Jess_123
Posts: 175 +0
I just want to run through whatever steps you want me to, to ensure that I am not infected still. Beats me how I continue to get viruses/malware, but really rather be safe than sorry. Maleware Bytes was even freezing on me!
I have 2 adds ons that usually come up as threats during the process, but aren't. One is a coupon printer the other is a gaming toolbar.
Here's the logs:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.03.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jessica :: JESSICA-PC [administrator]
9/3/2013 4:50:23 PM
mbam-log-2013-09-03 (16-50-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214059
Time elapsed: 8 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1101475E-31BD-520E-1C72-ECDB42284797} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\InstallMate\{01879CF8-E2C3-464F-A4A4-AAE1DA64BE0E}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{01879CF8-E2C3-464F-A4A4-AAE1DA64BE0E}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
(end)
------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2012 2:07:11 AM
System Uptime: 9/3/2013 5:01:36 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 235 GiB total, 201.578 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 50 GiB total, 11.374 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP155: 8/27/2013 5:58:02 AM - Windows Update
RP156: 8/30/2013 3:29:25 PM - Windows Update
RP157: 9/3/2013 8:54:03 AM - Installed 7-Zip 9.20 (x64 edition)
RP158: 9/3/2013 8:59:49 AM - Removed 7-Zip 9.20 (x64 edition)
RP159: 9/3/2013 3:49:03 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
avast! Free Antivirus
Best Recipes Ever Vol.21,Num.9
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.2
Conexant HD Audio
Coupon Printer for Windows
D3DX10
Defraggler
EaseUS Partition Master 9.1.1 Home Edition
ETDWare PS/2-X64 8.0.8.0_R01
FileHippo.com Update Checker
Foxit Reader
Gamers Unite! Snag Bar
Groovedown
GS Auto Clicker
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
IrfanView (remove only)
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Monopoly Here & Now SDR
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
OpenOffice.org 3.4
Orbit Downloader
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
SeaMonkey 2.20 (x86 en-US)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype Launcher
Skype™ 6.7
SUPERAntiSpyware
Switch Sound File Converter
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.7
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
WMV9/VC-1 Video Playback
XnView 1.99.1
.
==== Event Viewer Messages From Past Week ========
.
9/3/2013 3:44:02 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/3/2013 3:44:02 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/2/2013 7:38:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/1/2013 8:13:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Jessica at 17:02:50 on 2013-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1571 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uSearch Bar = Preserve
uProxyServer = :0
uProxyOverride = <local>;*.local
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8}\0556162702452756560223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8}\14454543236383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8}\84F4D454D224235323 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\1d9uwool.Jessica 3\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-22 01:41; keyword@evilpie.com; C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\1d9uwool.Jessica 3\extensions\keyword@evilpie.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-7-18 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-7-18 38016]
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-17 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-17 189936]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-18 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-10-25 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-7-18 203776]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-10-25 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-18 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-24 46808]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2012-7-18 126392]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-7-18 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-7-18 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-7-18 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 epmntdrv;epmntdrv;C:\windows\System32\epmntdrv.sys [2012-7-18 16776]
S3 EuGdiDrv;EuGdiDrv;C:\windows\System32\EuGdiDrv.sys [2012-7-18 9096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-7-18 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-18 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S4 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-7-27 205560]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2012-7-18 123320]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-3-29 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-18 51576]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-03 19:50:02 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF614AC3-9FFD-4FE3-918F-52E88B8029F7}\mpengine.dll
2013-09-03 07:00:58 -------- d-----w- C:\Users\Jessica\AppData\Roaming\Atari
2013-08-21 15:13:51 -------- d-----w- C:\ProgramData\StarApp
2013-08-21 15:10:13 -------- d-----w- C:\ProgramData\InstallMate
2013-08-15 21:27:10 216064 ----a-w- C:\windows\SysWow64\gcapi_dll.dll
2013-08-15 19:31:23 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-08-15 19:25:34 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-08-15 19:25:17 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-14 19:43:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 19:43:58 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 19:43:57 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 19:43:53 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-14 19:43:51 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-14 13:44:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-14 13:44:02 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-14 13:43:27 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-14 13:43:26 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-14 13:43:25 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-14 13:43:24 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-14 13:43:24 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-14 13:43:24 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-14 13:43:23 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-14 13:43:23 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-14 13:43:11 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-08-14 13:43:10 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-08-14 13:43:07 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-14 13:43:06 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
.
==================== Find3M ====================
.
2013-08-15 19:31:05 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-08-15 19:31:05 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-08-15 19:24:58 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-16 23:15:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-16 23:15:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-27 22:03:34 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-06-27 22:03:34 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 17:04:56.10 ===============
I have 2 adds ons that usually come up as threats during the process, but aren't. One is a coupon printer the other is a gaming toolbar.
Here's the logs:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.03.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jessica :: JESSICA-PC [administrator]
9/3/2013 4:50:23 PM
mbam-log-2013-09-03 (16-50-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214059
Time elapsed: 8 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1101475E-31BD-520E-1C72-ECDB42284797} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\InstallMate\{01879CF8-E2C3-464F-A4A4-AAE1DA64BE0E}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{01879CF8-E2C3-464F-A4A4-AAE1DA64BE0E}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
(end)
------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2012 2:07:11 AM
System Uptime: 9/3/2013 5:01:36 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 235 GiB total, 201.578 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 50 GiB total, 11.374 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP155: 8/27/2013 5:58:02 AM - Windows Update
RP156: 8/30/2013 3:29:25 PM - Windows Update
RP157: 9/3/2013 8:54:03 AM - Installed 7-Zip 9.20 (x64 edition)
RP158: 9/3/2013 8:59:49 AM - Removed 7-Zip 9.20 (x64 edition)
RP159: 9/3/2013 3:49:03 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
avast! Free Antivirus
Best Recipes Ever Vol.21,Num.9
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.2
Conexant HD Audio
Coupon Printer for Windows
D3DX10
Defraggler
EaseUS Partition Master 9.1.1 Home Edition
ETDWare PS/2-X64 8.0.8.0_R01
FileHippo.com Update Checker
Foxit Reader
Gamers Unite! Snag Bar
Groovedown
GS Auto Clicker
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
IrfanView (remove only)
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Monopoly Here & Now SDR
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
OpenOffice.org 3.4
Orbit Downloader
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
SeaMonkey 2.20 (x86 en-US)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype Launcher
Skype™ 6.7
SUPERAntiSpyware
Switch Sound File Converter
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.7
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
WMV9/VC-1 Video Playback
XnView 1.99.1
.
==== Event Viewer Messages From Past Week ========
.
9/3/2013 3:44:02 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/3/2013 3:44:02 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/2/2013 7:38:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/1/2013 8:13:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Jessica at 17:02:50 on 2013-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1571 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uSearch Bar = Preserve
uProxyServer = :0
uProxyOverride = <local>;*.local
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8}\0556162702452756560223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8}\14454543236383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB8155B3-AEB4-4C79-92EB-0CBF88A1AEB8}\84F4D454D224235323 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\1d9uwool.Jessica 3\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-22 01:41; keyword@evilpie.com; C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\1d9uwool.Jessica 3\extensions\keyword@evilpie.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-7-18 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-7-18 38016]
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-17 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-17 189936]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-18 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-10-25 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-7-18 203776]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-10-25 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-18 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-24 46808]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2012-7-18 126392]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-7-18 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-7-18 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-7-18 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 epmntdrv;epmntdrv;C:\windows\System32\epmntdrv.sys [2012-7-18 16776]
S3 EuGdiDrv;EuGdiDrv;C:\windows\System32\EuGdiDrv.sys [2012-7-18 9096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-7-18 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-18 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S4 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-7-27 205560]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2012-7-18 123320]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-3-29 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-18 51576]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-03 19:50:02 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF614AC3-9FFD-4FE3-918F-52E88B8029F7}\mpengine.dll
2013-09-03 07:00:58 -------- d-----w- C:\Users\Jessica\AppData\Roaming\Atari
2013-08-21 15:13:51 -------- d-----w- C:\ProgramData\StarApp
2013-08-21 15:10:13 -------- d-----w- C:\ProgramData\InstallMate
2013-08-15 21:27:10 216064 ----a-w- C:\windows\SysWow64\gcapi_dll.dll
2013-08-15 19:31:23 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-08-15 19:25:34 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-08-15 19:25:17 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-14 19:43:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 19:43:58 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 19:43:57 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 19:43:53 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-14 19:43:51 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-14 13:44:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-14 13:44:02 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-14 13:43:27 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-14 13:43:26 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-14 13:43:25 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-14 13:43:24 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-14 13:43:24 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-14 13:43:24 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-14 13:43:23 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-14 13:43:23 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-14 13:43:11 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-08-14 13:43:10 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-08-14 13:43:07 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-14 13:43:06 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
.
==================== Find3M ====================
.
2013-08-15 19:31:05 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-08-15 19:31:05 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-08-15 19:24:58 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-16 23:15:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-16 23:15:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-27 22:03:34 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-06-27 22:03:34 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 17:04:56.10 ===============