Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow network connection, CBS log many errors, unfamiliar services.


  • This topic is locked This topic is locked
12 replies to this topic

#1 spoonman21

spoonman21

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 07 May 2013 - 03:30 AM

I have noticed very slow connection to internet seem something is stealing my bandwidth.  I have eliminated all other devices in home and still slow.  I did a sfc and it said it fixed some files but couldn't access log.  I have a service listed with HP in the name but has Microsoft listed as manufacturer.

 

Just a bunch of strange behavor from my PC.

 

Please help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by ShawnR at 3:11:14 on 2013-05-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.6257 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: AutorunsDisabled - <orphaned>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{594D24DE-4E2A-4C95-B68C-0AF9032ED07D} : NameServer = 208.67.220.220,4.2.2.1
TCP: Interfaces\{594D24DE-4E2A-4C95-B68C-0AF9032ED07D} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{913B45F4-FA01-4205-ADE4-2B868FA92545} : DHCPNameServer = 192.168.254.254
Filter: AutorunsDisabled - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: AutorunsDisabled - <Clsid value has no data>
x64-Notify: igfxcui - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPWXM32.DLL
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-24 02:29; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-03 22:45; support@lastpass.com; C:\Users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\extensions\support@lastpass.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-2 14456]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-12-21 213416]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-10 204288]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-12-21 139768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-10 13592]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 JohnDeereApexService;John Deere Apex Service;C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe [2013-4-10 47728]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-8 418376]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-10 2656536]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-2-8 352144]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-12 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-10 12289472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-8 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-4 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-4 208896]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-10 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-10 1145448]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/26 03:34:45;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-9-3 245264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-8 701512]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-8-12 194624]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-8-12 68160]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-9 169752]
S3 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-24 2413056]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 PORTMON;PORTMON;C:\Users\ShawnR\Desktop\Downloads\SysinternalsSuite\PORTMSYS.SYS [2013-5-2 28656]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-7 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-7 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-7 1255736]
S3 WsAudio_Device(1);WsAudio_Device(1);C:\Windows\System32\drivers\VirtualAudio1.sys [2013-4-21 31080]
S3 WsAudio_Device(2);WsAudio_Device(2);C:\Windows\System32\drivers\VirtualAudio2.sys [2013-4-21 31080]
S3 WsAudio_Device(3);WsAudio_Device(3);C:\Windows\System32\drivers\VirtualAudio3.sys [2013-4-21 31080]
S3 WsAudio_Device(4);WsAudio_Device(4);C:\Windows\System32\drivers\VirtualAudio4.sys [2013-4-21 31080]
S3 WsAudio_Device(5);WsAudio_Device(5);C:\Windows\System32\drivers\VirtualAudio5.sys [2013-4-21 31080]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2013-3-13 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2013-3-13 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2013-3-13 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2013-3-13 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2013-3-13 29288]
.
=============== Created Last 30 ================
.
2013-05-05 07:21:20    --------    d-----w-    C:\Program Files (x86)\Yahoo!
2013-05-05 02:58:31    --------    d-----w-    C:\ProgramData\InstallMate
2013-05-05 01:18:38    --------    d-----w-    C:\Program Files (x86)\DigiDNA
2013-05-02 07:36:07    86016    ----a-w-    C:\Windows\unvise32.exe
2013-05-02 07:36:01    --------    d-----w-    C:\Windows\OCS Resources
2013-05-02 07:35:51    --------    d-----w-    C:\Program Files\WxScopePlugin
2013-05-02 07:13:08    --------    d-----w-    C:\Users\ShawnR\AppData\Local\Brice_Lambson
2013-05-02 07:11:49    --------    d-----w-    C:\Program Files\Image Resizer for Windows
2013-05-02 07:11:49    --------    d-----w-    C:\Program Files (x86)\Image Resizer for Windows
2013-05-02 07:11:47    --------    d-----w-    C:\ProgramData\Package Cache
