[Possible To Have A "Checkup"?]

Just making sure before i do it, I have a couple of questions:

1.Do I need to disable avast first?

2.Do I need to run it as administrator?

Thanks and sorry for being annoying.

[Possible To Have A "Checkup"?]

Okay when I tried running mbar, avast! behavior shield blocked it:

Program: C:\Users\michelle\Desktop\mbar-1.01.0.1020\mbar\mbar.exe

Action: Deny

Target: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\mbamchameleon

Could be because I set the heuristic sensitivity high for the shields..

and mbar said:

Could not load DDA driver.

DDA Driver was not installed which may be caused by rootkit activity.

Do you want to reboot the computer to install DDA driver (Scan will continue after reboot)?

Sorry, I may have missed something, was I supposed to turn off avast?Do I do yes to restart or no?

[Possible To Have A "Checkup"?]

I tried disabling Windows Defender like you said 2 windows popped up trying this:

This program is turned off, if you are using another program that checks fro hamrful or unwanted software, use the Action Center to check that programs status.

If you would like to use this program, click here to turn it on.

And:

Operation aborted (Error Code: 0x80004004)

Is that normal?

Okay I will download mbar now.

[Possible To Have A "Checkup"?]

Thanks for a reply!Okay I ran the scan:

RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzy

mail : tigzyRKgmailcom

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : michelle [Admin rights]

Mode : Scan -- Date : 02/22/2013 22:43:04

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++

--- User ---

[MBR] 45f2c5a2661d89b5f41418038f50ee56

[bSP] b7970fcac872dc62b02fb5ea5107fd9f : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 702812 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1442433024 | Size: 11091 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : >

RKreport[1]_S_02222013_02d2243.txt

btw what do you mean peer 2 peer software? Is there one on this system? If so what and where? Because I really dont think the owner of this computer would have that.Also, that bad process could be just notepad, I had it opened and forgot to close it before the scan. It closed it for me though.. Just letting you know

[Possible To Have A "Checkup"?]

This is my friends laptop, long story short, she isnt very good with computer security.

I want to check theres nothing on her computer, though I am no computer expert myself but I do have a little more knowledge than she does.

I know theres got to be some kind of virus, malware, spyware or something on it judging by her internet habits. (eg not updating java flash etc)

And she does banking and stuff on it so I want it to be clean for her.

Although there hasn't been any actual signs of infection (Aa far as I know), is it possible to have, like a 'checkup'?

Y'know, do what you nomally do if someone might be infected? Because I'm certain there has to be something on here.

The laptop has Windows 7 64-bit, Avast free and Malwarebytes free and they both do not detect anything in scans.

I have noticed though, in task manager there are 2 explorer.exe. But strangley one dissapeared after I typed this... But one was using more K then the other and both were running under my user name.

Thats all I can remember... sorry. Not sure if this is normal or not.

Also there are 2 mcorsvw.exe and 2 nvvsvc.exe running on task manager.

Also ctfmon.exe and conhost.exe come and go in thetask manager, I dont rememebr these ever being there.

ALSO it was very slow at startup. After entering password took around 1 min until it got to the desktop. Then maybe 1-3 min to load everything else like desktop items etc. but that could be because i did an avast boot time scan.. not sure.

Also in Resource Monitor, on Network, there are some TCP Connections that are just -

Image: - PID: - Local Address: xxx.xxx.xxx (they were numbers i cant just remember) etc I have no idea what this means or if I should post the full things of it if it can be used to hack me or something i dont know.

dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by michelle at 6:24:55 on 2013-02-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4354 [GMT 8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{29CF25C7-69A9-4E90-BEDA-04B0826B25EC} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{29CF25C7-69A9-4E90-BEDA-04B0826B25EC}\44168747562746574656723702E4564777F627B6 : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\michelle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-30 34880]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-30 14784]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2011-3-26 482384]

R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-28 21136]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-29 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-29 370288]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-29 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-29 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-13 44808]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-3-26 14112]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-3-26 60416]

R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-3-26 80384]

R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-4-26 53760]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-26 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-26 56344]

R3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\System32\drivers\hidshim.sys [2009-9-1 6656]

R3 nuvotonhidcir;Nuvoton HID CIR Receiver;C:\Windows\System32\drivers\nuvotonhidcir.sys [2009-9-1 26624]

R3 nuvotonir;Nuvoton CIR Transceiver;C:\Windows\System32\drivers\nuvotonir.sys [2009-9-1 68096]

R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-3-26 35008]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-26 291328]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-3-26 1110560]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-26 13336]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-26 1255736]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-9-14 353384]

S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-29 267192]

S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-23 822192]

.

