 920784 ----a-w- h:\programs\System\avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2013-07-17 21:49 172384 ----a-w- c:\program files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TFPUOverlayIcon]
@="{8DBDDA23-34E3-4BF1-A107-67B94C080A1F}"
[HKEY_CLASSES_ROOT\CLSID\{8DBDDA23-34E3-4BF1-A107-67B94C080A1F}]
2013-07-17 21:49 162144 ----a-w- c:\program files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-13 13653208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2013-11-14 381784]
"TFPUService"="c:\program files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe" [2013-08-26 230752]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"BatteryManager"="c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2013-08-21 711040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 770544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1
IE: E&xport to Microsoft Excel - h:\programs\System\MSOFFI~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - h:\programs\System\MSOFFI~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E7796AC-921C-4FE8-B21F-D5F0CD151134}\2456C6B696E6534376: NameServer = 192.168.1.254
TCP: Interfaces\{7A0054FB-CC58-4DA5-8F30-7E43C7D3F99F}: NameServer = 77.234.40.79
TCP: Interfaces\{C421A704-742A-47AA-B8FB-2DAE47BEF013}: NameServer = 10.206.128.1 10.206.128.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-24  23:28:54
ComboFix-quarantined-files.txt  2016-05-24 22:28
ComboFix2.txt  2016-05-24 22:12
ComboFix3.txt  2015-09-19 19:20
ComboFix4.txt  2015-03-03 03:13
ComboFix5.txt  2016-05-24 22:15
.
Pre-Run: 11,942,404,096 bytes free
Post-Run: 11,871,633,408 bytes free
.
- - End Of File - - 14C299C846FDD9CFE480860E4EA41B52
5B5E648D12FCADC244C1EC30318E1EB9
 
 
 
Thanks
 

 

///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////
///////////////////////////////////////////////

Edited by Apollo767, 24 May 2016 - 09:04 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 AM

Posted 24 May 2016 - 09:11 PM

Reset Google Chrome.

You can restore your browser settings in Chrome at any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. Open Chrome.
  2. In the top right, click the icon you see: Menu  or More
  3. Click Settings.
  4. At the bottom, click Show advanced settings.
  5. Under the section "Reset settings,” click Reset settings.
  6. In the box that appears, click Reset. ​

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Apollo767

Apollo767
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 25 May 2016 - 12:13 PM

Hi, thanks for the response, here are the logs:

 

Startup:  

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
No HKCU:Run OpAgent "OpAgent.exe" /agent
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No HKCU:Run uTorrent BitTorrent Inc. "C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
Yes HKLM:Run AvastUI.exe AVAST Software "H:\Programs\System\avast\AvastUI.exe" /nogui
Yes HKLM:Run BatteryManager TOSHIBA Corporation %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe
No HKLM:Run DTS Studio Sound DTS, Inc. "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
Yes HKLM:Run HotKeysCmds "C:\windows\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation - pGFX "C:\windows\system32\igfxtray.exe"
No HKLM:Run ISUSPM Flexera Software, Inc. "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
No HKLM:Run ITSecMng TOSHIBA CORPORATION %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run Nuance OmniPage 18-reminder "H:\Programs\Omni\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
No HKLM:Run OmniPage Preload H:\Programs\Omni\OmniPage18.exe /preload
No HKLM:Run PDF7 Registry Controller H:\Programs\PDF Create 7\RegistryController.exe
No HKLM:Run PDFCreHook H:\Programs\PDF Create 7\pdfcreate7hook.exe
Yes HKLM:Run Persistence "C:\windows\system32\igfxpers.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
No HKLM:Run TCrdMain TOSHIBA Corporation C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
Yes HKLM:Run Teco "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
Yes HKLM:Run TFPUService TOSHIBA C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe /start
No HKLM:Run TOSDCR TOSHIBA CORPORATION %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
No HKLM:Run Toshiba Registration Toshiba Europe GmbH C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
Yes HKLM:Run Toshiba TEMPRO Toshiba Europe GmbH C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
No HKLM:Run TOSHIBA_3G_UTY TOSHIBA CORPORATION C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
No HKLM:Run ToshibaServiceStation TOSHIBA Corporation C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
Yes HKLM:Run TosSENotify TOSHIBA Corporation C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
No HKLM:Run TosVolRegulator TOSHIBA Corporation C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
Yes HKLM:Run TosWaitSrv TOSHIBA Corporation %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
Yes HKLM:Run TPwrMain TOSHIBA CORPORATION %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
No HKLM:Run TRUUpdater Sierra Wireless, Inc. "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
No HKLM:Run TSleepSrv TOSHIBA C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
No HKLM:Run WatcherHelper Sierra Wireless Inc. "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
No Startup Common Bluetooth Manager.lnk TOSHIBA CORPORATION. C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe 
 