2013-04-23 23:12:37    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-21 07:08:00    31080    ----a-w-    C:\Windows\System32\drivers\VirtualAudio5.sys
2013-04-21 07:08:00    31080    ----a-w-    C:\Windows\System32\drivers\VirtualAudio4.sys
2013-04-21 07:08:00    31080    ----a-w-    C:\Windows\System32\drivers\VirtualAudio3.sys
2013-04-21 07:08:00    31080    ----a-w-    C:\Windows\System32\drivers\VirtualAudio2.sys
2013-04-21 07:08:00    31080    ----a-w-    C:\Windows\System32\drivers\VirtualAudio1.sys
2013-04-21 07:05:00    153600    ----a-w-    C:\Windows\SysWow64\WS_ATLMovie.dll
2013-04-21 05:47:55    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-21 05:47:34    --------    d-----w-    C:\Program Files\iPod
2013-04-21 05:47:32    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-21 05:47:32    --------    d-----w-    C:\Program Files\iTunes
2013-04-21 05:47:32    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-04-21 05:46:45    --------    d-----w-    C:\Program Files\Bonjour
2013-04-21 05:46:45    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-04-20 23:33:22    --------    d-----w-    C:\Users\ShawnR\AppData\Roaming\SumatraPDF
2013-04-20 23:33:21    --------    d-----w-    C:\Program Files (x86)\SumatraPDF
2013-04-20 03:06:33    --------    d-----w-    C:\Users\ShawnR\AppData\Roaming\DiskAid
2013-04-19 03:12:01    22360    ----a-w-    C:\Windows\SysWow64\X3DAudio1_7.dll
2013-04-19 03:10:29    --------    d-----w-    C:\Program Files (x86)\Farming Simulator 2013
2013-04-18 04:26:24    --------    d-----w-    C:\Users\ShawnR\AppData\Local\YummyInteractiveInc
2013-04-18 04:26:24    --------    d-----w-    C:\Users\ShawnR\AppData\Local\Yummy
2013-04-18 04:26:21    --------    d-----w-    C:\Users\ShawnR\AppData\Local\Yummy_Interactive_Inc
2013-04-18 04:25:46    --------    d-----w-    C:\Users\ShawnR\AppData\Local\Yummy Interactive Inc
2013-04-17 07:48:10    2560    ----a-w-    C:\Windows\_MSRSTRT.EXE
2013-04-16 23:46:25    96664    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-04-09 23:52:33    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-09 23:47:30    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-09 23:47:29    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-09 23:47:29    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-09 23:47:29    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-09 23:47:29    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-09 23:47:28    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-09 23:47:28    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-09 09:07:42    --------    d-----w-    C:\Users\ShawnR\AppData\Local\Innovative Solutions
2013-04-09 09:02:41    144896    ----a-w-    C:\Windows\System32\IntelOpenCL64.dll
2013-04-09 09:02:37    104448    ----a-w-    C:\Windows\SysWow64\IntelOpenCL32.dll
2013-04-09 08:13:46    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
.
==================== Find3M  ====================
.
2013-05-05 07:31:07    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-05 07:31:07    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-18 10:27:46    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-04-18 10:27:46    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-04-04 19:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-03 07:24:08    8140288    ----a-w-    C:\Windows\System32\Energy.scr
2013-03-26 08:30:43    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-03-26 08:30:42    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-03-26 08:30:42    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-03-22 15:14:30    279024    ----a-w-    C:\Windows\SysWow64\IntelCpHeciSvc.exe
2013-03-12 20:10:52    342528    ----a-w-    C:\Windows\System32\drivers\IntcDAud.sys
2013-03-12 20:10:52    16896    ----a-w-    C:\Windows\System32\IntcDAuC.dll
2013-03-12 20:10:24    116224    ----a-w-    C:\Windows\System32\igfxCoIn_v3062.dll
2013-03-12 06:10:56    282744    ------w-    C:\Windows\System32\MpSigStub.exe
2013-03-09 00:06:48    575488    ----a-w-    C:\Windows\System32\igfx11cmrt64.dll
2013-03-09 00:06:48    542720    ----a-w-    C:\Windows\SysWow64\igfx11cmrt32.dll
2013-03-09 00:06:48    3511296    ----a-w-    C:\Windows\System32\igfxcmjit64.dll
2013-03-09 00:06:48    3121152    ----a-w-    C:\Windows\SysWow64\igfxcmjit32.dll
2013-03-09 00:06:46    963452    ----a-w-    C:\Windows\SysWow64\igcodeckrng600.bin
2013-03-09 00:06:46    963452    ----a-w-    C:\Windows\System32\igcodeckrng600.bin
2013-03-09 00:06:46    272928    ----a-w-    C:\Windows\SysWow64\igvpkrng600.bin
2013-03-09 00:06:46    272928    ----a-w-    C:\Windows\System32\igvpkrng600.bin
2013-03-02 09:52:12    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-02-24 17:26:41    9888360    ----a-w-    C:\Windows\SysWow64\RtsPStorIcon.dll
2013-02-24 17:26:40    338536    ----a-w-    C:\Windows\System32\drivers\RtsPStor.sys
2013-02-21 10:30:16    1766912    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH:  3:11:28.14 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 11 May 2013 - 07:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 11 May 2013 - 07:02 PM

Hello thanks for taking my problem on.  Here are the reports you asked for.

 

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 6.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Secunia PSI (2.0.0.3001)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.7.700.169  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

 

 

# AdwCleaner v2.300 - Logfile created 05/11/2013 at 18:20:15
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ShawnR - SHAWNR-HP
# Boot Mode : Normal
# Running from : C:\Users\ShawnR\Desktop\Downloads\utilities\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\OCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\prefs.js

[OK] File is clean.

File : C:\Users\safe user\AppData\Roaming\Mozilla\Firefox\Profiles\qzzw73a6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ShawnR\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1241 octets] - [20/04/2013 22:18:05]
AdwCleaner[S2].txt - [1938 octets] - [11/05/2013 18:20:15]

########## EOF - C:\AdwCleaner[S2].txt - [1998 octets] ##########
 

 

 

ComboFix 13-05-11.01 - ShawnR 05/11/2013  18:43:49.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.6516 [GMT -5:00]
Running from: c:\users\ShawnR\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-11 to 2013-05-11  )))))))))))))))))))))))))))))))
.
.
2013-05-09 12:02 . 2013-05-09 12:05    --------    d-----w-    c:\program files (x86)\iExplorer
2013-05-09 08:00 . 2013-05-09 08:00    --------    d-----w-    c:\users\ShawnR\AppData\Local\Samsung
2013-05-09 08:00 . 2013-05-09 08:00    --------    d-----w-    c:\users\ShawnR\AppData\Roaming\Samsung
2013-05-09 08:00 . 2013-04-03 07:58    708168    ----a-w-    c:\windows\system32\WinUSBCoInstaller.dll
2013-05-09 08:00 . 2013-04-03 07:58    203672    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-05-09 08:00 . 2013-04-03 07:58    103064    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-05-09 07:58 . 2013-04-19 00:08    4659712    ----a-w-    c:\windows\SysWow64\Redemption.dll
2013-05-09 07:58 . 2013-04-19 00:06    821824    ----a-w-    c:\windows\SysWow64\dgderapi.dll
2013-05-09 07:58 . 2013-05-09 08:00    --------    d-----w-    c:\program files (x86)\Samsung
2013-05-09 07:58 . 2013-05-09 08:00    --------    d-----w-    c:\programdata\Samsung
2013-05-09 07:53 . 2013-05-09 07:53    --------    d-----w-    c:\users\ShawnR\AppData\Local\Downloaded Installations
2013-05-05 07:26 . 2013-05-05 07:26    --------    d-----w-    c:\users\ShawnR\AppData\Roaming\Yahoo!
2013-05-05 07:24 . 2013-05-05 07:24    --------    d-----w-    c:\programdata\Yahoo!
2013-05-05 07:21 . 2013-05-05 07:24    --------    d-----w-    c:\program files (x86)\Yahoo!
2013-05-05 01:18 . 2013-05-05 01:18    --------    d-----w-    c:\program files (x86)\DigiDNA
2013-05-02 07:36 . 1999-12-17 15:13    86016    ----a-w-    c:\windows\unvise32.exe
2013-05-02 07:36 . 2013-05-02 07:36    --------    d-----w-    c:\windows\OCS Resources
2013-05-02 07:35 . 2013-05-02 07:36    --------    d-----w-    c:\program files\WxScopePlugin
2013-05-02 07:13 . 2013-05-02 07:13    --------    d-----w-    c:\users\ShawnR\AppData\Local\Brice_Lambson
2013-05-02 07:11 . 2013-05-02 07:11    --------    d-----w-    c:\program files\Image Resizer for Windows
2013-05-02 07:11 . 2013-05-02 07:11    --------    d-----w-    c:\program files (x86)\Image Resizer for Windows
2013-05-02 07:11 . 2013-05-02 07:11    --------    d-----w-    c:\programdata\Package Cache
2013-04-23 23:12 . 2013-04-12 14:45    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-21 07:08 . 2013-01-25 22:44    31080    ----a-w-    c:\windows\system32\drivers\VirtualAudio5.sys
2013-04-21 07:08 . 2013-01-25 22:44    31080    ----a-w-    c:\windows\system32\drivers\VirtualAudio4.sys
2013-04-21 07:08 . 2013-01-25 22:44    31080    ----a-w-    c:\windows\system32\drivers\VirtualAudio3.sys
2013-04-21 07:08 . 2013-01-25 22:44    31080    ----a-w-    c:\windows\system32\drivers\VirtualAudio2.sys
2013-04-21 07:08 . 2013-01-25 22:44    31080    ----a-w-    c:\windows\system32\drivers\VirtualAudio1.sys
2013-04-21 07:05 . 2011-01-15 19:08    153600    ----a-w-    c:\windows\SysWow64\WS_ATLMovie.dll
2013-04-21 05:47 . 2012-08-21 18:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-21 05:47 . 2013-04-21 05:47    --------    d-----w-    c:\program files\iPod
2013-04-21 05:47 . 2013-04-21 05:47    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-21 05:47 . 2013-04-21 05:47    --------    d-----w-    c:\program files\iTunes
2013-04-21 05:47 . 2013-04-21 05:47    --------    d-----w-    c:\program files (x86)\iTunes
2013-04-21 05:47 . 2013-04-21 05:47    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-04-21 05:46 . 2013-04-21 05:46    --------    d-----w-    c:\program files\Common Files\Apple
2013-04-21 05:46 . 2013-04-21 05:46    --------    d-----w-    c:\program files\Bonjour
2013-04-21 05:46 . 2013-04-21 05:46    --------    d-----w-    c:\program files (x86)\Bonjour
2013-04-20 23:33 . 2013-04-21 01:20    --------    d-----w-    c:\users\ShawnR\AppData\Roaming\SumatraPDF
2013-04-20 23:33 . 2013-04-20 23:33    --------    d-----w-    c:\program files (x86)\SumatraPDF
2013-04-20 03:06 . 2013-05-09 11:57    --------    d-----w-    c:\users\ShawnR\AppData\Roaming\DiskAid
2013-04-19 03:12 . 2010-02-04 15:01    22360    ----a-w-    c:\windows\SysWow64\X3DAudio1_7.dll
2013-04-19 03:10 . 2013-04-19 03:37    --------    d-----w-    c:\program files (x86)\Farming Simulator 2013
2013-04-19 00:07 . 2013-04-19 00:07    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2013-04-19 00:07 . 2013-04-19 00:07    330240    ----a-w-    c:\windows\MASetupCaller.dll
2013-04-19 00:07 . 2013-04-19 00:07    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2013-04-18 04:26 . 2013-04-18 04:33    --------    d-----w-    c:\users\ShawnR\AppData\Local\Yummy
2013-04-18 04:25 . 2013-04-18 04:25    --------    d-----w-    c:\users\ShawnR\AppData\Local\Yummy Interactive Inc
2013-04-17 07:48 . 2013-04-17 07:48    2560    ----a-w-    c:\windows\_MSRSTRT.EXE
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\NewShortcut6_178597C9E9954A839CE5F827B9243E7D.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\NewShortcut5_2E88A3CBA39F40A98D18773C4F4597DB.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\NewShortcut4_452A1B445E594C909B07B24759C286BD.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\NewShortcut3_C5393D7CF29C4BBC9DB08F5E20051A27.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\Apex_ru.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\Apex_pt.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\Apex_fr.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-04-17 01:00 . 2013-04-17 01:00    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{6E66EFBA-48AF-4D22-A42C-2CAC94E5630F}\Apex_es.chm_C84688DBC9D344EBA9073714D89C4333.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 07:31 . 2013-02-08 18:49    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-05 07:31 . 2011-11-09 17:33    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-19 00:07 . 2009-07-14 00:07    14336    ----a-w-    c:\windows\SysWow64\avrt.dll
2013-04-18 10:27 . 2013-02-08 02:29    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-18 10:27 . 2013-02-08 02:29    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-09 23:59 . 2013-02-08 00:16    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-04 19:50 . 2013-02-09 02:11    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-03 07:24 . 2008-12-13 04:59    8140288    ----a-w-    c:\windows\system32\Energy.scr
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\NewShortcut6_178597C9E9954A839CE5F827B9243E7D.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\NewShortcut5_2E88A3CBA39F40A98D18773C4F4597DB.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\NewShortcut4_452A1B445E594C909B07B24759C286BD.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\NewShortcut3_C5393D7CF29C4BBC9DB08F5E20051A27.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\Apex_ru.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\Apex_pt.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\Apex_fr.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-03-27 22:15 . 2013-03-27 22:15    69632    ----a-r-    c:\users\ShawnR\AppData\Roaming\Microsoft\Installer\{A123342D-D327-44CF-9904-C79ED915014D}\Apex_es.chm_C84688DBC9D344EBA9073714D89C4333.exe
2013-03-26 08:30 . 2012-03-10 07:57    29480    ----a-w-    c:\windows\SysWow64\msxml3a.dll
2013-03-26 08:30 . 2003-03-19 04:14    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2013-03-26 08:30 . 2003-02-21 12:42    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-03-22 15:14 . 2013-03-22 15:14    279024    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-19 06:04 . 2013-04-09 23:47    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 23:47    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 23:47    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 23:47    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 23:47    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 23:47    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-15 06:28 . 2013-04-05 23:49    9311288    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EAED89C-28D3-4523-B47F-71B88C638C57}\mpengine.dll
2013-03-15 05:51 . 2013-03-15 05:51    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 05:51 . 2013-03-15 05:51    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-15 05:51 . 2013-03-15 05:51    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-15 05:51 . 2013-03-15 05:51    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-15 05:51 . 2013-03-15 05:51    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-15 05:51 . 2013-03-15 05:51    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-15 05:51 . 2013-03-15 05:51    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-15 05:51 . 2013-03-15 05:51    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-15 05:51 . 2013-03-15 05:51    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-15 05:51 . 2013-03-15 05:51    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-15 05:51 . 2013-03-15 05:51    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-15 05:51 . 2013-03-15 05:51    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-15 05:51 . 2013-03-15 05:51    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-15 05:51 . 2013-03-15 05:51    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-15 05:51 . 2013-03-15 05:51    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-15 05:51 . 2013-03-15 05:51    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-15 05:51 . 2013-03-15 05:51    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-15 05:51 . 2013-03-15 05:51    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-15 05:51 . 2013-03-15 05:51    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-15 05:51 . 2013-03-15 05:51    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-15 05:51 . 2013-03-15 05:51    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-15 05:51 . 2013-03-15 05:51    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-15 05:51 . 2013-03-15 05:51    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-15 05:51 . 2013-03-15 05:51    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-15 05:51 . 2013-03-15 05:51    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-15 05:51 . 2013-03-15 05:51    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-15 05:51 . 2013-03-15 05:51    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-15 05:51 . 2013-03-15 05:51    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-15 05:51 . 2013-03-15 05:51    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-15 05:51 . 2013-03-15 05:51    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-15 05:51 . 2013-03-15 05:51    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-15 05:51 . 2013-03-15 05:51    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-15 05:51 . 2013-03-15 05:51    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-15 05:51 . 2013-03-15 05:51    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-15 05:51 . 2013-03-15 05:51    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-15 05:51 . 2013-03-15 05:51    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-15 05:51 . 2013-03-15 05:51    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-15 05:51 . 2013-03-15 05:51    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 05:51 . 2013-03-15 05:51    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-15 05:51 . 2013-03-15 05:51    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-15 05:51 . 2013-03-15 05:51    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-15 05:51 . 2013-03-15 05:51    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-15 05:51 . 2013-03-15 05:51    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-15 05:51 . 2013-03-15 05:51    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-15 05:51 . 2013-03-15 05:51    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-15 05:51 . 2013-03-15 05:51    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-15 05:51 . 2013-03-15 05:51    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-15 05:51 . 2013-03-15 05:51    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-15 05:51 . 2013-03-15 05:51    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-12 20:10 . 2013-03-12 20:10    342528    ----a-w-    c:\windows\system32\drivers\IntcDAud.sys
2013-03-12 20:10 . 2013-03-12 20:10    16896    ----a-w-    c:\windows\system32\IntcDAuC.dll
2013-03-12 20:10 . 2013-03-12 20:10    116224    ----a-w-    c:\windows\system32\igfxCoIn_v3062.dll
2013-03-12 06:10 . 2010-11-21 03:27    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-09 00:06 . 2013-03-09 00:06    575488    ----a-w-    c:\windows\system32\igfx11cmrt64.dll
2013-03-09 00:06 . 2013-03-09 00:06    542720    ----a-w-    c:\windows\SysWow64\igfx11cmrt32.dll
2013-03-09 00:06 . 2013-03-09 00:06    3511296    ----a-w-    c:\windows\system32\igfxcmjit64.dll
2013-03-09 00:06 . 2013-03-09 00:06    3121152    ----a-w-    c:\windows\SysWow64\igfxcmjit32.dll
2013-03-09 00:06 . 2013-03-09 00:06    963452    ----a-w-    c:\windows\system32\igcodeckrng600.bin
2013-03-09 00:06 . 2013-03-09 00:06    272928    ----a-w-    c:\windows\system32\igvpkrng600.bin
2013-03-02 09:52 . 2013-03-02 09:52    14456    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-03-01 03:36 . 2013-04-09 23:52    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-24 17:26 . 2013-02-08 20:02    9888360    ----a-w-    c:\windows\SysWow64\RtsPStorIcon.dll
2013-02-24 17:26 . 2011-01-12 14:10    338536    ----a-w-    c:\windows\system32\drivers\RtsPStor.sys
2013-02-21 10:30 . 2013-04-10 01:38    1766912    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-02-21 10:29 . 2013-04-10 01:38    2877440    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-02-21 10:29 . 2013-04-10 01:38    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-02-21 10:29 . 2013-04-10 01:38    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15 . 2013-04-10 01:38    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-02-21 10:15 . 2013-04-10 01:38    2240512    ----a-w-    c:\windows\system32\wininet.dll
2013-02-21 10:14 . 2013-04-10 01:38    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-02-21 10:14 . 2013-04-10 01:38    19230208    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-21 10:14 . 2013-04-10 01:38    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-02-21 10:14 . 2013-04-10 01:38    3958784    ----a-w-    c:\windows\system32\jscript9.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
"WDTSystemTrayApp.exe"="c:\program files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.WDTSystemTrayApp.exe" [2013-04-23 57968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2013-02-05 113288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/26 03:34;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-09-04 245264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 JohnDeereApexService;John Deere Apex Service;c:\program files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe [2013-04-23 47728]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 103064]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-08-12 194624]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-08-12 68160]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-02-24 2413056]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 PORTMON;PORTMON;c:\users\ShawnR\Desktop\Downloads\SysinternalsSuite\PORTMSYS.SYS [2013-05-02 28656]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-04-03 203672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-08 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\ShawnR\Desktop\Downloads\RealTemp_370\WinRing0x64.sys [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-01-25 31080]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-01-25 31080]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-01-25 31080]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-01-25 31080]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-01-25 31080]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
R4 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-02 14456]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-12-21 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-12-21 150616]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2013-02-05 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-12-21 139768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2013-02-05 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2013-02-05 208896]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2013-02-24 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 07:31]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 04:00]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 04:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 6326448]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{594D24DE-4E2A-4C95-B68C-0AF9032ED07D}: NameServer = 208.67.220.220,4.2.2.1
FF - ProfilePath - c:\users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-03-24 02:29; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-03 22:45; support@lastpass.com; c:\users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\extensions\support@lastpass.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{071012C3-2764-457D-B41E-93AA7ADE5F06}\setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3959180319-3457226832-2144390500-1001\Software\SecuROM\License information*]
"datasecu"=hex:3c,da,7b,0a,f8,8a,f7,d7,8b,91,91,7a,61,c2,a6,06,ad,b5,a5,18,ab,
   03,e1,f0,d1,cc,66,10,3a,b2,2f,46,e1,70,ae,a7,56,bc,2c,b6,49,f9,6d,d4,ac,82,\
"rkeysecu"=hex:62,22,e8,3b,43,56,06,ea,52,0c,7a,0e,a6,12,a8,0b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-11  18:48:38
ComboFix-quarantined-files.txt  2013-05-11 23:48
.
Pre-Run: 599,447,371,776 bytes free
Post-Run: 599,548,252,160 bytes free
.
- - End Of File - - F35B82970A10FA4FC2F688E9D19D3777
 