=============== Created Last 30 ================

.

2013-02-21 18:44:55 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-21 18:44:31 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-02-21 18:44:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-12 13:55:45 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 13:55:45 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-12 13:55:32 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

.

============= FINISH: 6:26:08.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 25/03/2011 4:06:33 PM

System Uptime: 22/02/2013 3:47:41 AM (3 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz | rPGA988A Socket | 919/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 686 GiB total, 593.569 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP448: 8/02/2013 3:00:14 AM - Windows Update

RP449: 9/02/2013 6:23:33 AM - Windows Update

RP450: 10/02/2013 4:28:59 AM - Windows Update

RP451: 11/02/2013 7:00:38 AM - Windows Update

RP452: 12/02/2013 9:19:10 AM - Windows Update

RP453: 13/02/2013 3:03:53 AM - Windows Update

RP454: 14/02/2013 10:03:27 AM - Windows Update

RP455: 15/02/2013 3:00:12 AM - Windows Update

RP456: 16/02/2013 3:00:11 AM - Windows Update

RP457: 17/02/2013 3:09:39 AM - Windows Update

RP458: 18/02/2013 4:42:14 AM - Windows Update

RP459: 19/02/2013 4:45:54 AM - Windows Update

RP460: 20/02/2013 3:00:16 AM - Windows Update

RP461: 21/02/2013 3:04:09 AM - Windows Update

RP462: 21/02/2013 9:42:24 PM - Removed Java™ 6 Update 20

RP463: 21/02/2013 9:49:58 PM - Removed Facebook Video Calling 1.2.0.287

RP464: 21/02/2013 10:30:25 PM - Removed Adobe Reader 9.5.2.

RP465: 22/02/2013 2:43:44 AM - Installed Java 7 Update 15

RP466: 22/02/2013 3:00:11 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Amazon Kindle For PC v1.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Barbie as The Island Princess

BigPond Broadband ADSL

Bluetooth Stack for Windows by Toshiba

Bonjour

BookSmart® 3.3.1 3.3.1

Canon MP Navigator 3.0

Canon MP160

Corel WinDVD

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Direct DiscRecorder

Disneys Digital Coloring Book Featuring Toy Story 2

DVD MovieFactory for TOSHIBA

e-tax 2011

e-tax 2012

EA Download Manager

Fashion Toolbox Unregistered Trial Version

GIMP 2.8.2

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HDMI Control Manager

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

iTunes

Java 7 Update 15

Java Auto Updater

JumpStart Explorers

JumpStart Spanish

Junk Mail filter update

LEGO Digital Designer

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nuvoton CIR Device Drivers

NVIDIA 3D Vision Driver 260.64

NVIDIA Control Panel 260.64

NVIDIA Drivers

NVIDIA Graphics Driver 260.64

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0224

NVIDIA Stereoscopic 3D Driver

Origin

PlayReady PC Runtime amd64

QuickTime

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Realtek WLAN Driver

RICOH R5U230 Media Driver ver.2.09.03.01

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SpongeBob SquarePants Employee of the Month

SPORE™

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA PC Health Monitor

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Remote Control Manager

TOSHIBA Sleep Utility

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Value Added Package

TOSHIBA VIDEO PLAYER

TOSHIBA Web Camera Application

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)

Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)

Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Zoo Animals

.

==== Event Viewer Messages From Past Week ========

.

22/02/2013 6:01:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

22/02/2013 5:51:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

22/02/2013 5:50:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

22/02/2013 5:50:56 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

22/02/2013 12:53:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.

19/02/2013 10:42:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.

19/02/2013 10:42:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

17/02/2013 3:11:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 7 for x64-based Systems (KB2676562).

.

