Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Possible Keylogger Virus

This is a discussion on Possible Keylogger Virus within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I have been having a problem with my laptop, mainly while playing games on Facebook (that is the only problem


 
 
Thread Tools Search this Thread
Old 01-02-2014, 03:34 PM   #1
Registered Member
 
Join Date: Jan 2014
Posts: 2
OS: Windows 7



I have been having a problem with my laptop, mainly while playing games on Facebook (that is the only problem I have detected so far). Sometimes when playing Slotomania, it appears as if someone is playing on my account ( I will be playing, and it appears as if someone else is playing the game at the same time, until I have no credits left). I can be sitting there and see the credits disappear. I have been told that it is likely a keylogger virus, and I should scan the system to get rid of it. I have scanned with Malware Byte, Spy Bot, and Microsoft Security Essentials, but am still experiencing the same problems. I am a novice at all of this so please be gentle.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Teresa at 17:52:46 on 2014-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2055 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe
C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\windows\system32\Dwm.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP991C7C76-5D61-48E4-8DEF-AB4BCCBF9082&SSPV=
uDefault_Page_URL = hxxp://start.toshiba.com/
mWinlogon: Userinit = userinit.exe,
BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AC50D52A-7619-48D5-9141-1E7DC7E76D3F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AC50D52A-7619-48D5-9141-1E7DC7E76D3F}\45562756371602D41627378616C6C6 : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{AC50D52A-7619-48D5-9141-1E7DC7E76D3F}\F54527166756C65627370275966496 : DHCPNameServer = 10.100.224.1
TCP: Interfaces\{AC50D52A-7619-48D5-9141-1E7DC7E76D3F}\F5C416376556761637E2E456470225F48373 : DHCPNameServer = 10.100.192.1
TCP: Interfaces\{B7FD8814-F2C9-4D8C-A15F-EDFD8CB4120F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAA34331-805B-463C-8B37-F51C00EFEEE8} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\u89nc3bp.default-1385951061197\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP991C7C76-5D61-48E4-8DEF-AB4BCCBF9082&SSPV=
FF - prefs.js: keyword.URL -
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-01 21:21; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-9-17 482384]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-12-31 46368]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2013-12-16 2251552]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-31 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-31 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-1-22 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-1-22 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-1-22 342528]
R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2009-9-17 60416]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2009-9-17 81408]
R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2009-9-17 55808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-31 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-31 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-31 171416]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 Update BetterBrowse;Update BetterBrowse;C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe [2013-12-3 66856]
R2 Util BetterBrowse;Util BetterBrowse;C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe [2014-1-1 66856]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-31 1771544]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2009-9-17 9216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-31 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2009-9-17 35008]
R3 pneteth;PdaNet Broadband;C:\windows\System32\drivers\pneteth.sys [2010-11-3 15360]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-9-17 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2009-9-17 946688]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-9-17 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2012-11-15 319488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-4-12 245760]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-2 111616]
S3 pnetmdm;PdaNet Modem;C:\windows\System32\drivers\pnetmdm64.sys [2010-4-13 17920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-10-6 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
.
=============== Created Last 30 ================
.
2014-01-02 22:14:01 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{060B7C58-8C65-41B6-ADC6-FD7335E23917}\mpengine.dll
2014-01-01 02:17:27 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42C2C2DD-3144-4D36-847F-1169ECD563F0}\gapaengine.dll
2014-01-01 02:17:22 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 02:16:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-01-01 02:16:05 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-01-01 02:08:37 -------- d-----w- C:\Users\Teresa\AppData\Local\AVG SafeGuard toolbar
2014-01-01 02:08:20 46368 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2014-01-01 02:08:13 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-01-01 02:08:11 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2014-01-01 02:08:10 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-01 02:07:41 -------- d--h--w- C:\ProgramData\Common Files
2014-01-01 0234 -------- d-----w- C:\Program Files (x86)\BetterBrowse
2014-01-01 02:05:23 -------- d-----w- C:\Program Files (x86)\weDownload Manager Pro
2014-01-01 02:05:14 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-01-01 00:26:17 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2014-01-01 00:26:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-01-01 00:26:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-31 21:47:36 -------- d-----w- C:\Users\Teresa\AppData\Roaming\Malwarebytes
2013-12-31 21:47:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-31 21:47:07 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-12-31 21:47:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-31 21:46:46 -------- d-----w- C:\Users\Teresa\AppData\Local\Programs
2013-12-31 21:30:37 -------- d-----w- C:\windows\SysWow64\SearchProtect
2013-12-20 21:41:28 872352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-12-20 14:36:12 -------- d-----w- C:\Users\Teresa\AppData\Local\SearchProtect
2013-12-16 00:28:05 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-16 00:28:05 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-16 00:28:04 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2013-12-16 00:28:03 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2013-12-16 00:17:36 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-16 00:17:33 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-12-16 00:17:14 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-12-16 00:17:12 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-12-16 00:17:03 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-12-16 00:16:53 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-12-16 00:16:53 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-12-16 00:16:12 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-12-16 00:16:12 2048 ----a-w- C:\windows\System32\tzres.dll
2013-12-13 22:48:03 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-12-13 22:48:03 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2013-12-13 22:47:47 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-12-13 22:47:47 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-12-13 22:47:46 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-12-13 22:47:46 156160 ----a-w- C:\windows\System32\cscript.exe
2013-12-13 22:47:46 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-12-13 22:47:45 168960 ----a-w- C:\windows\System32\wscript.exe
2013-12-13 22:47:45 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-12-13 22:47:44 126976 ----a-w- C:\windows\SysWow64\cscript.exe
.
==================== Find3M ====================
.
2014-01-02 22:19:06 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-02 22:19:06 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
.
============= FINISH: 17:53:03.56 ===============
Attached Files
File Type: zip attach.zip (3.3 KB, 30 views)
File Type: zip ark.zip (1.3 KB, 28 views)

