Jump to content

Rootkits?

justmeee

By justmeee
in Resolved Malware Removal Logs

 Share

Recommended Posts

justmeee

justmeee

Posted
Posted

Hi, i just installed AVG 2014 (30 day free trial) to my laptop and did a scan. It found 3 rootkits.

I was told to come here and post these

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 25/02/2010 4:30:28 PM
System Uptime: 4/01/2014 12:07:20 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | KSWAA
Processor: Pentium® Dual-Core CPU       T4400  @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 113.447 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_04F2&PID_B128&MI_00\6&191461A9&0&0000
Manufacturer: Microsoft
Name: USB2.0 UVC WebCam
PNP Device ID: USB\VID_04F2&PID_B128&MI_00\6&191461A9&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
RP160: 5/12/2013 6:46:00 PM - Avg Update
RP161: 12/12/2013 2:54:03 AM - Windows Update
RP162: 23/12/2013 1:13:59 AM - Installed Java 7 Update 45
RP163: 30/12/2013 9:50:59 PM - Scheduled Checkpoint
RP164: 3/01/2014 5:29:42 PM - Installed AVG 2014
RP165: 3/01/2014 5:31:31 PM - Removed AVG Free 9.0
RP166: 3/01/2014 5:36:05 PM - Installed AVG 2014
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
AVG 2014
Business Contact Manager for Outlook 2007 SP2
Direct DiscRecorder
Dodo Wireless Broadband
DVD MovieFactory for TOSHIBA
GIMP 2.6.11
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiddenWorldOfArt2
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 45
Java Auto Updater
Java 6 Update 14
JavaFX 2.1.1
Junk Mail filter update
LSI V92 MOH Application
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 25.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
OGA Notifier 2.0.0048.0
Optus Wireless Broadband
PaintTool SAI Ver.1
PC Connectivity Solution
PlayReady PC Runtime x86
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Serif DrawPlus Starter Edition
swMSM
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Utility Common Driver
Visual Studio 2012 x86 Redistributables
Windows Driver Package - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Software Update
Yahoo! Toolbar
Yahoo!7 Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/01/2014 12:08:15 AM, Error: Service Control Manager [7024]  - The Norton Internet Security service terminated with service-specific error %%-1.
4/01/2014 12:08:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0x80000004, 0x82c7df3c, 0x8ad1bb34, 0x8ad1b710). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 010414-39655-01.
30/12/2013 7:00:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x00000004, 0x00000258, 0x851dda70, 0x82d60b24). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 123013-29624-01.
30/12/2013 6:49:00 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
30/12/2013 6:48:30 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/01/2014 5:43:32 PM, Error: Service Control Manager [7024]  - The AVG Firewall service terminated with service-specific error %%-536805289.
3/01/2014 5:42:19 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Home at 0:11:44 on 2014-01-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.1913.730 [GMT 11:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\FsUsbExService.Exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\conhost.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - 
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - 
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - 
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [Akamai NetSession Interface] "c:\users\home\appdata\local\akamai\netsession_win.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NPSStartup] <no file>
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{30B3C338-479C-4F2D-866D-BF2D0AA98202} : DHCPNameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{962D3D3D-5450-4827-8538-DEC87B6177C4} : DHCPNameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{BA6B8F64-9C6C-4967-8DE8-3AE4B784E92C} : NameServer = 202.136.43.208 202.136.42.208
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - 
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\t263i4zc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\home\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\home\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-11-12 310320]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 33112]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-11-12 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-11-12 467592]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100310.001\IDSvix86.sys [2010-3-11 343088]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-4 233472]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-11 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-11 701512]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-4 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-11 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-10 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-10 859136]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-10 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-11-12 117648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-11-12 100864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-7 235216]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-2-10 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-10 171520]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-4 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-4 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-4 121856]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2011-1-13 106752]
.
=============== Created Last 30 ================
.
2014-01-03 06:43:43 -------- d-----w- c:\users\home\appdata\roaming\AVG2014
2014-01-03 06:43:09 -------- d-----w- c:\users\home\appdata\roaming\TuneUp Software
2014-01-03 06:37:13 -------- d-----w- c:\programdata\AVG2014
2014-01-03 06:12:33 -------- d-----w- c:\users\home\appdata\local\MFAData
2014-01-03 06:12:33 -------- d-----w- c:\users\home\appdata\local\Avg2014
2013-12-22 14:16:34 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-11 13:35:40 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 13:35:39 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 13:35:39 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 13:35:39 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 13:35:39 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 13:35:37 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 13:35:33 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 13:35:32 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 13:35:32 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
.
==================== Find3M  ====================
.
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-20 23:44:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 23:44:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 23:44:03 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 23:44:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 23:44:01 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 23:44:00 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 23:44:00 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 23:42:40 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-11-20 23:42:40 619520 ----a-w- c:\windows\system32\tdh.dll
2013-11-20 23:42:40 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-20 23:42:40 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-20 23:42:40 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-11-20 23:42:24 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-20 23:42:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-20 23:42:23 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-20 23:42:11 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-05 10:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 10:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 12:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 11:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-24 11:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH:  0:14:10.83 ===============
 