==== End Of File ===========================

Thanks and sorry if its a stupid question... Since theres no sign of infection yet, this can be a low priority topic, come here to help me AFTER your done with your jobs, you know.

btw I think thats a record for saying 'Also' the most in one post

[Question About Your 'Malware Removal - HijackThis Logs' Forum]

Im reaaally sorry if im posting this in the wrong place but I had a little question before I post a topic in the Malware Removal - HijackThis Logs forum.

Is it possible to have a 'checkup'? theres no actual signs of infection (as far as I know) but judging by the person that uses this computer (not updating flash, java etc using internet explorer, always reading .pdf files with an outdated version of adobe reader etc) im guessing theres got to be something bad on it and they use it for banking and stuff and I want them to be safe.

Sorry if this is a stupid question or a waste of your time... I know your busy and this probably isnt important..

Thanks anyway.

[I think I have a virus...]

Thanks alot for helping!!

But I just have a little question, its not important and I know its a bit off topic but its kinda little for starting a topic about it (Well, at least in my opinion) and I've made a few topics already.. (I know I'm annoying, admit it)

It appears windows defender is enabled on my computer (I didn't know that), it says realtime protection is on. I also use avast free antivirus and that has realtime protection. I haven't seen any conflicts or anything yet but I was wondering, is it bad having both on at the same time??

Thanks again!!

[I think I have a virus...]

Thank you very much!!

[I think I have a virus...]

Okay, deleted all the programs scans thingys and ran OTL and did cleanup.

The internet is still there but I dont think thats a problem.

So thats it?

[I think I have a virus...]

Okay I deleted the other stuff, just wanna know if MBAR has some uninstaller or do I just have to delete the folder or something? I clicked on properties for The Internet and it looks like internet explorer, it has settings like, home page, delete history, cookies etc. Just weird that I don't remember it being there before.. Oh well.

EDIT:I'm so sorry for double posting!! It said 'saving post...' when I tried to post it and it wasn't doing anything so I tried posting it again not realizing it DID post it!! Sorry!!

[I think I have a virus...]

Okay I deleted the other stuff, just wanna know if MBAR has some uninstaller or do I just have to delete the folder or something? I clicked on properties for The Internet and it looks like internet explorer, it has settings like, home page, delete history, cookies etc. Just weird that I don't remember it being there before.. Oh well.

[I think I have a virus...]

Here it is:

The one that says 'The Internet'. Is that Internet Explorer?? Because I seriously don't remember it there yesterday, or when I first turned on the computer today, I only noticed it after I done the Security Check scan.... (Yes, I haven't uninstalled all the scanners and stuff yet, only combofix.)Should I try uninstalling Security Check to see if it disappears?

btw on your other post, what does this mean?:

ComboFix found some malware, it doesn't always so everything it does though.

[I think I have a virus...]

Did that, the The Internet icon is still there, I can post a screen shot if you need.

[I think I have a virus...]

Thankyou very much! So there wasn't any virus/malware/anything bad in the first place?

But what I said before about the new thing in my desktop "The Internet"

Hey um I just noticed, after running Security Check, that there's something on my desktop right next to Security Check called: The Internet. The icon looks like the Internet Explorer picture but very very slightly different. I really don't remember that being there. Is that normal??

btw thanks again!

[I think I have a virus...]

Hey um I just noticed, after running Security Check, that there's something on my desktop right next to Security Check called: The Internet. The icon looks like the Internet Explorer picture but very very slightly different. I really don't remember that being there. Is that normal??EDIT:BTW sorry for not editing my last post, I only JUST saw that I'm now an honorary member and can edit posts!!

[I think I have a virus...]

Here we go:

Results of screen317's Security Check version 0.99.57

Windows Vista Service Pack 2 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 29

Java version out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

Mozilla Thunderbird (3.1.7) Thunderbird out of Date!

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

[I think I have a virus...]

Okay here it is:

# AdwCleaner v2.110 - Logfile created 02/04/2013 at 09:48:21

# Updated 03/02/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : User - USER-PC

# Boot Mode : Normal

# Running from : C:\Users\User\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\Software\TENCENT

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

-\\ Google Chrome v [unable to get version]

*************************

AdwCleaner[R1].txt - [640 octets] - [04/02/2013 09:48:21]

########## EOF - C:\AdwCleaner[R1].txt - [699 octets] ##########

[I think I have a virus...]

