Author Topic: [Inactive] spyware possibly?  (Read 3219 times)

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
[Inactive] spyware possibly?
« on: November 05, 2014, 06:22:17 PM »
due to my old hard drive being wonky (which I've help here before) we decided to change out hard drives. unfortunately now my facebook has been hacked so I'm not sure if affected my computer or not. just being cautious. Needless to say my facebook account will be closed asap

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by tigger max at 19:14:47 on 2014-11-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3963.2460 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CB1DA22A-E1B0-4A3C-832F-C1A9D07164F7} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-10-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-10-29 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-10-29 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-10-29 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-10-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-10-29 83280]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-29 50344]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k60x64.sys [2009-6-10 220672]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-11 129752]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-10-29 116728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-29 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-11 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-11 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-28 1255736]
.
=============== Created Last 30 ================
.
2014-11-05 22:41:42   --------   d-----w-   C:\Users\tigger max\AppData\Local\Apps
2014-11-05 22:41:41   --------   d-----w-   C:\Users\tigger max\AppData\Local\Deployment
2014-11-04 07:54:48   11627712   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B8A0254-80D4-481A-9B41-29429C903031}\mpengine.dll
2014-10-30 17:43:06   11627712   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-10-30 17:26:05   --------   d-----w-   C:\Users\tigger max\2014-10 (Oct)
2014-10-29 23:11:38   116728   ----a-w-   C:\Windows\System32\drivers\aswStm.sys
2014-10-29 23:11:37   267632   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2014-10-29 23:11:34   65776   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2014-10-29 23:11:31   83280   ----a-w-   C:\Windows\System32\drivers\aswmonflt.sys
2014-10-29 23:11:29   29208   ----a-w-   C:\Windows\System32\drivers\aswHwid.sys
2014-10-29 23:11:28   93568   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2014-10-29 23:11:22   1050432   ----a-w-   C:\Windows\System32\drivers\aswsnx.sys
2014-10-29 23:11:19   43152   ----a-w-   C:\Windows\avastSS.scr
2014-10-29 23:09:21   --------   d-----w-   C:\Program Files\AVAST Software
2014-10-29 23:08:19   --------   d-----w-   C:\ProgramData\AVAST Software
2014-10-29 20:48:00   7168   ----a-w-   C:\Windows\SysWow64\KBDYAK.DLL
2014-10-29 20:48:00   7168   ----a-w-   C:\Windows\System32\KBDYAK.DLL
2014-10-29 20:48:00   7168   ----a-w-   C:\Windows\System32\KBDBASH.DLL
2014-10-29 20:48:00   6656   ----a-w-   C:\Windows\SysWow64\KBDBASH.DLL
2014-10-29 20:09:14   --------   d-----w-   C:\Windows\Migration
2014-10-29 20:06:33   2560   ----a-w-   C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-10-29 20:05:43   87040   ----a-w-   C:\Windows\System32\drivers\WUDFPf.sys
2014-10-29 20:05:43   198656   ----a-w-   C:\Windows\System32\drivers\WUDFRd.sys
2014-10-29 20:05:42   84992   ----a-w-   C:\Windows\System32\WUDFSvc.dll
2014-10-29 20:05:42   194048   ----a-w-   C:\Windows\System32\WUDFPlatform.dll
2014-10-29 20:05:41   744448   ----a-w-   C:\Windows\System32\WUDFx.dll
2014-10-29 20:05:41   45056   ----a-w-   C:\Windows\System32\WUDFCoinstaller.dll
2014-10-29 20:05:41   229888   ----a-w-   C:\Windows\System32\WUDFHost.exe
2014-10-29 20:02:02   2777088   ----a-w-   C:\Windows\System32\msmpeg2vdec.dll
2014-10-29 20:02:02   2285056   ----a-w-   C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-29 20:00:48   1031168   ----a-w-   C:\Windows\System32\TSWorkspace.dll
2014-10-29 20:00:47   793600   ----a-w-   C:\Windows\SysWow64\TSWorkspace.dll
2014-10-29 20:00:35   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2014-10-29 20:00:35   2048   ----a-w-   C:\Windows\System32\tzres.dll
2014-10-29 20:00:11   3241472   ----a-w-   C:\Windows\System32\msi.dll
2014-10-29 20:00:11   2363904   ----a-w-   C:\Windows\SysWow64\msi.dll
2014-10-29 19:59:53   519680   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2014-10-29 19:59:53   371712   ----a-w-   C:\Windows\System32\qdvd.dll
2014-10-29 19:58:50   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2014-10-29 19:58:50   1987584   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2014-10-29 19:58:48   5703168   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-10-29 19:58:47   6584320   ----a-w-   C:\Windows\System32\mstscax.dll
2014-10-29 19:19:46   99480   ----a-w-   C:\Windows\SysWow64\infocardapi.dll
2014-10-29 19:19:46   619672   ----a-w-   C:\Windows\SysWow64\icardagt.exe
2014-10-29 19:19:46   171160   ----a-w-   C:\Windows\System32\infocardapi.dll
2014-10-29 19:19:46   1389208   ----a-w-   C:\Windows\System32\icardagt.exe
2014-10-29 19:19:44   8856   ----a-w-   C:\Windows\SysWow64\icardres.dll
2014-10-29 19:19:44   8856   ----a-w-   C:\Windows\System32\icardres.dll
2014-10-29 19:19:20   35480   ----a-w-   C:\Windows\SysWow64\TsWpfWrp.exe
2014-10-29 19:19:20   35480   ----a-w-   C:\Windows\System32\TsWpfWrp.exe
2014-10-29 19:18:05   801280   ----a-w-   C:\Windows\System32\usp10.dll
2014-10-29 19:18:05   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2014-10-29 19:18:04   3198976   ----a-w-   C:\Windows\System32\win32k.sys
2014-10-29 19:16:59   812736   ----a-w-   C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-29 19:14:39   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2014-10-29 19:13:59   504320   ----a-w-   C:\Windows\System32\msihnd.dll
2014-10-29 19:13:59   337408   ----a-w-   C:\Windows\SysWow64\msihnd.dll
2014-10-29 19:13:59   1941504   ----a-w-   C:\Windows\System32\authui.dll
2014-10-29 19:13:59   1805824   ----a-w-   C:\Windows\SysWow64\authui.dll
2014-10-29 19:13:59   112064   ----a-w-   C:\Windows\System32\consent.exe
2014-10-29 19:13:40   404480   ----a-w-   C:\Windows\System32\gdi32.dll
2014-10-29 19:13:40   311808   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2014-10-29 19:13:37   664064   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2014-10-29 19:13:37   1216000   ----a-w-   C:\Windows\System32\rpcrt4.dll
2014-10-29 19:13:35   77312   ----a-w-   C:\Windows\System32\packager.dll
2014-10-29 19:13:35   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2014-10-29 19:13:30   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-29 19:13:30   701104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-29 19:06:33   --------   d-----w-   C:\Program Files\iPod
2014-10-29 19:06:32   --------   d-----w-   C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-29 19:06:32   --------   d-----w-   C:\Program Files\iTunes
2014-10-29 19:06:32   --------   d-----w-   C:\Program Files (x86)\iTunes
2014-10-29 18:46:55   2620928   ----a-w-   C:\Windows\System32\wucltux.dll
2014-10-29 18:46:35   97792   ----a-w-   C:\Windows\System32\wudriver.dll
2014-10-29 18:46:35   92672   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2014-10-29 18:45:30   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2014-10-29 18:45:30   33792   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2014-10-29 18:45:30   198600   ----a-w-   C:\Windows\System32\wuwebv.dll
2014-10-29 18:45:30   179656   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2014-10-29 18:43:58   --------   d-----w-   C:\SUPERDelete
.
==================== Find3M  ====================
.
2014-11-05 22:29:53   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-28 10:34:58   275080   ------w-   C:\Windows\System32\MpSigStub.exe
2014-10-01 15:11:26   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-09-25 22:32:04   2017280   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02   2108416   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03   547328   ----a-w-   C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27   83968   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57   5829632   ----a-w-   C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12   4201472   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09   758272   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47   72704   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07   454656   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40   61952   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31   597504   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18   2309632   ----a-w-   C:\Windows\System32\wininet.dll
2014-09-19 00:18:55   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11   1810944   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-09-04 05:23:20   424448   ----a-w-   C:\Windows\System32\rastls.dll
2014-09-04 05:04:15   372736   ----a-w-   C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13   3179520   ----a-w-   C:\Windows\System32\rdpcorets.dll
2014-08-16 03:35:00   6112072   ----a-w-   C:\Windows\System32\usbaaplrc.dll
2014-08-16 03:35:00   54784   ----a-w-   C:\Windows\System32\drivers\usbaapl64.sys
2014-05-06 12:36:06   6103040   ----a-w-   C:\Program Files (x86)\GUTE4C3.tmp
.
============= FINISH: 19:15:16.92 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2013 8:05:01 PM
System Uptime: 11/5/2014 4:50:25 PM (3 hours ago)
.
Motherboard: Hewlett-Packard |  | 3032h
Processor: Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz | XU1 PROCESSOR | 1980/1333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 246.471 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_2E14&SUBSYS_3035103C&REV_03\3&21436425&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_2E14&SUBSYS_3035103C&REV_03\3&21436425&0&18
Service:
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_2E17&SUBSYS_3035103C&REV_03\3&21436425&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_2E17&SUBSYS_3035103C&REV_03\3&21436425&0&1B
Service:
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&AE8F725&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&AE8F725&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&AE8F725&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&AE8F725&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP72: 10/29/2014 4:48:18 PM - Windows Update
RP73: 10/29/2014 7:09:04 PM - avast! antivirus system restore point
RP74: 10/30/2014 2:07:02 PM - Installed LibreOffice 4.2.7.2
RP75: 11/4/2014 2:54:16 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 15 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avast Free Antivirus
Bejeweled 2 Deluxe 1.1
Bonjour
BufferChm
Copy
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
ESET Online Scanner v3
F2400
Google Chrome
Google Update Helper
GPBaseService2
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
iTunes
LibreOffice 4.2.7.2
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SolutionCenter
SpywareBlaster 5.0
Status
StudioTax 2013
SumatraPDF
SUPERAntiSpyware
Toolbox
TrayApp
WebReg
Zuma Deluxe 1.0.0.0
.
==== Event Viewer Messages From Past Week ========
.
10/29/2014 5:25:20 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2014 4:17:51 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
10/29/2014 3:51:00 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
10/29/2014 3:50:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/29/2014 3:50:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/29/2014 3:50:54 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/29/2014 3:50:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2014 3:50:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/29/2014 3:50:42 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
10/29/2014 3:50:40 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/29/2014 3:50:40 PM, Error: Microsoft Antimalware [3002]  -
10/29/2014 3:47:37 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
10/29/2014 3:47:37 PM, Error: Service Control Manager [7000]  - The avast! Antivirus service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2014 3:11:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.187.860.0).
10/29/2014 2:41:25 PM, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  The authentication service is unknown.
.
==== End Of File ===========================

« Last Edit: November 05, 2014, 09:35:45 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: spyware possibly?
« Reply #1 on: November 05, 2014, 09:44:06 PM »
It is Hoov again.

First, lets deal with the Facebook issue. Go to a clean computer and take a look at this page. The very first item will tell you how to deal with that. While facebook is working on that, we can press on with your computer.

I do see a few errors, so please follow the instructions below. Have you noticed any problems with the computer, anything at all?

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] spyware possibly?
« Reply #2 on: November 06, 2014, 07:13:15 AM »
after my last adventure with the other hard drive (still kept getting errors) we switched hard drives. this is the new one. fb didn't help so I'm closing down the account this afternoon. here is the combofix

ComboFix 14-10-29.01 - tigger max 11/06/2014   8:02.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3963.2848 [GMT -5:00]
Running from: c:\users\tigger max\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-06 to 2014-11-06  )))))))))))))))))))))))))))))))
.
.
2014-11-06 13:07 . 2014-11-06 13:07   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2014-11-06 13:07 . 2014-11-06 13:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-11-06 10:28 . 2014-11-06 10:28   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8A0254-80D4-481A-9B41-29429C903031}\offreg.dll
2014-11-05 22:41 . 2014-11-05 22:41   --------   d-----w-   c:\users\tigger max\AppData\Local\Apps
2014-11-05 22:41 . 2014-11-05 22:41   --------   d-----w-   c:\users\tigger max\AppData\Local\Deployment
2014-11-04 07:54 . 2014-10-20 07:37   11627712   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8A0254-80D4-481A-9B41-29429C903031}\mpengine.dll
2014-10-30 17:26 . 2014-10-30 17:27   --------   d-----w-   c:\users\tigger max\2014-10 (Oct)
2014-10-29 23:11 . 2014-10-29 23:11   116728   ----a-w-   c:\windows\system32\drivers\aswStm.sys
2014-10-29 23:11 . 2014-10-29 23:11   267632   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2014-10-29 23:11 . 2014-10-29 23:11   436624   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2014-10-29 23:11 . 2014-10-29 23:11   65776   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2014-10-29 23:11 . 2014-11-01 14:05   83280   ----a-w-   c:\windows\system32\drivers\aswmonflt.sys
2014-10-29 23:11 . 2014-10-29 23:11   29208   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2014-10-29 23:11 . 2014-10-29 23:11   93568   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2014-10-29 23:11 . 2014-11-01 14:05   1050432   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2014-10-29 23:11 . 2014-10-29 23:11   364512   ----a-w-   c:\windows\system32\aswBoot.exe
2014-10-29 23:11 . 2014-10-29 23:11   43152   ----a-w-   c:\windows\avastSS.scr
2014-10-29 23:09 . 2014-10-29 23:09   --------   d-----w-   c:\program files\AVAST Software
2014-10-29 23:08 . 2014-10-29 23:09   --------   d-----w-   c:\programdata\AVAST Software
2014-10-29 20:48 . 2014-07-09 02:03   7168   ----a-w-   c:\windows\system32\KBDYAK.DLL
2014-10-29 20:48 . 2014-07-09 02:03   7168   ----a-w-   c:\windows\system32\KBDTAT.DLL
2014-10-29 20:48 . 2014-07-09 02:03   7168   ----a-w-   c:\windows\system32\KBDRU1.DLL
2014-10-29 20:48 . 2014-07-09 02:03   6656   ----a-w-   c:\windows\system32\KBDRU.DLL
2014-10-29 20:48 . 2014-07-09 02:03   7168   ----a-w-   c:\windows\system32\KBDBASH.DLL
2014-10-29 20:48 . 2014-07-09 01:31   7168   ----a-w-   c:\windows\SysWow64\KBDYAK.DLL
2014-10-29 20:48 . 2014-07-09 01:31   6656   ----a-w-   c:\windows\SysWow64\KBDBASH.DLL
2014-10-29 20:09 . 2014-10-29 20:09   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2014-10-29 20:09 . 2014-10-29 20:09   --------   d-----w-   c:\windows\Migration
2014-10-29 20:06 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-10-29 20:05 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2014-10-29 20:05 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2014-10-29 20:05 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2014-10-29 20:05 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2014-10-29 20:05 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2014-10-29 20:05 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2014-10-29 20:05 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2014-10-29 20:02 . 2014-06-27 02:08   2777088   ----a-w-   c:\windows\system32\msmpeg2vdec.dll
2014-10-29 20:02 . 2014-06-27 01:45   2285056   ----a-w-   c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-29 20:00 . 2014-08-01 11:53   1031168   ----a-w-   c:\windows\system32\TSWorkspace.dll
2014-10-29 20:00 . 2014-08-01 11:35   793600   ----a-w-   c:\windows\SysWow64\TSWorkspace.dll
2014-10-29 20:00 . 2014-09-09 22:11   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-10-29 20:00 . 2014-09-09 21:47   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-10-29 20:00 . 2014-09-18 02:00   3241472   ----a-w-   c:\windows\system32\msi.dll
2014-10-29 20:00 . 2014-09-18 01:32   2363904   ----a-w-   c:\windows\SysWow64\msi.dll
2014-10-29 19:59 . 2014-09-25 02:08   371712   ----a-w-   c:\windows\system32\qdvd.dll
2014-10-29 19:59 . 2014-09-25 01:40   519680   ----a-w-   c:\windows\SysWow64\qdvd.dll
2014-10-29 19:58 . 2014-06-24 03:29   2565120   ----a-w-   c:\windows\system32\d3d10warp.dll
2014-10-29 19:58 . 2014-06-24 02:59   1987584   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2014-10-29 19:58 . 2014-09-05 01:52   5703168   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-10-29 19:58 . 2014-09-05 02:11   6584320   ----a-w-   c:\windows\system32\mstscax.dll
2014-10-29 19:58 . 2014-06-25 02:05   14175744   ----a-w-   c:\windows\system32\shell32.dll
2014-10-29 19:19 . 2014-03-09 21:48   171160   ----a-w-   c:\windows\system32\infocardapi.dll
2014-10-29 19:19 . 2014-03-09 21:48   1389208   ----a-w-   c:\windows\system32\icardagt.exe
2014-10-29 19:19 . 2014-03-09 21:47   99480   ----a-w-   c:\windows\SysWow64\infocardapi.dll
2014-10-29 19:19 . 2014-03-09 21:47   619672   ----a-w-   c:\windows\SysWow64\icardagt.exe
2014-10-29 19:19 . 2014-06-30 22:24   8856   ----a-w-   c:\windows\system32\icardres.dll
2014-10-29 19:19 . 2014-06-30 22:14   8856   ----a-w-   c:\windows\SysWow64\icardres.dll
2014-10-29 19:19 . 2014-06-06 06:16   35480   ----a-w-   c:\windows\SysWow64\TsWpfWrp.exe
2014-10-29 19:19 . 2014-06-06 06:12   35480   ----a-w-   c:\windows\system32\TsWpfWrp.exe
2014-10-29 19:18 . 2014-04-25 02:34   801280   ----a-w-   c:\windows\system32\usp10.dll
2014-10-29 19:18 . 2014-04-25 02:06   626688   ----a-w-   c:\windows\SysWow64\usp10.dll
2014-10-29 19:18 . 2014-09-29 00:58   3198976   ----a-w-   c:\windows\system32\win32k.sys
2014-10-29 19:16 . 2014-10-07 02:54   378552   ----a-w-   c:\windows\system32\iedkcs32.dll
2014-10-29 19:14 . 2014-03-26 14:44   2002432   ----a-w-   c:\windows\system32\msxml6.dll
2014-10-29 19:13 . 2014-06-03 10:02   112064   ----a-w-   c:\windows\system32\consent.exe
2014-10-29 19:13 . 2014-06-03 10:02   504320   ----a-w-   c:\windows\system32\msihnd.dll
2014-10-29 19:13 . 2014-06-03 10:02   1941504   ----a-w-   c:\windows\system32\authui.dll
2014-10-29 19:13 . 2014-06-03 09:29   337408   ----a-w-   c:\windows\SysWow64\msihnd.dll
2014-10-29 19:13 . 2014-06-03 09:29   1805824   ----a-w-   c:\windows\SysWow64\authui.dll
2014-10-29 19:13 . 2014-08-23 02:07   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-10-29 19:13 . 2014-08-23 01:45   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-10-29 19:13 . 2014-07-14 02:02   1216000   ----a-w-   c:\windows\system32\rpcrt4.dll
2014-10-29 19:13 . 2014-07-14 01:40   664064   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2014-10-29 19:13 . 2014-09-13 01:58   77312   ----a-w-   c:\windows\system32\packager.dll
2014-10-29 19:13 . 2014-09-13 01:40   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2014-10-29 19:13 . 2014-10-29 19:13   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-29 19:13 . 2014-10-29 19:13   701104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-29 19:06 . 2014-10-29 19:06   --------   d-----w-   c:\program files\iPod
2014-10-29 19:06 . 2014-10-29 19:08   --------   d-----w-   c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-29 19:06 . 2014-10-29 19:08   --------   d-----w-   c:\program files\iTunes
2014-10-29 19:06 . 2014-10-29 19:08   --------   d-----w-   c:\program files (x86)\iTunes
2014-10-29 18:46 . 2014-05-14 16:23   44512   ----a-w-   c:\windows\system32\wups2.dll
2014-10-29 18:46 . 2014-05-14 16:23   58336   ----a-w-   c:\windows\system32\wuauclt.exe
2014-10-29 18:46 . 2014-05-14 16:23   2477536   ----a-w-   c:\windows\system32\wuaueng.dll
2014-10-29 18:46 . 2014-05-14 16:21   2620928   ----a-w-   c:\windows\system32\wucltux.dll
2014-10-29 18:46 . 2014-05-14 16:23   38880   ----a-w-   c:\windows\system32\wups.dll
2014-10-29 18:46 . 2014-05-14 16:23   36320   ----a-w-   c:\windows\SysWow64\wups.dll
2014-10-29 18:46 . 2014-05-14 16:23   700384   ----a-w-   c:\windows\system32\wuapi.dll
2014-10-29 18:46 . 2014-05-14 16:23   581600   ----a-w-   c:\windows\SysWow64\wuapi.dll
2014-10-29 18:46 . 2014-05-14 16:20   97792   ----a-w-   c:\windows\system32\wudriver.dll
2014-10-29 18:46 . 2014-05-14 16:17   92672   ----a-w-   c:\windows\SysWow64\wudriver.dll
2014-10-29 18:45 . 2014-05-14 13:23   198600   ----a-w-   c:\windows\system32\wuwebv.dll
2014-10-29 18:45 . 2014-05-14 13:23   179656   ----a-w-   c:\windows\SysWow64\wuwebv.dll
2014-10-29 18:45 . 2014-05-14 13:20   36864   ----a-w-   c:\windows\system32\wuapp.exe
2014-10-29 18:45 . 2014-05-14 13:17   33792   ----a-w-   c:\windows\SysWow64\wuapp.exe
2014-10-29 18:43 . 2014-10-29 18:43   --------   d-----w-   C:\SUPERDelete
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-06 03:38 . 2014-04-11 11:42   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-28 10:34 . 2010-11-21 03:27   275080   ------w-   c:\windows\system32\MpSigStub.exe
2014-10-03 14:02 . 2013-08-28 01:30   103265616   ----a-w-   c:\windows\system32\MRT.exe
2014-10-01 15:11 . 2014-04-11 11:41   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11 . 2014-04-11 11:41   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11 . 2013-08-28 00:43   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-08-16 03:35 . 2014-08-16 03:35   6112072   ----a-w-   c:\windows\system32\usbaaplrc.dll
2014-08-16 03:35 . 2014-08-16 03:35   54784   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
2014-05-06 12:36 . 2014-05-06 12:36   6103040   ----a-w-   c:\program files (x86)\GUTE4C3.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-29 7767832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-01 5223016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

S0 aswRvrt;avast! Revert;

S0 aswVmm;avast! VM Monitor;

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys

S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k60x64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-05 22:43   1089352   ----a-w-   c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 22:42]
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 22:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-29 23:11   860984   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-06  08:09:10
ComboFix-quarantined-files.txt  2014-11-06 13:09
.
Pre-Run: 268,167,147,520 bytes free
Post-Run: 268,007,936,000 bytes free
.
- - End Of File - - F7C8BB1B8106BCD3EBE82AECAB32A5EB
A36C5E4F47E84449FF07ED3517B43A31

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware possibly?
« Reply #3 on: November 06, 2014, 10:55:05 AM »
Is the Facebook hack the only thing that has happened that points to a problem with the computer? I don't see anything suspicious.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] spyware possibly?
« Reply #4 on: November 06, 2014, 12:43:54 PM »
tried using a friends computer same thing happening so I guess I know what to do now. quick question though before I let you go...how would I get rid of a raid on a computer. somehow hubby put one on. he also wants to put a secondary hard drive in but its not being recognized. how would I go about that?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware possibly?
« Reply #5 on: November 06, 2014, 07:23:24 PM »
Which RAID version is being used? If there is only one drive in the system then RAID is not really being used.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] spyware possibly?
« Reply #6 on: November 07, 2014, 05:41:51 AM »
seriously have no idea. all I know is one is on it. maybe i'll get hubby to put it in this weekend and try and get rid of it myself

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware possibly?
« Reply #7 on: November 07, 2014, 08:52:52 PM »
Go to the control panel and then to the Admin Tools and then to Computer management and start that. On the left side you need to go to disk management. Now get a screenshot of that window and attach it to a reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] spyware possibly?
« Reply #8 on: November 08, 2014, 02:29:01 PM »
hi hoov. just wanted to let you know I'm going to be away for a couple of days. not feeling well and don't have the energy to tackle this computer. what I really want to do is take a sledge hammer to it but can't :( I should be back by Tuesday by the latest.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware possibly?
« Reply #9 on: November 08, 2014, 09:34:59 PM »
OK, let me know.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] spyware possibly?
« Reply #10 on: November 11, 2014, 06:57:32 PM »
sorry hoov. decided to take the computer in and see what is going on. hubby and I were getting so frustrated because this is our only computer since my laptop got destroyed and needed it. thanks for the help though!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware possibly?
« Reply #11 on: November 11, 2014, 07:19:52 PM »
Did they find anything, or did they reinstall windows?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

 

Click Here