[LiveBrianD]

There's nothing odd there. That said, what if you click 'show processes from all users'?

[ultra]

So this happened last night.



After I had trusted Malwarebytes that I was clean.

[ultra]

LiveBrianD, on 02 July 2012 - 09:51 AM, said:

There's nothing odd there. That said, what if you click 'show processes from all users'?

When I pressed to show all processes it got really really long.

http://imgur.com/a/Ri675

[LiveBrianD]

Strange - I don't see anything suspicious there. Also, this is a Toshiba machine, right? (I say this because TODDSrv.exe might be malicious otherwise http://www.file.net/...oddsrv.exe.html)

[ultra]

LiveBrianD, on 02 July 2012 - 11:01 AM, said:

Strange - I don't see anything suspicious there. Also, this is a Toshiba machine, right? (I say this because TODDSrv.exe might be malicious otherwise http://www.file.net/...oddsrv.exe.html)

Yea its a tochiba laptop and its not strange that a couple of the processes are repeated?

[LiveBrianD]

They're just different parts of the same program I guess. I was looking for processes that I'd never seen before.

[ultra]

now i just hope that it was picked up by super anti spyware cause im kinda out of ideas

[Flashorn]

Hey ultra !

Which version of Windows are you using and how much Ram (memory) is installed?

Could you run a scan with HijackThis (download .exe from here :http://sourceforge.net/projects/hjt/)

No install, just Right Click the .exe and choose "Run as Administrator" .

When the program comes up, click on the "Do a system scan and save a logfile"

Notepad will open and you can save the logfile on your Desktop. Open the Notepad file
and Copy and Paste the results in your next post please.

BTW, you have allot of useless background processes running. Most don't need to run
like, the updaters for Java and DivX among others that take up unnecessary resources.



FLASHORN.

[ultra]

i got this as the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:43 PM, on 7/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Greenshot\Greenshot.exe
C:\Users\UltraVicious\AppData\Local\Akamai\netsession_win.exe
C:\Users\UltraVicious\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Users\UltraVicious\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PowerMenu\PowerMenu.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy

\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases

\0.0.0.158\deploy\LolClient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\UltraVicious\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows

\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-

30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:

\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> -

{326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus

Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:

\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:

\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:

\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:

\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} -

C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA

USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files

\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe

\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update

\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe

\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java

\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Greenshot] "C:\Program Files (x86)\Greenshot\Greenshot.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\UltraVicious\AppData\Local

\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware

\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = UltraVicious\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: PowerMenu.lnk = C:\Program Files (x86)\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google

\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft

shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft

shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A70C35D8-2DD3-4294-B04D-

7178E5A68EBF}: NameServer = 192.168.25.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program

Files (x86)\NavNetApp\ComUtilities.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program

Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program

Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) -

Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:

\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files

\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software

\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour

\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA

CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files

(x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files (x86)\Connectify

\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:

\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:

\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation

- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service

(LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine

Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation -

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows

\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown

owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown

owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown

owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner

- C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files

(x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:

\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows

\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA

\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:

\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program

Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files

\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program

Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files

\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown

owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service

(UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine

Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:

\windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:

\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows

\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:

\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:

\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown

owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) -

Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file

missing)

--
End of file - 15238 bytes

[ultra]

and i have Win 7 Home Premium with 4 gigs of ram.

[LiveBrianD]

This is bizarre - I don't see anything abnormal in there.

[Flashorn]

Hey ultra !

Well, I can see a few things that might not be where they are supposed to be or at least, not supposed to there at all.

Are there any programs or services that are Not working properly like the Windows Firewall (if this is what you use) ?

Are you being Redirected to any other sites than the ones you choose to visit?

Do you have CCleaner installed ??
IF not then, I recommend you install it and clean out the Temps files and other files that are taking up space.
Download from here : Piriform.com

Leave all Default check boxes check marked.



Once done could you run this .exe from Dr.WebCureIt please . Right Click and run "As Administrator") http://majorgeeks.co...eIT_d4783.html.

After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet.
Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
Once the short scan has finished, Click on the Complete scan radio button. (will take some time, be patient)


Also, it might be a good idea to run this .exe to see if all of your programs are up to date:

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

For now, try these programs and post the logs from them.