Okay, Combofix worked this time! After the scan was done firefox told me its not my default browser, I don't remember it doing that before. Nothing serious, just is that normal to happen after a combofix scan?

Anyway, heres the log:

ComboFix 13-02-03.03 - User 04/02/2013 8:59.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3582.2707 [GMT 8:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 )))))))))))))))))))))))))))))))

.

.

2013-02-04 01:04 . 2013-02-04 01:04 -------- d-----w- c:\users\User\AppData\Local\temp

2013-02-04 01:04 . 2013-02-04 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes

2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\programdata\Malwarebytes

2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-31 12:31 . 2012-12-14 08:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-23 06:35 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-23 06:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-23 06:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-23 06:35 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll

2013-01-23 06:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-23 06:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-23 06:35 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-23 06:35 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-23 06:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-23 06:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-23 06:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-23 06:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-01-23 06:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll

2013-01-23 05:43 . 2013-01-23 05:43 -------- d-----w- c:\programdata\ATI

2013-01-23 05:43 . 2013-01-23 05:43 -------- d-----w- c:\program files\AMD APP

2013-01-23 05:36 . 2013-01-23 05:36 -------- d-----w- C:\AMD

2013-01-23 05:02 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll

2013-01-23 05:02 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2013-01-23 05:02 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-23 05:02 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll

2013-01-23 05:02 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2013-01-23 05:02 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2013-01-23 05:02 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-23 04:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2013-01-23 04:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2013-01-23 04:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2013-01-23 04:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2013-01-23 04:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2013-01-23 04:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2013-01-23 04:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2013-01-23 04:44 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2013-01-23 04:44 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2013-01-23 04:43 . 2013-01-14 18:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92AB7671-5A35-424B-89A4-03E52D3293A4}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-23 05:39 . 2012-06-06 07:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-23 05:39 . 2011-12-02 09:31 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\system32\atiumdag.dll

2012-12-19 20:47 . 2012-12-19 20:47 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-12-19 20:22 . 2012-12-19 20:22 58880 ----a-w- c:\windows\system32\coinst_9.012.dll

2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\system32\aticalrt.dll

2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\system32\aticalcl.dll

2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\system32\aticaldd.dll

2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\system32\atioglxx.dll

2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\system32\aticfx32.dll

2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\system32\atidxx32.dll

2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-12-19 19:56 . 2012-12-19 19:56 482304 ----a-w- c:\windows\system32\atieclxx.exe

2012-12-19 19:55 . 2012-12-19 19:55 219136 ----a-w- c:\windows\system32\atiesrxx.exe

2012-12-19 19:54 . 2012-12-19 19:54 163840 ----a-w- c:\windows\system32\atitmmxx.dll

2012-12-19 19:54 . 2012-12-19 19:54 20992 ----a-w- c:\windows\system32\atimuixx.dll

2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\system32\atiumdva.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\atimpc32.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\amdpcom32.dll

2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\system32\atiadlxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\system32\atigktxx.dll

2012-12-19 19:32 . 2012-12-19 19:32 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\system32\atiuxpag.dll

2012-12-19 19:30 . 2011-04-19 17:21 83968 ----a-w- c:\windows\system32\atiu9pag.dll

2012-12-19 19:30 . 2011-04-19 17:21 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-12-19 07:45 . 2012-12-19 07:45 180224 ----a-w- c:\windows\system32\clinfo.exe

2012-12-19 07:44 . 2012-12-19 07:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll

2012-12-19 07:44 . 2012-12-19 07:44 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-12-19 07:38 . 2012-12-19 07:38 28732928 ----a-w- c:\windows\system32\amdocl.dll

2012-12-19 07:34 . 2012-12-19 07:34 50176 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-04 14:25 . 2012-05-04 14:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]

2012-01-11 23:29 28201096 ----a-w- c:\program files\Origin\Origin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 05:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3207166971-674977380-4252403477-1000]