 
 
 
 
 
 
 
 
 
 
 
Tasks:
Yes Task ActivateWindowsSearch Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch \Microsoft\Windows\Media Center
No Task AD RMS Rights Policy Template Management (Automated) \Microsoft\Windows\Active Directory Rights Management Services Client
Yes Task AD RMS Rights Policy Template Management (Manual) \Microsoft\Windows\Active Directory Rights Management Services Client
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe \
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe \
Yes Task AdobeAAMUpdater-1.0-Johns_Laptop-John Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled \
Yes Task AirVPN "H:\Programs\System\VPN\AirVPN\AirVPN.exe" -path=home \
Yes Task AitAgent aitagent \Microsoft\Windows\Application Experience
Yes Task AnalyzeSystem Microsoft Corporation %SystemRoot%\System32\powercfg.exe -energy -auto \Microsoft\Windows\Power Efficiency Diagnostics
No Task AutoWake \Microsoft\Windows\SideShow
Yes Task Avast settings backup AVAST Software C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs \AVAST Software
No Task Background Synchronization \Microsoft\Windows\Offline Files
Yes Task CacheTask \Microsoft\Windows\Wininet
No Task Calibration Loader \Microsoft\Windows\WindowsColorSystem
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) \
Yes Task ConfigNotification Microsoft Corporation %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION \Microsoft\Windows\WindowsBackup
Yes Task ConfigureInternetTimeService Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService \Microsoft\Windows\Media Center
Yes Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program
Yes Task DispatchRecoveryTasks Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) \Microsoft\Windows\Media Center
Yes Task ehDRMInit Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DRMInit \Microsoft\Windows\Media Center
Yes Task GadgetManager \Microsoft\Windows\SideShow
Yes Task GatherNetworkInfo %windir%\system32\gatherNetworkInfo.vbs \Microsoft\Windows\NetTrace
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c \
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler \
No Task HiveUploadTask \Microsoft\Windows\User Profile Service
Yes Task HotStart \Microsoft\Windows\MobilePC
Yes Task InstallPlayReady Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) \Microsoft\Windows\Media Center
Yes Task IpAddressConflict1 Microsoft Corporation %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem \Microsoft\Windows\Tcpip
Yes Task IpAddressConflict2 Microsoft Corporation %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem \Microsoft\Windows\Tcpip
No Task Logon Synchronization \Microsoft\Windows\Offline Files
Yes Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
Yes Task mcupdate %SystemRoot%\ehome\mcupdate $(Arg0) \Microsoft\Windows\Media Center
Yes Task MediaCenterRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask \Microsoft\Windows\Media Center
Yes Task MobilityManager \Microsoft\Windows\Ras
Yes Task Notifications Microsoft Corporation %windir%\System32\LocationNotifications.exe \Microsoft\Windows\Location
Yes Task ObjectStoreRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask \Microsoft\Windows\Media Center
Yes Task OCURActivate Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate \Microsoft\Windows\Media Center
Yes Task OCURDiscovery Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) \Microsoft\Windows\Media Center
Yes Task Office 15 Subscription Heartbeat Microsoft Corporation %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe \Microsoft\Office
Yes Task OfficeTelemetryAgentFallBack "H:\Programs\System\MS Office 2013\Office15\msoia.exe" scan upload mininterval:2880 \Microsoft\Office
Yes Task OfficeTelemetryAgentLogOn "H:\Programs\System\MS Office 2013\Office15\msoia.exe" scan upload \Microsoft\Office
Yes Task PBDADiscovery Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery \Microsoft\Windows\Media Center
Yes Task PBDADiscoveryW1 Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery \Microsoft\Windows\Media Center
Yes Task PBDADiscoveryW2 Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery \Microsoft\Windows\Media Center
No Task PeriodicScanRetry Microsoft Corporation %windir%\ehome\MCUpdate.exe -pscn 0 \Microsoft\Windows\Media Center
No Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
Yes Task Process Lasso Core Engine Only Bitsum LLC "H:\Programs\Process Lasso\processgovernor.exe" \
Yes Task Process Lasso Management Console (GUI) Bitsum LLC "H:\Programs\Process Lasso\processlasso.exe" \
Yes Task ProgramDataUpdater Microsoft Corporation %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate \Microsoft\Windows\Application Experience
Yes Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
Yes Task PvrRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask \Microsoft\Windows\Media Center
Yes Task PvrScheduleTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -PvrSchedule \Microsoft\Windows\Media Center
Yes Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -queuereporting \Microsoft\Windows\Windows Error Reporting
No Task RecordingRestart %SystemRoot%\ehome\ehrec /RestartRecording \Microsoft\Windows\Media Center
Yes Task RegisterSearch Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) \Microsoft\Windows\Media Center
Yes Task ReindexSearchRoot Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot \Microsoft\Windows\Media Center
Yes Task SafeZone scheduled Autoupdate 1448733544 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0) \
Yes Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c \Microsoft\Windows\Defrag
No Task SessionAgent \Microsoft\Windows\SideShow
Yes Task SqlLiteRecoveryTask Microsoft Corporation %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask \Microsoft\Windows\Media Center
Yes Task SR Microsoft Corporation %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
Yes Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
No Task SystemDataProviders \Microsoft\Windows\SideShow
Yes Task SystemSoundsService \Microsoft\Windows\Multimedia
Yes Task SystemTask \Microsoft\Windows\CertificateServicesClient
Yes Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
Yes Task UpdateLibrary "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" \Microsoft\Windows\Windows Media Sharing
Yes Task UpdateRecordPath Microsoft Corporation %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) \Microsoft\Windows\Media Center
Yes Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task UserTask \Microsoft\Windows\CertificateServicesClient
No Task UserTask-Roam \Microsoft\Windows\CertificateServicesClient
No Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
Yes Task WinSAT \Microsoft\Windows\Maintenance
Yes Task {31A63D93-0CDF-4A3D-8381-BEC1F4A62639} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\VirtualBox-5.0.6-103037-Win.exe -d H:\Downloads\Chrome \
Yes Task {40FDAF3B-2A55-4757-9C5B-7B38B27E103F} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\vcredist_x86.exe -d H:\Downloads\Chrome \
Yes Task {470D79E5-8D88-469D-A46D-DF87A6569211} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\ALPS_TPad-7.x2.303.107-Vis3264.exe -d H:\Downloads\Chrome \
Yes Task {6C5232F5-4DB3-45B4-9E7A-D8BEB4E50DDE} Microsoft Corporation C:\windows\system32\pcalua.exe -a "H:\Games\Baldur's Gate - Enhanced Edition\setup-widescreen.exe" -d "H:\Games\Baldur's Gate - Enhanced Edition" \
Yes Task {91F96AB0-A9A9-4871-8914-14921DD787F9} Microsoft Corporation C:\windows\system32\pcalua.exe -a "H:\Games\Baldur's Gate - Enhanced Edition\setup-bg1ub.exe" -d "H:\Games\Baldur's Gate - Enhanced Edition" \
Yes Task {C88890B5-F822-4773-A235-FE4AF699B442} Intel Corporation C:\Users\John\Desktop\win64_153631.4414.exe \
Yes Task {C8CCD145-8E98-4895-9971-3A7F23329FB0} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\win64_154010.4300.exe -d H:\Downloads\Chrome \
Yes Task {DC822D72-1804-4E91-8CE8-6D67FEFEF2B7} Microsoft Corporation C:\windows\system32\pcalua.exe -a "C:\Users\John\AppData\Local\Temp\{EC78D8E5-1C4E-4E8E-B1AC-7657FA3E7327}\Dreamweaver_15_LS20\Adobe Dreamweaver CC 2014.1\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe" -d "C:\Users\John\AppData\Local\Temp\{EC78D8E5-1C4E-4E8E-B1AC-7657FA3E7327}\Dreamweaver_15_LS20\Adobe Dreamweaver CC 2014.1\payloads\Microsoft VC 2010 Redist (x64)" \
Yes Task {DF9AD636-BBB0-4F8B-9A9E-714E69F70975} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\win64_153631.4414.exe -d H:\Downloads\Chrome \
 