FLASHORN.

This post has been edited by Flashorn: 04 July 2012 - 03:42 AM

[ultra]

Flashorn, on 04 July 2012 - 03:21 AM, said:

Once done could you run this .exe from Dr.WebCureIt please . Right Click and run "As Administrator") http://majorgeeks.co...eIT_d4783.html.

After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet.
Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
Once the short scan has finished, Click on the Complete scan radio button. (will take some time, be patient)

FLASHORN.

No i dont get any redirects to any sites

and that web cure it link you gave me doesnt work.

i just ran ccleaner and it cleaned a bunch of stuff.

[Flashorn]

Hey ultra !

Sorry about the link.
Here is the link to MajorGeeks.com http://www.majorgeeks.com/
In the middle of the page , on the Left hand side, you can search for DrWebCureIt.
I could give you the direct link to their web site but, in order to download the free
version of this scanner, they will ask for an email address. I don't believe this is
necessary. On MajorGeeks, you just click on the download link Download@Author's Site
and the download starts immediately. (OK, this link above should work. It will bring you to MajorGeeks.
and the download should start after a second or two)
I will tell you that this is a hefty download
at 82MB but, you don't install it. Just follow the instructions I gave earlier. You can delete the .ex once finished
as it is updated on a daily basis from the authors.

One of the questions I asked was :
Are there any programs or services that are Not working properly like the Windows Firewall (if this is what you use) ?
Could you answer this question please.

IF you use Firefox as a browser, could you go to Tools > Add-Ons > Plugins. On the top
left , you should see "Check to see if your Plugins are up-to-date".
Click on it and Firefox will open another tab from their site and verify that the Plugins are
up-to-date. IF not, there will be an icon on the right hand side that says "Update" in Yellow.
Update as many as needed. Please inform me which ones were updated.
IF by any chance, your Adobe Reader (if you have it installed) has to be updated,
when you click on the "Update" button on Firefox' site, it will automatically direct you to the
Adobe site where you can download the latest version. The same goes for Java and Flash Player.
Make sure that, when you download the Adobe update, to Uncheck the check box already check marked
to have McAfee scan your PC. This is NOT necessary, and the service will run in the background
adding to the processes
These Plugins are all vulnerable to infection and are updated often. If Java has to be updated
please Remove ALL the Old version(s) BEFORE installing the new one.

I would also like to see your Startup programs (when you start Windows). You can access those by
opening CCleaner and in TOOLS by clicking on "Startup" . It might take a few seconds to display.
Could I ask you to take a screen shot of the Startup programs please and post in your next reply.

I will ask you to run a few other programs latter on (if you wish) but, for now, please perform these tasks.

Any questions or concerns, feel free to ask.



FLASHORN.

This post has been edited by Flashorn: 06 July 2012 - 02:03 PM

[ultra]

As far as i can tell all my programs are working fine.

i did everything you told me to and I have this to show.

Quote

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.1
Java™ 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

as far as i knew that was the latest java. i had just installed it like 20 mins prior

///////////////////////////////////////////////////////////////////////////////////////////////