"EnableNotificationsRef"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 02:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 05:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vf26uwhl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - ExtSQL: !HIDDEN! 2011-12-02 16:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-04 09:04

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\users\User\AppData\Local\Temp\RarSFX1\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3207166971-674977380-4252403477-1000\Software\SecuROM\License information*]

"datasecu"=hex:9d,ca,7a,b1,f2,af,16,ae,59,51,40,d0,3a,fd,82,b5,2c,89,f6,f6,9a,

91,ce,e8,83,4e,df,11,bc,d8,28,f7,ef,56,7b,bb,e2,45,2b,82,f6,85,16,b9,98,8d,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-02-04 09:06:14

ComboFix-quarantined-files.txt 2013-02-04 01:06

.

Pre-Run: 325,302,837,248 bytes free

Post-Run: 327,796,424,704 bytes free

.

- - End Of File - - F4564296E4ABB1C08663CDC6F6D2EC22

[I think I have a virus...]

Okay I'll try that tomorrow, already turned off the computer for the day. See ya..

[I think I have a virus...]

Um just then, I saw a couple of processes running in task manager that i don't remember seeing yesterday.

They don't look like viruses themselves but i just thought i'd let you know:

mpcmdrun.exe - Windows defender command line utility.  I dont use Windows defender so I am not sure what this does...

schtask.exe - Manages scheduled tasks.

Also, one of the svchost.exe in task manager is using around 10 - 25 CPU and I'm not doing anything.

When I click on Go to service(s), it shows me WinDefend. Again, I haven't touched windows defender, I'm not even sure if I have it enabled or not.. The Memory is 25,916 K and its running under SYSTEM.

On the resource monitor, under Disk, it was showing up svchost with lots of files.

i don't know how to explain it, it looked like this:

Image:                 PID:                  File:                                         Read (B/min)    blah blah all that stuff

svchost.exe        (I forgot)          C:\pagefile.sys (Page File)     Don't remember anything else

Except there was lots of svchost with lots of different files, C:\pagefile.sys (Page File) was the only file I remember.So I'm guessing either windows defender is doing a scan or something else...I don't know i just thought I should let you know in case you know what it means, it probably nothing but yeah..Also, thanks for helping me so far.Oh and by the way, so far, has any of the scans you've told me to do showed up any signs of a virus, malware, adware or anything yet? Just curious, because I wasn't exactly sure if I did have a virus when I started the topic...

[MBAM PRO Download has virus at CNET site]

Try loading one of the download links AdvancedSetup posted with javascript off. I think most of the ads use javascript so it doesn't load most of them since its turned off. Thats what I did to download my MBAM on bleeping computer.

If your using firefox, click on Options > Content > Enable javascript > No.

Im not sure for any other web browser.

[MBAM PRO Download has virus at CNET site]

Um I'm no PC expert, but I'm pretty sure you just need to download the normal MBAM then activate it with a code or something. I've never bought it before so I might be wrong. Did you download from the official website? http://www.malwarebytes.org/

Just try downloading the free version for now and do a scan with it. i guess.

And try doing a full scan with avast.

Remember I'm no expert so forgive me if I'm wrong.

[I think I have a virus...]

Do i just right click combofix and click Delete or do I have to uninstall it?

On the tutorial on bleeping computer it says:

To uninstall ComboFix from Windows Vista or Windows 7 please perform the following steps:

Click on the Start button () and then in the Search field enter

combofix /uninstall, as shown in the image below with the blue arrow.

Please note that there is a space between combofix and /uninstall.

I tried searching combofix \uninstall, (noting that there is a space between combofix and /uninstall) and No items match my search.

[I think I have a virus...]

Okay I tried to run ComboFix and it said this:

NSIS Error

Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to optain a new copy.

More information at:

http://nsis.sf.net/NSIS_Error

I saved it to the desktop, I disabled my anti-virus realtime protection. I closed all other windows. Did I do something wrong??

[I think I have a virus...]

Sorry... Just a few questions...

Do I need to disable the entire anti-virus/anti-malware program or just any real time protection?

Do I also need to disable my firewall?

Once the ComboFix scan is done, can I re-enable my anti-virus and anti-malware programs or do I need to delete it first?