__________________
slowmo1817 is offline  
Old 01-05-2014, 10:06 AM   #2
Registered Member
 
Join Date: Jan 2014
Posts: 2
OS: Windows 7



Bump please.

__________________
slowmo1817 is offline  
Old 02-08-2014, 01:22 PM   #3
Security Team
Analyst
 
Piper's Avatar
 
Join Date: Jun 2010
Location: California
Posts: 972
OS: Windows XP Service Pack 3



Hello slowmo1817.

Apologies for the wait. Do you still need help? I am looking over your logs now and will get back to you as soon as possible.

If you have not done so already, you may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

To help make this fix go as smoothly as possible, please do not run any scans, use any tools, or install/uninstall any applications unless requested.

Even if your symptoms seem to disappear at some point during this fix, please stay with me until I confirm the infection is gone. An infection could still be present on your system even if there are no obvious signs.

Please be patient with me during the course of this fix, as it will likely require multiple steps to completely remove your infection.

During this process, read each of my posts carefully before you continue. If you have any questions about any of the instructions I give you, please ask them before you begin.

Also please note that this forum is very busy; if I don't hear back from you within three days, this thread will be closed.
__________________
Piper is offline  
Old 03-20-2014, 11:00 PM   #4
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,972
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit and Virus Infected
Had to run tests in Safemode, will not run under regular mode...BSOD, Browser's taken over, desktop changes and Voices and laughter in all browsers. Daughter and friend have made some attemps to fix.. Toshiba: Satelite A205-S7458 Windows Vista Home Premium V6.0.6002 DDS (Ver_2012-11-20.01)...
Azfield Resolved HJT Threads 15 11-26-2013 05:34 AM
Problems
I believe I have some corruption and/or malware on this system. Its an overall pain in the butt. Here is DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1 Run by Josh at 9:20:56 on 2012-12-01
Jtsou Inactive Malware Help Topics 48 12-21-2012 06:55 AM
I scanned =o
Hi. I was redirected from this thread and told to virus scan and stuff. So here it is! Dds: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0 Run by Pojo at 11:59:08 on 2012-09-28 Microsoft Windows 7 Home Premium ...
Paranite Resolved HJT Threads 18 10-21-2012 07:25 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:35 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts