[Resolved] media player 12.2 update keeps popping up

  • 40 Replies
  • 8618 Views
*

Offline MBNxRotten

  • Bronze Member
  • 25
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #30 on: May 11, 2014, 07:09:05 AM »
no that didnt help i did that then went to craigslist and a new tab opened the i came here and four more opened.

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #31 on: May 11, 2014, 09:07:02 AM »
* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline MBNxRotten

  • Bronze Member
  • 25
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #32 on: May 11, 2014, 01:38:17 PM »
ComboFix 14-05-10.01 - Ruin 05/11/2014  15:14:26.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8169.4648 [GMT -4:00]
Running from: c:\users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CE5TECG\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\MICROSOFT
c:\windows\MICROSOFT\System Update kb70007\Installer.dll
c:\windows\MICROSOFT\System Update kb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\System Update kb70007\win32.reg
c:\windows\MICROSOFT\System Update kb70007\WindowsUpdater.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_System Update kb70007
-------\Service_System Update kb70007
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-11 to 2014-05-11  )))))))))))))))))))))))))))))))
.
.
2014-05-11 19:20 . 2014-05-11 19:20   --------   d-----w-   c:\users\Ruin\AppData\Local\temp
2014-05-11 19:20 . 2014-05-11 19:20   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-05-11 19:20 . 2014-05-11 19:20   --------   d-----w-   c:\users\Christian\AppData\Local\temp
2014-05-11 13:13 . 2014-04-16 10:22   10651704   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7490CA0A-ACE5-4021-A348-0D1C2EB3F635}\mpengine.dll
2014-05-10 11:03 . 2014-04-16 10:22   10651704   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 13:48 . 2014-05-08 13:48   --------   d-sh--w-   c:\users\Ruin\AppData\Local\EmieUserList
2014-05-08 13:48 . 2014-05-08 13:48   --------   d-sh--w-   c:\users\Ruin\AppData\Local\EmieSiteList
2014-05-08 13:28 . 2014-05-08 13:28   --------   d-sh--w-   c:\users\Kris\AppData\Local\EmieUserList
2014-05-08 13:28 . 2014-05-08 13:28   --------   d-sh--w-   c:\users\Kris\AppData\Local\EmieSiteList
2014-05-07 23:20 . 2014-04-29 14:01   23547904   ----a-w-   c:\windows\system32\mshtml.dll
2014-05-07 23:20 . 2014-04-29 13:40   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2014-05-07 23:20 . 2014-04-29 12:34   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2014-04-29 01:08 . 2014-01-09 02:22   5694464   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-04-29 01:08 . 2014-01-03 22:44   6574592   ----a-w-   c:\windows\system32\mstscax.dll
2014-04-29 01:01 . 2014-04-29 01:01   --------   d-s---w-   c:\windows\system32\CompatTel
2014-04-29 00:43 . 2013-05-10 05:56   12625920   ----a-w-   c:\windows\system32\wmploc.DLL
2014-04-29 00:43 . 2013-05-10 04:30   167424   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2014-04-29 00:43 . 2013-05-10 03:48   164864   ----a-w-   c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-04-29 00:43 . 2013-05-10 04:56   12625408   ----a-w-   c:\windows\SysWow64\wmploc.DLL
2014-04-29 00:43 . 2013-05-10 05:56   14631424   ----a-w-   c:\windows\system32\wmp.dll
2014-04-29 00:43 . 2013-10-30 02:32   335360   ----a-w-   c:\windows\system32\msieftp.dll
2014-04-29 00:43 . 2013-10-30 02:19   301568   ----a-w-   c:\windows\SysWow64\msieftp.dll
2014-04-29 00:42 . 2014-01-28 02:32   228864   ----a-w-   c:\windows\system32\wwansvc.dll
2014-04-29 00:42 . 2013-03-19 05:53   48640   ----a-w-   c:\windows\system32\wwanprotdim.dll
2014-04-29 00:39 . 2014-04-29 00:39   --------   d-----w-   c:\windows\Migration
2014-04-29 00:37 . 2013-11-23 18:26   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2014-04-29 00:33 . 2014-04-14 02:24   465408   ----a-w-   c:\windows\system32\aepdu.dll
2014-04-29 00:33 . 2014-04-14 02:19   424448   ----a-w-   c:\windows\system32\aeinv.dll
2014-04-29 00:33 . 2013-08-05 02:25   155584   ----a-w-   c:\windows\system32\drivers\ataport.sys
2014-04-29 00:25 . 2012-11-22 05:44   800768   ----a-w-   c:\windows\system32\usp10.dll
2014-04-29 00:24 . 2013-11-26 11:40   376768   ----a-w-   c:\windows\system32\drivers\netio.sys
2014-04-29 00:24 . 2014-02-04 02:28   2048   ----a-w-   c:\windows\system32\iologmsg.dll
2014-04-29 00:24 . 2014-02-04 02:00   2048   ----a-w-   c:\windows\SysWow64\iologmsg.dll
2014-04-29 00:24 . 2014-02-04 02:35   190912   ----a-w-   c:\windows\system32\drivers\storport.sys
2014-04-29 00:24 . 2014-02-04 02:35   274880   ----a-w-   c:\windows\system32\drivers\msiscsi.sys
2014-04-29 00:24 . 2014-02-04 02:35   27584   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2014-04-29 00:23 . 2013-05-10 05:49   30720   ----a-w-   c:\windows\system32\cryptdlg.dll
2014-04-29 00:23 . 2013-05-10 03:20   24576   ----a-w-   c:\windows\SysWow64\cryptdlg.dll
2014-04-29 00:19 . 2013-01-24 06:01   223752   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2014-04-29 00:15 . 2014-01-24 02:37   1684928   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2014-04-29 00:15 . 2014-02-04 02:32   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2014-04-29 00:15 . 2014-02-04 02:04   1230336   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2014-04-29 00:15 . 2013-08-28 01:12   461312   ----a-w-   c:\windows\system32\scavengeui.dll
2014-04-28 11:47 . 2014-04-28 11:47   --------   d-----w-   c:\programdata\McAfee
2014-04-28 03:26 . 2014-04-28 03:26   --------   d-----w-   c:\windows\ERUNT
2014-04-26 22:27 . 2010-08-30 12:34   536576   ----a-w-   c:\windows\SysWow64\sqlite3.dll
2014-04-26 22:26 . 2014-04-28 11:42   --------   d-----w-   C:\AdwCleaner
2014-04-26 21:21 . 2013-09-20 14:49   21040   ----a-w-   c:\windows\system32\sdnclean64.exe
2014-04-26 21:21 . 2014-05-11 19:06   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2014-04-26 21:21 . 2014-05-09 14:09   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-24 23:46 . 2014-04-24 23:46   --------   d-----w-   c:\users\Kris\AppData\Roaming\Malwarebytes
2014-04-24 21:35 . 2014-04-25 18:39   --------   d-----w-   c:\programdata\WPM
2014-04-24 21:35 . 2014-04-24 21:35   --------   d-----w-   c:\program files (x86)\MSR
2014-04-24 21:34 . 2014-04-26 18:10   --------   d-----w-   c:\users\Ruin\AppData\Roaming\Wise
2014-04-19 14:46 . 2014-02-20 18:17   1031560   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D498CCEF-5B83-4B80-8E22-242170DE58D7}\gapaengine.dll
2014-04-18 19:01 . 2014-04-18 19:01   237336   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2014-04-18 18:20 . 2014-04-28 23:52   --------   d-----w-   c:\users\Ruin\AppData\Local\ElevatedDiagnostics
2014-04-17 23:07 . 2014-04-17 23:07   --------   d-----w-   c:\program files (x86)\WinISD
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 10:33 . 2012-04-23 21:59   692400   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-08 10:33 . 2012-02-28 00:51   70832   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 16:38 . 2011-11-22 08:45   90655440   ----a-w-   c:\windows\system32\MRT.exe
2014-03-31 20:20 . 2014-03-31 20:20   274200   ----a-w-   c:\windows\system32\drivers\avgtdia.sys
2014-03-31 20:06 . 2014-03-31 20:06   130840   ----a-w-   c:\windows\system32\drivers\avgmfx64.sys
2014-03-28 02:14 . 2014-03-28 02:14   192792   ----a-w-   c:\windows\system32\drivers\avgidsha.sys
2014-03-28 02:14 . 2014-03-28 02:14   153368   ----a-w-   c:\windows\system32\drivers\avgdiska.sys
2014-03-28 02:07 . 2014-03-28 02:07   236824   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
2014-03-28 02:05 . 2014-03-28 02:05   324376   ----a-w-   c:\windows\system32\drivers\avgloga.sys
2014-03-28 02:03 . 2014-03-28 02:03   32536   ----a-w-   c:\windows\system32\drivers\avgrkx64.sys
2014-03-11 13:52 . 2011-04-27 20:25   133928   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 14:35 . 2014-03-15 16:53   18302384   ----a-w-   c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-03-15 16:53   15783992   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-15 16:53   9728064   ----a-w-   c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-15 16:53   9690424   ----a-w-   c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-15 16:53   892704   ----a-w-   c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-15 16:53   877856   ----a-w-   c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-15 16:53   863064   ----a-w-   c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-15 16:53   846168   ----a-w-   c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-15 16:53   31474976   ----a-w-   c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-15 16:53   3143456   ----a-w-   c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-15 16:53   2958792   ----a-w-   c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-15 16:53   2783008   ----a-w-   c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-15 16:53   2411976   ----a-w-   c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-15 16:53   23716640   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-15 16:53   1885472   ----a-w-   c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-15 16:53   17755424   ----a-w-   c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-15 16:53   1516488   ----a-w-   c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-15 16:53   12708128   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-15 16:53   11636176   ----a-w-   c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-15 16:53   11589272   ----a-w-   c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-03-15 16:53   25255256   ----a-w-   c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-15 16:53   17561544   ----a-w-   c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2012-05-13 18:44   14709720   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-05-13 18:44   2715264   ----a-w-   c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2011-06-21 10:06   3093280   ----a-w-   c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2011-06-05 23:27   6714312   ----a-w-   c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2011-06-05 23:27   3497816   ----a-w-   c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2011-06-05 23:28   922968   ----a-w-   c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2011-06-05 23:28   2558808   ----a-w-   c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2011-05-06 17:47   64968   ----a-w-   c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2011-06-05 23:28   386336   ----a-w-   c:\windows\system32\nvmctray.dll
2014-03-04 11:32 . 2014-03-15 17:01   599840   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-09 22:02   362496   ----a-w-   c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 22:02   243712   ----a-w-   c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 22:02   13312   ----a-w-   c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 22:02   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 22:02   1163264   ----a-w-   c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 22:02   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 22:02   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 22:02   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 22:02   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 22:02   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 22:02   2048   ----a-w-   c:\windows\SysWow64\user.exe
2014-03-02 23:24 . 2014-03-15 16:53   451872   ----a-w-   c:\windows\system32\drivers\nvstusb.sys
2014-03-02 23:24 . 2014-03-15 16:53   1540384   ----a-w-   c:\windows\system32\nvir3dgenco6420182.dll
2014-02-20 18:17 . 2012-02-12 23:45   1031560   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-2-23 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-3-2 2745760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

R3 usbezdisplay64;DisplayPal USB;c:\windows\system32\drivers\usbezdisplay64.sys;c:\windows\SYSNATIVE\drivers\usbezdisplay64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe

S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys

S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys

S3 subvgaproductmirr64;subvgaproductmirr64;c:\windows\system32\DRIVERS\subvgamirr64.sys;c:\windows\SYSNATIVE\DRIVERS\subvgamirr64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-08 14:02   1078088   ----a-w-   c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:33]
.
2014-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-945427343-3262599008-1417490133-1001Core.job
- c:\users\Ruin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-29 03:02]
.
2014-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-945427343-3262599008-1417490133-1001UA.job
- c:\users\Ruin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-29 03:02]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 10:26]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 10:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-OutfoxTV - c:\program files\OutfoxTV\OutfoxTV\DesktopContainer.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-e55b814e55744b76 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-11  15:35:20 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-11 19:35
.
Pre-Run: 170,843,488,256 bytes free
Post-Run: 171,710,353,408 bytes free
.
- - End Of File - - 01731CD6ABD97A666D14A28B22DCA242

*

Offline MBNxRotten

  • Bronze Member
  • 25
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #33 on: May 12, 2014, 06:37:15 PM »
so what do i next

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #34 on: May 12, 2014, 06:55:32 PM »
 :m  :o2
Sorry, somehow I have gotten totally out of sync with your postings.

If you look at the top of the combofix log you will see this as being removed, System Update kb70007. I totally missed it in the earlier DDS logs and other logs. I looked right over it because it appeared to be a standard update that Microsoft puts out. I was wrong, and should have looked at it closer. This appears to be be a virus of some kind that is being spread thru the gaming world. From your logs, you appear to be in that world. Have you downloaded an update or some kind of file used in one of those games from a other than reputable source? Several of the reports I have seen the users reported getting the infection after installing a game that they got thru a torrent download.

Anyway it appears to infect Firefox and Chrome browsers. It does not appear that you use Firefox. In chrome you need to backup your bookmarks and any other info you need from it. Then do a full uninstall of chrome, including your personal files and then reinstall it. Then restore your bookmarks and see if you still have the problem.

I promise to check for a response tonight.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline MBNxRotten

  • Bronze Member
  • 25
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #35 on: May 13, 2014, 10:04:33 AM »
yes i am in that world i havent Dled anything but my kids get on here from time to time so they could have not knowing but since ui ran combo fix everything went away no pop ups  no redirects nothing. and no worries about not seeing you help me a ton

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #36 on: May 13, 2014, 10:08:13 AM »
Are you having any other problems, or have any concerns? Or are you ready to do the cleanup and call this done?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline MBNxRotten

  • Bronze Member
  • 25
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #37 on: May 13, 2014, 10:27:54 AM »
ready for the cleanup and to be done :a

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #38 on: May 13, 2014, 11:46:22 AM »
Now  there are a few thing's you need to do to fully clean your system and keep it secure.

Run OTC
Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide
For XP use these instructions, Windows XP System Restore Guide
Reboot
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
 
Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 


Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


 MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. Download version 2. It is not the download button, but just underneath it. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline MBNxRotten

  • Bronze Member
  • 25
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #39 on: May 13, 2014, 01:42:33 PM »
thanks HOOV everything seems to be good on my end  thanks again

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] media player 12.2 update keeps popping up
« Reply #40 on: May 13, 2014, 04:59:13 PM »
You are welcome!

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!