Thanks for your time. :)

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted

Sorry I'm kind of stuffing this up and I can't edit my post

I just downloaded the 32 bit roguekiller and it started to scan right away, I use windows 7, is it ok to let it scan right away after it gives the warning -allow this program to make changes to your hard drive - and clicking yes? It doesn't download to my desktop and I don't get a chance to close my programs or turn off the internet

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Home [Admin rights]

Mode : Scan -- Date : 01/07/2014 16:42:40

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-26ZCT0 +++++

--- User ---

[MBR] a24d33ff16620d0ed509f30f8557ff09

[bSP] 23971975f79e669eeef006383044733c : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293192 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603531264 | Size: 10552 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01072014_164240.txt >>
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

You have AVG, Norton and Defender on the system.
Pick which one you're going to for your anti-virus and uninstall the other.
Please disable Defender also:
How to Disable Defender

Dangers of running 2 anti-virus programs

 

AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg


MrC

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted
I deleted nortons and disabled windows defender

 

Log number 1

 

14:02:27.0317 0x15e8  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50

14:02:44.0870 0x15e8  ============================================================

14:02:44.0870 0x15e8  Current date / time: 2014/01/08 14:02:44.0870

14:02:44.0870 0x15e8  SystemInfo:

14:02:44.0870 0x15e8  

14:02:44.0870 0x15e8  OS Version: 6.1.7601 ServicePack: 1.0

14:02:44.0870 0x15e8  Product type: Workstation

14:02:44.0870 0x15e8  ComputerName: HOME

14:02:44.0871 0x15e8  UserName: Home

14:02:44.0871 0x15e8  Windows directory: C:\windows

14:02:44.0871 0x15e8  System windows directory: C:\windows

14:02:44.0871 0x15e8  Processor architecture: Intel x86

14:02:44.0871 0x15e8  Number of processors: 2

14:02:44.0871 0x15e8  Page size: 0x1000

14:02:44.0871 0x15e8  Boot type: Normal boot

14:02:44.0871 0x15e8  ============================================================

14:02:46.0670 0x15e8  KLMD registered as C:\windows\system32\drivers\39165256.sys

14:02:47.0245 0x15e8  System UUID: {3CC295B1-8EE9-EAD2-1B77-993F70FD4CE2}

14:02:48.0955 0x15e8  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:02:48.0976 0x15e8  ============================================================

14:02:48.0976 0x15e8  \Device\Harddisk0\DR0:

14:02:48.0976 0x15e8  MBR partitions:

14:02:48.0976 0x15e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CA4000

14:02:48.0976 0x15e8  ============================================================

14:02:49.0280 0x15e8  C: <-> \Device\Harddisk0\DR0\Partition1

14:02:49.0454 0x15e8  ============================================================

14:02:49.0454 0x15e8  Initialize success

14:02:49.0454 0x15e8  ============================================================

14:07:15.0757 0x1030  KLMD registered as C:\windows\system32\drivers\84076726.sys

14:07:19.0238 0x1030  Deinitialize success

 

Log 2

 


Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted

I have a problem with ComboFix because it's not giving me the option to save to my desktop, a warning like this pops up -

combopic_zps1e94c41a.png

 

 

If I click yes, it skips straight to the terms of combofix and the guide says if I click accept, the scan will start straight from my browser. So I turned of user account control warnings and now when I click CF download it still goes straight to the terms and doesn't give me a chance to save to my desktop like I should.?

The same thing happened with TDSSkiller

Sorry to post a picture

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted

Thanks that worked!

Sorry it took a while to answer

Here's what I got from combofix

 

ComboFix 14-01-08.03 - Home 10/01/2014  20:02:08.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.1913.1143 [GMT 11:00]
Running from: C:\Users\Home\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
C:\windows\system32\Cache
C:\windows\system32\Cache\26c630d098e22dd5.fb
C:\windows\system32\Cache\272512937d9e61a4.fb
C:\windows\system32\Cache\287204568329e189.fb
C:\windows\system32\Cache\28bc8f716fd76a47.fb
C:\windows\system32\Cache\2c53092c95605355.fb
C:\windows\system32\Cache\31a0997e9a5b5eb3.fb
C:\windows\system32\Cache\32c84fe32bb74d60.fb
C:\windows\system32\Cache\3917078cb68ec657.fb
C:\windows\system32\Cache\3d926535536943a5.fb
C:\windows\system32\Cache\4da2557131712d98.fb
C:\windows\system32\Cache\590ba23ce359fd0c.fb
C:\windows\system32\Cache\610289e025a3ee9a.fb
C:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
C:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\windows\system32\Cache\6d03dad1035885d3.fb
C:\windows\system32\Cache\760ede6c908e56d7.fb
C:\windows\system32\Cache\95f567698be8a182.fb
C:\windows\system32\Cache\9673e99bffe78cbc.fb
C:\windows\system32\Cache\a462ac06ec7459c6.fb
C:\windows\system32\Cache\a8556537add6dfc5.fb
C:\windows\system32\Cache\ad10a52aff5e038d.fb
C:\windows\system32\Cache\c1fa887b03019701.fb
C:\windows\system32\Cache\c4d28dca2e7648be.fb
C:\windows\system32\Cache\c53864855be6162a.fb
C:\windows\system32\Cache\d201ef9910cd39de.fb
C:\windows\system32\Cache\d2e94710a5708128.fb
C:\windows\system32\Cache\d79b9dfe81484ec4.fb
C:\windows\system32\Cache\e702177d165e2429.fb
C:\windows\system32\Cache\f998975c9cc711ee.fb
 
 
(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))
 
 
2014-01-10 11:26:15 . 2014-01-10 11:30:06 -------- d-----w- C:\Users\Home\AppData\Local\temp
2014-01-10 11:26:15 . 2014-01-10 11:26:15 -------- d-----w- C:\Users\hedev\AppData\Local\temp
2014-01-10 11:26:15 . 2014-01-10 11:26:15 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-07 09:56:22 . 2013-12-15 14:54:26 7760024 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{286DADF7-5A6E-4E6E-BF05-BCCB3C76618A}\mpengine.dll
2014-01-03 06:43:43 . 2014-01-03 06:43:43 -------- d-----w- C:\Users\Home\AppData\Roaming\AVG2014
2014-01-03 06:43:09 . 2014-01-03 06:43:09 -------- d-----w- C:\Users\Home\AppData\Roaming\TuneUp Software
2014-01-03 06:37:13 . 2014-01-03 06:43:49 -------- d-----w- C:\ProgramData\AVG2014
2014-01-03 06:30:26 . 2014-01-03 06:50:51 -------- d-----w- C:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2014-01-03 06:12:33 . 2014-01-03 06:50:20 -------- d-----w- C:\Users\Home\AppData\Local\Avg2014
2014-01-03 06:12:33 . 2014-01-03 06:12:33 -------- d-----w- C:\Users\Home\AppData\Local\MFAData
2013-12-22 14:16:34 . 2013-12-22 14:16:26 94632 ----a-w- C:\windows\system32\WindowsAccessBridge.dll
2013-12-11 13:35:40 . 2013-10-19 01:36:59 159232 ----a-w- C:\windows\system32\imagehlp.dll
2013-12-11 13:35:39 . 2013-10-12 02:04:36 121856 ----a-w- C:\windows\system32\wshom.ocx
2013-12-11 13:35:39 . 2013-10-12 02:03:31 163840 ----a-w- C:\windows\system32\scrrun.dll
2013-12-11 13:35:39 . 2013-10-12 01:15:48 141824 ----a-w- C:\windows\system32\wscript.exe
2013-12-11 13:35:39 . 2013-10-12 01:15:48 126976 ----a-w- C:\windows\system32\cscript.exe
2013-12-11 13:35:37 . 2013-11-12 02:07:29 2048 ----a-w- C:\windows\system32\tzres.dll
2013-12-11 13:35:33 . 2013-10-30 01:27:28 2349056 ----a-w- C:\windows\system32\win32k.sys
2013-12-11 13:35:32 . 2013-10-04 01:49:41 81408 ----a-w- C:\windows\system32\drivers\drmk.sys
2013-12-11 13:35:32 . 2013-10-04 01:17:08 177152 ----a-w- C:\windows\system32\drivers\portcls.sys
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-01-07 05:42:36 . 2014-01-07 05:42:36 92672 ----a-w- C:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-07 05:42:36 . 2014-01-07 05:42:36 16384 ----a-w- C:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-07 05:42:36 . 2014-01-07 05:42:36 132224 ----a-w- C:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-07 05:42:36 . 2014-01-07 05:42:36 106752 ----a-w- C:\windows\system32\drivers\zghsmdm.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 9728 ----a-w- C:\windows\system32\drivers\wfplwf.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 527064 ----a-w- C:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 47720 ----a-w- C:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 35968 ----a-w- C:\windows\system32\drivers\winusb.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 19008 ----a-w- C:\windows\system32\drivers\wimmount.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 14912 ----a-w- C:\windows\system32\drivers\wmilib.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:35 11264 ----a-w- C:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-07 05:42:35 . 2014-01-07 05:42:34 19024 ----a-w- C:\windows\system32\drivers\wd.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 63488 ----a-w- C:\windows\system32\drivers\wanarp.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 48128 ----a-w- C:\windows\system32\drivers\vwififlt.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 35328 ----a-w- C:\windows\system32\drivers\watchdog.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 21632 ----a-w- C:\windows\system32\drivers\wacompen.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 19968 ----a-w- C:\windows\system32\drivers\vwifibus.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 14336 ----a-w- C:\windows\system32\drivers\vwifimp.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:34 141904 ----a-w- C:\windows\system32\drivers\vsmraid.sys.bak
2014-01-07 05:42:34 . 2014-01-07 05:42:33 245632 ----a-w- C:\windows\system32\drivers\volsnap.sys.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:33 53328 ----a-w- C:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:33 53120 ----a-w- C:\windows\system32\drivers\volmgr.sys.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:33 52736 ----a-w- C:\windows\system32\drivers\viac7.sys.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:33 297040 ----a-w- C:\windows\system32\drivers\volmgrx.sys.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:33 16976 ----a-w- C:\windows\system32\drivers\viaide.sys.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:33 111616 ----a-w- C:\windows\system32\drivers\videoprt.sys.bak
2014-01-07 05:42:33 . 2014-01-07 05:42:32 160128 ----a-w- C:\windows\system32\drivers\vhdmp.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 76288 ----a-w- C:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 32832 ----a-w- C:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 26112 ----a-w- C:\windows\system32\drivers\vgapnp.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 26112 ----a-w- C:\windows\system32\drivers\usbrpm.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 25088 ----a-w- C:\windows\system32\drivers\vga.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 24064 ----a-w- C:\windows\system32\drivers\usbuhci.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:32 146816 ----a-w- C:\windows\system32\drivers\usbvideo.sys.bak
2014-01-07 05:42:32 . 2014-01-07 05:42:31 19968 ----a-w- C:\windows\system32\drivers\usbprint.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 86016 ----a-w- C:\windows\system32\drivers\usbcir.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 75776 ----a-w- C:\windows\system32\drivers\usbccgp.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 5888 ----a-w- C:\windows\system32\drivers\usbd.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 42496 ----a-w- C:\windows\system32\drivers\usbehci.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 284672 ----a-w- C:\windows\system32\drivers\usbport.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 258560 ----a-w- C:\windows\system32\drivers\usbhub.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 25856 ----a-w- C:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-07 05:42:31 . 2014-01-07 05:42:31 20480 ----a-w- C:\windows\system32\drivers\usbohci.sys.bak
2014-01-07 05:42:30 . 2014-01-07 05:42:30 8192 ----a-w- C:\windows\system32\drivers\umpass.sys.bak
2014-01-07 05:42:30 . 2014-01-07 05:42:30 57424 ----a-w- C:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-07 05:42:30 . 2014-01-07 05:42:30 39936 ----a-w- C:\windows\system32\drivers\umbus.sys.bak
2014-01-07 05:42:30 . 2014-01-07 05:42:30 25856 ----a-w- C:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-07 05:42:30 . 2014-01-07 05:42:30 15872 ----a-w- C:\windows\system32\drivers\usb8023.sys.bak
2014-01-07 05:42:30 . 2014-01-07 05:42:29 246784 ----a-w- C:\windows\system32\drivers\udfs.sys.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 55888 ----a-w- C:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 52224 ----a-w- C:\windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 31232 ----a-w- C:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 275536 ----a-w- C:\windows\system32\drivers\tos_sps32.sys.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 23512 ----a-w- C:\windows\system32\drivers\TVALZ_O.SYS.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 12920 ----a-w- C:\windows\system32\drivers\TVALZFL.sys.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:29 108544 ----a-w- C:\windows\system32\drivers\tunnel.sys.bak
2014-01-07 05:42:29 . 2014-01-07 05:42:28 53120 ----a-w- C:\windows\system32\drivers\termdd.sys.bak
2014-01-07 05:42:28 . 2014-01-07 05:42:28 74752 ----a-w- C:\windows\system32\drivers\tdx.sys.bak
2014-01-07 05:42:28 . 2014-01-07 05:42:28 35328 ----a-w- C:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-07 05:42:28 . 2014-01-07 05:42:28 24576 ----a-w- C:\windows\system32\drivers\tdtcp.sys.bak
2014-01-07 05:42:28 . 2014-01-07 05:42:28 22912 ----a-w- C:\windows\system32\drivers\tdcmdpst.sys.bak
2014-01-07 05:42:28 . 2014-01-07 05:42:28 21504 ----a-w- C:\windows\system32\drivers\tdi.sys.bak
2014-01-07 05:42:28 . 2014-01-07 05:42:28 18432 ----a-w- C:\windows\system32\drivers\tdpipe.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 53632 ----a-w- C:\windows\system32\drivers\stream.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 25648 ----a-w- C:\windows\system32\drivers\SymIMV.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 24576 ----a-w- C:\windows\system32\drivers\tape.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 213552 ----a-w- C:\windows\system32\drivers\SynTP.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 1294272 ----a-w- C:\windows\system32\drivers\tcpip.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 124976 ----a-w- C:\windows\system32\drivers\SYMEVENT.SYS.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:27 12240 ----a-w- C:\windows\system32\drivers\swenum.sys.bak
2014-01-07 05:42:27 . 2014-01-07 05:42:26 148864 ----a-w- C:\windows\system32\drivers\storport.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:26 5632 ----a-w- C:\windows\system32\drivers\StarOpen.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:26 21072 ----a-w- C:\windows\system32\drivers\stexstor.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:26 14976 ----a-w- C:\windows\system32\drivers\ss_bmdfl.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:26 121856 ----a-w- C:\windows\system32\drivers\ss_bmdm.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:26 12160 ----a-w- C:\windows\system32\drivers\ss_bwhnt.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:26 12160 ----a-w- C:\windows\system32\drivers\ss_bwh.sys.bak
2014-01-07 05:42:26 . 2014-01-07 05:42:25 12160 ----a-w- C:\windows\system32\drivers\ss_bcmnt.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 90112 ----a-w- C:\windows\system32\drivers\ss_bbus.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 405504 ----a-w- C:\windows\system32\drivers\spsys.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 311808 ----a-w- C:\windows\system32\drivers\srv.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 310272 ----a-w- C:\windows\system32\drivers\srv2.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 17472 ----a-w- C:\windows\system32\drivers\spldr.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 12160 ----a-w- C:\windows\system32\drivers\ss_bcm.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:25 114688 ----a-w- C:\windows\system32\drivers\srvnet.sys.bak
2014-01-07 05:42:25 . 2014-01-07 05:42:24 17408 ----a-w- C:\windows\system32\drivers\smclib.sys.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:24 77888 ----a-w- C:\windows\system32\drivers\sisraid4.sys.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:24 71168 ----a-w- C:\windows\system32\drivers\smb.sys.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:24 52304 ----a-w- C:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:24 40016 ----a-w- C:\windows\system32\drivers\sisraid2.sys.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:24 13824 ----a-w- C:\windows\system32\drivers\sfloppy.sys.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:24 12800 ----a-w- C:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-07 05:42:24 . 2014-01-07 05:42:23 12288 ----a-w- C:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 83456 ----a-w- C:\windows\system32\drivers\serial.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 26624 ----a-w- C:\windows\system32\drivers\scfilter.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 20480 ----a-w- C:\windows\system32\drivers\secdrv.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 19968 ----a-w- C:\windows\system32\drivers\sermouse.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 17920 ----a-w- C:\windows\system32\drivers\serenum.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 140160 ----a-w- C:\windows\system32\drivers\scsiport.sys.bak
2014-01-07 05:42:23 . 2014-01-07 05:42:23 11264 ----a-w- C:\windows\system32\drivers\sffdisk.sys.bak
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 19:08:00 1524056]
 
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-10 08:15:31 39408]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-05-13 00:22:18 102400]
"Akamai NetSession Interface"="C:\Users\Home\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 15:01:52 4489472]
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [2009-07-14 01:14:41 354304]
"Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 18:25:02 6595928]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2009-09-02 22:41:42 141848]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2009-09-02 22:41:30 174104]
"Persistence"="C:\windows\system32\igfxpers.exe" [2009-09-02 22:41:38 151064]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 03:38:06 352256]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 17:24:24 425984]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 05:33:40 34088]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 22:18:08 476512]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 22:00:10 460088]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 22:04:54 738616]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 05:12:56 7625248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 01:46:40 1545512]
"SmartFaceVWatcher"="C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 16:19:44 163840]
"Teco"="C:\Program Files\TOSHIBA\TECO\Teco.exe" [2009-08-10 18:56:38 1324384]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 02:17:06 611672]
"ToshibaServiceStation"="C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 18:48:46 1294136]
"TosWaitSrv"="C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 01:05:42 611672]
"TWebCamera"="C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 19:37:50 2446648]
"TosNC"="C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 21:06:58 466792]
"TosReelTimeMonitor"="C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 23:02:02 29528]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 00:10:28 35696]
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe" [2013-11-07 11:03:50 4956176]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\windows\System32\SPReview\SPReview.exe" [2013-05-18 17:54:59 280576]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
 
R2 avgfws;AVG Firewall;C:\Program Files\AVG\AVG2014\avgfws.exe [2013-09-23 14:35:44 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2014\avgidsagent.exe [2013-11-11 11:02:14 3478544]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 04:50:32 418376]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 04:50:32 701512]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 00:35:57 117648]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\system32\DRIVERS\ewusbnet.sys [2008-04-17 04:37:00 100864]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\system32\IEEtwCollector.exe [2013-11-26 08:29:52 108032]
R3 MBAMProtector;MBAMProtector;C:\windows\system32\drivers\mbam.sys [2013-04-04 04:50:32 22856]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 01:04:58 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 01:45:22 171520]
R3 RtsUIR;Realtek IR Driver;C:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 00:01:26 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 00:01:26 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 00:01:26 121856]
R3 SYMNDISV;Symantec Network Filter Driver;C:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 22:29:13 1343400]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-12 16:17:18 106752]
S0 AVGIDSHX;AVGIDSHX;C:\windows\system32\DRIVERS\avgidshx.sys [2013-10-24 11:28:32 147768]
S0 Avglogx;AVG Logging Driver;C:\windows\system32\DRIVERS\avglogx.sys [2013-10-31 11:30:08 222520]
S0 Avgrkx86;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-09 13:43:20 27448]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS [2010-02-10 08:37:36 310320]
S1 Avgdiskx;AVG Disk Driver;C:\windows\system32\DRIVERS\avgdiskx.sys [2013-11-05 10:50:48 120600]
S1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-25 23:00:38 47928]
S1 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-04 10:57:30 209176]
S1 AVGIDSShim;AVGIDSShim;C:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-16 13:57:26 22840]
S1 Avgldx86;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx86.sys [2013-10-31 12:00:28 176952]
S1 Avgtdix;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 05:08:52 193848]
S1 avgtp;avgtp;C:\windows\system32\drivers\avgtpx86.sys [2013-03-12 12:57:26 33112]
S1 BHDrvx86;Symantec Heuristics Driver;C:\windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [2010-01-20 21:18:24 259632]
S1 ccHP;Symantec Hash Provider;C:\windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [2011-11-12 09:35:15 467592]
S1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvix86.sys [2009-10-28 22:37:22 343088]
S2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-23 14:33:08 348008]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 03:52:38 181616]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 02:51:20 46448]
S2 FsUsbExService;FsUsbExService;C:\windows\system32\FsUsbExService.Exe [2009-05-11 00:04:34 233472]
S2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 17:37:32 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-10 18:57:12 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 03:31:08 12920]
S3 FsUsbExDisk;FsUsbExDisk;C:\windows\system32\FsUsbExDisk.SYS [2009-05-11 00:04:34 36608]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 06:52:04 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 06:19:22 859136]
S3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 18:48:42 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 02:16:32 111960]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 01:04:56 685424]
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
 