Quote

Yes HKCU:Run Greenshot "C:\Program Files (x86)\Greenshot\Greenshot.exe"
Yes HKCU:Run AdobeBridge
Yes HKCU:Run Akamai NetSession Interface "C:\Users\UltraVicious\AppData\Local\Akamai\netsession_win.exe"
Yes HKCU:Run PeerBlock C:\Program Files\PeerBlock\peerblock.exe
Yes HKCU:Run RocketDock "C:\Program Files (x86)\RocketDock\RocketDock.exe"
No HKCU:Run Connectify C:\Program Files (x86)\Connectify\Connectify.exe
Yes HKCU:Run SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKCU:Run Messenger (Yahoo!) "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
No HKCU:Run SpeedUpMyPC "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
No HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKLM:Run TUSBSleepChargeSrv %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Yes HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run AdobeCS5ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
Yes HKLM:Run SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run avast "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Yes HKLM:Run DivXUpdate "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Yes HKLM:Run GrooveMonitor "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Yes HKLM:Run HP Software Update C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run IgfxTray C:\windows\system32\igfxtray.exe
Yes HKLM:Run HotKeysCmds C:\windows\system32\hkcmd.exe
Yes HKLM:Run Persistence C:\windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run AdobeAAMUpdater-1.0 "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run DRtray H:\Data Recovery Kit\DRtray.exe
No HKLM:Run 00TCrdMain %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
No HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
No HKLM:Run AdobeCS4ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
No HKLM:Run Desktop Disc Tool "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
No HKLM:Run HSON %ProgramFiles%\TOSHIBA\TBS\HSON.exe
No HKLM:Run iTunesHelper "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
No HKLM:Run Microsoft Default Manager "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
No HKLM:Run MSN Toolbar "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
No HKLM:Run SmartFaceVWatcher %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
No HKLM:Run SmoothView %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
No HKLM:Run Teco "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
No HKLM:Run ThpSrv C:\windows\system32\thpsrv /logon
No HKLM:Run ToshibaServiceStation "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
No HKLM:Run TosNC %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
No HKLM:Run TosReelTimeMonitor %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
No HKLM:Run TosSENotify C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
No HKLM:Run TosWaitSrv %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
No HKLM:Run TPwrMain %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
No HKLM:Run TWebCamera "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
Yes Startup User PowerMenu.lnk C:\Program Files (x86)\PowerMenu\PowerMenu.exe
No Startup User PdaNet Desktop.lnk C:\PROGRA~2\PDANET~1\PdaNetPC.exe

that speedupmypc this i dont remember having seen that before.

////////////////////////////////////////////////////////////////////////////

I had this for my plugins and update all that I could.



Thank You Very Much For All The Help

[coastie65]

ultra, on 02 July 2012 - 10:34 AM, said:

So this happened last night.



After I had trusted Malwarebytes that I was clean.

Hi. As far as this goes, just qurantine them, but don't remove them and see how things go. If The Machine runs fine then you can remove them, if not then you can put them back from Quarantine.

[Flashorn]

Hey ultra !

You're welcome.

Now, I gave your startup entries a look see and following, are the comments I have :
I have commented after the string. //

(did not bother with the NO ones but, did take a look at them just the same)


Yes HKCU:Run Greenshot "C:\Program Files (x86)\Greenshot\Greenshot.exe.// Dos not need to startup

Yes HKCU:Run AdobeBridge.// Not sure of this one. Can't seem to find any relative info. You could disable and see if it affects the CS5 (which I believe you have installed).

Yes HKCU:Run Akamai NetSession Interface "C:\Users\UltraVicious\AppData\Local\Akamai\netsession_win.exe". // Please disable. This might be the one that is giving you problems. IF you don't get any more Pop-Ups after disabling, I would suggest you Delete it.

Yes HKCU:Run PeerBlock C:\Program Files\PeerBlock\peerblock.exe . // I'm Not here to judge. LOL!

Yes HKCU:Run RocketDock "C:\Program Files (x86)\RocketDock\RocketDock.exe". // Do you still use? If so , leave it be. IF not, uninstall or disable

Yes HKCU:Run SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe . // IF you use th PRO version then, leave it. Otherwise, it can be disabled as the free version starts manually.

No HKCU:un SpeedUpMyPC "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000.// Please Uninstall!!

No HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe". // IF you don't use this ToolBar, Uninstall

Yes HKLM:Run TUSBSleepChargeSrv%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe // Do you use to charge iPod or some other battery operated device? This could also be charging your notebook's battery while in Sleep mode.

Yes HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe // Do you have a Raid config installed on this PC? If not then, disable it on Startup.

Yes HKLM:Run AdobeCS5ServiceManager "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin. // Does not need to start with bootup.

Yes HKLM:Run SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe // Probably not needed on startup. You can disable but, if needed then, re-enable.

Yes HKLM:Run DivXUpdate "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW, // Does not need to startup.

Yes HKLM:Run HP Software Update C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe // Does not need to starup. You can check for updates when opening the program.

Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe". // Not needed on startup. Check with Firefox for updates.

Yes HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe".// Does not need to startup. Check with Firefox for updates.

Yes HKLM:Run IgfxTray C:\windows\system32\igfxtray.exe.// Does not need to startup BUT, you might like to change your Hot Key settings via this Tray Module. Up to You!!

Yes HKLM:Run HotKeysCmds C:\windows\system32\hkcmd.exe . // Not needed on Startup.

Yes HKLM:Run Persistence C:\windows\system32\igfxpers.exe. // Up to you. You could disable it and see if this has any effect on the Intel integrated graphics.

Yes HKLM:Run SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe .// Disable "only" IF you don't use the Touch Pad.

Yes HKLM:Run AdobeAAMUpdater-1.0 "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe". // Disable. Typically, infrequently used tasks that can be started manually if necessary.

Yes HKLM:Run DRtray H:\Data Recovery Kit\DRtray.exe . // Do you still use this utility program? I believe from Spotmau. IF not uninstall program or Disable entry.

Yes Startup User PowerMenu.lnk C:\Program Files (x86)\PowerMenu\PowerMenu.exe . // Do you still use this program? IF not uninstall or disable from startup.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

These are my findings for your startup menu. All of these can be re-enabled IF you find some to be of value.

Quote

as far as i knew that was the latest java. i had just installed it like 20 mins prior

I usually do a restart before running a diagnostic program. I forgot to mention it .Sorry.

I would still like to have you run a few other programs if you don't mind, after you review my comments on your startup.

Please give me an account of your PCs performance in your next reply.

Did you run DrWebCureIt ? and did it find anything.?

One more thing, Go To > Control Panel > Java. Click (or double click) on the icon. A Java screen will appear.
Bottom Button : Settings. Click on it.

A second screen will appear. At the top of this screen, ""Uncheck"" the box marked "Keep Temporary Files on my Computer". The rest of the screen will dull.This is only another place for malware to hide.
On that same screen, on the bottom, click on the "Delete Files" button. yet another screen will appear. Make sure that at least the first box is check marked. All three would be better.
Now, click on the OK button on the first two of the three screens and the "Apply" button then OK , on the last one.

You can run CCleaner once more to delete all those Java and Adobe update Temps Files.



Please post your questions and concerns in your next reply.


FLASHORN.

[ultra]

coastie65, on 07 July 2012 - 06:22 AM, said:

Hi. As far as this goes, just qurantine them, but don't remove them and see how things go. If The Machine runs fine then you can remove them, if not then you can put them back from Quarantine.

i kinda removed them all already since they came up when i scanned it.

Flashorn, on 07 July 2012 - 06:47 AM, said:

I would still like to have you run a few other programs if you don't mind, after you review my comments on your startup.

Please give me an account of your PCs performance in your next reply.

Did you run DrWebCureIt ? and did it find anything.?

Please post your questions and concerns in your next reply.


FLASHORN.

I did everything youve told me. I ran Dr. Webcureit and nothing came up. As Far as performance i think it is running better but then again it may just feel that way cause im expecting it to be better after everything youve told me to do. I kinda feel that super anti found it but im not sure. I need to let my laptop just sit there to see if its gone.

Thank You Again.

[ultra]

nvm i spoke too soon, it just showed up again.



and now this showed up after i did the start up changes and restarted

http://i.imgur.com/SPP5G.png

[Flashorn]

Hey ultra !

That's just the Windows installer and it's the right version. Don't know why it would pop-up without having called upon it but, if you pressed on the OK button, all should be fine.
If it happens again, I will then have you run one of the programs I have in mind. Just to be on the safe side, can you install any programs without getting any errors? The startup
entries I recommended you disable can always be re-enabled but, I can't see this being a factor with the Windows Installer. These have nothing in common.

I was going to ask you to run another program but, I have a few questions first.

1) When this happens (the pop-up) are you always on the Net (connected)??
IF yes then, try to disconnect and play around for a while and see if it comes up
again.

2) Do you have another user account on that notebook? If not then, create one
(as admin) and see if this pop-up comes up.

Let me know how it goes. If you have any other questions, feel free to ask.

One more thing before I go, have you ever defragged the hard drive??
and how often ?


FLASHORN.

This post has been edited by Flashorn: 08 July 2012 - 04:57 AM