 
 
 
 
 
 
 
 
 
 
 
Uninstal:
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 19/09/2015 17.8 MB 18.0.0.232
Adobe Reader XI (11.0.16) - Czech Adobe Systems Incorporated 12/05/2016 189 MB 11.0.16
ALPS Touch Pad Driver ALPS ELECTRIC CO., LTD. 18/02/2015 31.2 MB 8.100.303.446
Amazon Kindle Amazon 12/02/2016 1.14.1.43029
Apple Application Support Apple Inc. 18/02/2015 93.4 MB 3.0.6
Apple Application Support (64-bit) Apple Inc. 19/09/2015 109 MB 3.2
Apple Mobile Device Support Apple Inc. 19/09/2015 27.9 MB 8.2.1.3
Apple Software Update Apple Inc. 18/02/2015 2.38 MB 2.1.3.127
Avast Premier AVAST Software 10/05/2016 11.2.2262
Battle.net Blizzard Entertainment 17/01/2016
Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 17/02/2015 76.4 MB v9.10.15(T)
Bonjour Apple Inc. 18/02/2015 2.00 MB 3.0.0.10
calibre 64bit Kovid Goyal 12/02/2016 199 MB 2.51.0
CCleaner Piriform 24/07/2015 5.08
Diablo III Blizzard Entertainment 17/01/2016
DTS Studio Sound DTS, Inc. 17/02/2015 4.09 MB 1.01.3400
ESET Online Scanner v3 25/05/2016
ExpressVPN ExpressVPN 26/09/2015 40.0 MB 4.0.6.284
Google Chrome Google Inc. 17/02/2015 50.0.2661.102
Gpg4win (2.3.1) The Gpg4win Project 13/05/2016 2.3.1
Hero Lab 7.3 LWD Technology, Inc. 04/12/2015 26.8 MB 7.3
Intel Driver Update Utility Intel 17/01/2016 19.7 MB 2.2.0.6
Intel® Management Engine Components Intel Corporation 08/05/2015 9.5.23.1766
Intel® Network Connections Drivers Intel 18/02/2015 916 KB 19.0
Intel® Processor Graphics Intel Corporation 25/05/2016 10.18.14.4414
Intel® Rapid Storage Technology Intel Corporation 17/02/2015 12.7.3.1001
Intel® Smart Connect Technology Intel Corporation 17/02/2015 30.4 MB 4.2.40.2439
Intel® Wireless Bluetooth® 4.0 Intel Corporation 17/02/2015 9.47 MB 3.0.1328.01
Intel® PROSet/Wireless Software Intel Corporation 18/02/2015 390 MB 16.6.0
iTunes Apple Inc. 19/09/2015 238 MB 12.2.2.25
Java 8 Update 65 Oracle Corporation 24/10/2015 21.0 MB 8.0.650.17
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 25/05/2016 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.5.1 Microsoft Corporation 25/05/2016 38.8 MB 4.5.50938
Microsoft Office Professional Plus 2013 Microsoft Corporation 24/02/2015 15.0.4420.1017
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24/02/2015 298 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 25/12/2015 3.00 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 25/12/2015 251 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 09/07/2015 240 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24/02/2015 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 17/02/2015 2.06 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25/12/2015 238 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09/07/2015 232 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24/02/2015 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 17/02/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 17/02/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 25/05/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 25/05/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 25/05/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 25/05/2016 17.1 MB 12.0.30501.0
Nuance PDF Create 7 Nuance Communications, Inc. 25/12/2015 185 MB 7.10.2364
O2Micro OZ776 SCR Driver O2Micro 18/02/2015 2.1.4.222GS
OpenAL 27/09/2015
Oracle VM VirtualBox 5.0.6 Oracle Corporation 08/10/2015 162 MB 5.0.6
PDF Plug-In 1.6 Lone Wolf Development, Inc. 04/12/2015 8.79 MB 1.6
PeerBlock 1.2 (r693) PeerBlock, LLC 24/05/2016 3.57 MB 1.2.0.693
PlayReady PC Runtime amd64 Microsoft Corporation 12/05/2014 2.05 MB 1.3.0
Process Lasso Bitsum 25/05/2016 8.4.0.2
Realtek Card Reader Realtek Semiconductor Corp. 17/02/2015 6.2.9200.21232
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17/02/2015 6.0.1.7041
Sierra Wireless AirCard Watcher Sierra Wireless Inc. 17/02/2015 37.7 MB 6.0.3928.8402
Sierra Wireless Toshiba Mobile Broadband Driver Package Sierra Wireless, Inc. 01/12/2015 84.2 MB 6.9.4237.0601
Skype™ 7.23 Skype Technologies S.A. 15/05/2016 153 MB 7.23.105
Synaptics Pointing Device Driver Synaptics Incorporated 25/05/2016 46.4 MB 17.0.4.0
TeamSpeak 3 Client TeamSpeak Systems GmbH 04/03/2016 3.0.18
TinyUmbrella 8.2.0.60 12/10/2015 8.2.0.60
TOSHIBA Battery Manager Toshiba Corporation 17/02/2015 4.42 MB 9.0.5.64
TOSHIBA eco Utility TOSHIBA Corporation 02/10/2015 19.2 MB 1.4.2.64
TOSHIBA Fingerprint Utility Toshiba Corporation 17/02/2015 17.2 MB 2.3.03.64402
TOSHIBA Flash Cards Toshiba Corporation 17/02/2015 89.0 MB 9.0.5.6401
TOSHIBA HDD/SSD Alert TOSHIBA Corporation 17/02/2015 57.1 MB 3.1.64.15
TOSHIBA HWSetup Toshiba Corporation 17/02/2015 4.72 MB 9.0.4.3201
TOSHIBA Manuals TOSHIBA 17/02/2015 10.18
TOSHIBA Password Utility Toshiba Corporation 17/02/2015 5.77 MB 9.0.3.3201
TOSHIBA PC Diagnostic Tool Toshiba Corporation 17/02/2015 28.8 MB 9.0.3.6400
TOSHIBA PC Health Monitor TOSHIBA Corporation 17/02/2015 47.0 MB 1.8.1.6400
TOSHIBA Power Saver Toshiba Corporation 17/02/2015 28.3 MB 9.0.2.6402
TOSHIBA Recovery Media Creator TOSHIBA CORPORATION 12/05/2014 2.1.7.52020010
TOSHIBA Service Station TOSHIBA 17/02/2015 2.2.13
TOSHIBA Sleep Utility Toshiba Corporation 17/02/2015 6.95 MB 2.0.0.3202
TOSHIBA System Driver Toshiba Corporation 17/02/2015 400 KB 9.0.3.6401
TOSHIBA TEMPRO Toshiba Europe GmbH 12/05/2014 11.3 MB 3.35
Unlocker 1.9.2 Cedrick Collomb 30/03/2015 1.9.2
Validity WBF DDK 5111 Validity Sensors, Inc. 17/02/2015 7.00 MB 4.5.232.0
VLC media player VideoLAN 19/09/2015 2.2.1
VMware Player VMware, Inc 09/07/2015 390 MB 7.1.2
WinRAR 5.21 (64-bit) win.rar GmbH 24/02/2015 5.21.0
XCOM 2 25/05/2016 33.2 GB
Zork - The Great Underground Empire GOG.com 21/05/2016 11.3 MB 2.1.0.17
µTorrent BitTorrent Inc. 25/05/2016 3.4.7.42330
 
 
 
 
 


#6 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 AM

Posted 25 May 2016 - 01:20 PM

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task {31A63D93-0CDF-4A3D-8381-BEC1F4A62639} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\VirtualBox-5.0.6-103037-Win.exe -d H:\Downloads\Chrome \
Yes Task {40FDAF3B-2A55-4757-9C5B-7B38B27E103F} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\vcredist_x86.exe -d H:\Downloads\Chrome \
Yes Task {470D79E5-8D88-469D-A46D-DF87A6569211} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\ALPS_TPad-7.x2.303.107-Vis3264.exe -d H:\Downloads\Chrome \
Yes Task {6C5232F5-4DB3-45B4-9E7A-D8BEB4E50DDE} Microsoft Corporation C:\windows\system32\pcalua.exe -a "H:\Games\Baldur's Gate - Enhanced Edition\setup-widescreen.exe" -d "H:\Games\Baldur's Gate - Enhanced Edition" \
Yes Task {91F96AB0-A9A9-4871-8914-14921DD787F9} Microsoft Corporation C:\windows\system32\pcalua.exe -a "H:\Games\Baldur's Gate - Enhanced Edition\setup-bg1ub.exe" -d "H:\Games\Baldur's Gate - Enhanced Edition" \
Yes Task {C88890B5-F822-4773-A235-FE4AF699B442} Intel Corporation C:\Users\John\Desktop\win64_153631.4414.exe \
Yes Task {C8CCD145-8E98-4895-9971-3A7F23329FB0} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\win64_154010.4300.exe -d H:\Downloads\Chrome \
Yes Task {DC822D72-1804-4E91-8CE8-6D67FEFEF2B7} Microsoft Corporation C:\windows\system32\pcalua.exe -a "C:\Users\John\AppData\Local\Temp\{EC78D8E5-1C4E-4E8E-B1AC-7657FA3E7327}\Dreamweaver_15_LS20\Adobe Dreamweaver CC 2014.1\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe" -d "C:\Users\John\AppData\Local\Temp\{EC78D8E5-1C4E-4E8E-B1AC-7657FA3E7327}\Dreamweaver_15_LS20\Adobe Dreamweaver CC 2014.1\payloads\Microsoft VC 2010 Redist (x64)" \
Yes Task {DF9AD636-BBB0-4F8B-9A9E-714E69F70975} Microsoft Corporation C:\windows\system32\pcalua.exe -a H:\Downloads\Chrome\win64_153631.4414.exe -d H:\Downloads\Chrome \
 
Update Adobe Flash for IE.....Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 19/09/2015 17.8 MB 18.0.0.232
 
Uninstall these programs:
ESET Online Scanner v3 25/05/2016
Java 8 Update 65 Oracle Corporation 24/10/2015 21.0 MB 8.0.650.17
µTorrent BitTorrent Inc. 25/05/2016 3.4.7.42330

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Apollo767

Apollo767
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 27 May 2016 - 09:23 AM

Hi,

so, stuff just got more fun.

A) all my software and icons (most of them) disapeared (don't think it's actually gone since memory usage of my SSD is the same)
B) can't see tasks in CCleaner, it's blank
C) can't start malwarebytes (even with chameleon in safe mode)
D) AV is not reporting anything malicious

Thoughts?

Thanks

Edited by Apollo767, 27 May 2016 - 09:24 AM.


#8 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:42 AM

Posted 27 May 2016 - 10:20 AM

You need to start a new topic in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Apollo767

Apollo767
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 27 May 2016 - 11:54 AM

posted here:  http://www.bleepingcomputer.com/forums/t/615547/got-nailed-most-software-disappearednot-rly-though-avam-not-working/

 

could you please delete the duplicates? For some reason when I clicked on "post it" it posted it but the page didn't reload/change, clicked couple times on is as suspected connection issue = post posted 4x.. :/

 

thanks



#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:42 AM

Posted 27 May 2016 - 04:58 PM

Hello,

Now that you have posted a log at the above link: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log. I have deleted the 3 additional duplicate logs for you as requested.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users