Contents of the 'Scheduled Tasks' folder
 
2014-01-10 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-26 21:54:40 . 2010-02-26 21:54:34]
 
2014-01-10 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-26 21:54:40 . 2010-02-26 21:54:34]
 
2013-12-11 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2295289776-1584613149-1216759775-1005Core1cef6115df4f445.job
- C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 05:57:55 . 2012-02-02 05:57:52]
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

The bottom part of the log from ComboFix got cut off, can you post or attach the complete log.

Then.......

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "NO".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted

I found out a way to save to my desktop all I have to do is download it then drag it to my desktop from the download list, just in case someone else has that problem.

And here's the log from aswmbr

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-11 21:06:32
-----------------------------
21:06:32.983    OS Version: Windows 6.1.7601 Service Pack 1
21:06:32.983    Number of processors: 2 586 0x170A
21:06:33.108    ComputerName: HOME  UserName: Home
21:06:38.942    Initialize success
21:06:44.444    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:06:44.444    Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
21:06:44.647    Disk 0 MBR read successfully
21:06:44.647    Disk 0 MBR scan
21:06:44.647    Disk 0 Windows VISTA default MBR code
21:06:44.694    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
21:06:44.694    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       293192 MB offset 3074048
21:06:45.042    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        10552 MB offset 603531264
21:06:45.072    Disk 0 scanning sectors +625141760
21:06:45.692    Disk 0 scanning C:\windows\system32\drivers
21:07:52.127    Service scanning
21:08:27.180    Modules scanning
21:08:40.409    Disk 0 trace - called modules:
21:08:40.424    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
21:08:40.970    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d3ac8]
21:08:40.970    3 CLASSPNP.SYS[88a0459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85aad028]
21:08:40.986    Scan finished successfully
21:08:56.555    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
21:08:56.555    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Not seeing any rootkits.

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted

Sorry it took ages to reply

 

Here's the AdwCleaner log

 

# AdwCleaner v3.017 - Report created 13/01/2014 at 20:41:59
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Home - HOME
# Running from : C:\Users\Home\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Home\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Home\AppData\LocalLow\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-GB)
 
[ File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\t263i4zc.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11494 octets] - [27/11/2013 18:19:59]
AdwCleaner[R1].txt - [1126 octets] - [13/01/2014 20:37:50]
AdwCleaner[s0].txt - [11541 octets] - [27/11/2013 18:21:21]
AdwCleaner[s1].txt - [1056 octets] - [13/01/2014 20:41:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1116 octets] ##########
 
 
Here's the MBAM scan
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.13.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Home :: HOME [administrator]
 
13/01/2014 8:51:50 PM
mbam-log-2014-01-13 (20-51-50).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346274
Time elapsed: 1 hour(s), 50 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
That's awesome that you don't see rootkits I'm so relieved. But AVG still says I have 3 rootkits with these names
 

Threat: Service function NtMapViewOfSection hook -> 0xFFFFFFFF8782F280

Severity: Medium 

State: Infected

 

Threat: Service function NtCreateThreadEx hook ->  0xFFFFFFFF878517A0

Severity: Medium 

State: Infected

 

Threat: Service function NtalpcConnectPort hook ->  0xFFFFFFFF869E5428

Severity: Medium 

State: Infected

 

is it just picking up something it thinks is bad but actually isn't? Could that be it since the other programs haven't found anything?

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
justmeee

justmeee

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG Internet Security 2014   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 6 Update 14  

 Java 7 Update 45  

 Adobe Flash Player 11.7.700.202  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox (26.0) 

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 AVG avgwdsvc.exe 

 AVG avgrsx.exe 

 AVG avgnsx.exe 

 AVG avgemc.exe 

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.