Lots of interesting information in these reports.  I hope it sheds some light on the problems I've been having.

 

As of now PC "seems" to be ok haven been on it for a few days so we will see.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 12 May 2013 - 08:07 AM

Looking good.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#5 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 12 May 2013 - 10:35 PM

Thanks again for the help.  I have a couple questions, my PC hasn't had an update from microsoft since April 23rd, is that normal?  I thought they usually send out updates around the 12th of each month?  It checks automatically and I will usually check manually as well.  Another issue is in device manager I have some weird unknown "non plug and play drivers"     X6va012 is one of them. I used to have double entries of WS Audio 1,2,3,4.  I went through and deleted them after doing some online checking.  Just not sure where they came from.  And one question about my router DNS setting, what should it be set at or leave it do it's own thing?  And about that HP service that says it's manufacturer is Microsoft!  That's kind odd I thought.

 

If those items are nothing to worry about then I thank you very much for your help.

 

Spoonman21



#6 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 12 May 2013 - 11:08 PM

I just noticed through Speccy that my Windows update is not configured!!  How is that possible when I have it enabled in control panel??

 

No wonder I haven't had an update since 4/23.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 13 May 2013 - 08:41 AM

If you are referring to these drivers, they are still listed in the registry but the file has been deleted.
They are not causing any problems.
 

R4 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\ShawnR\Desktop\Downloads\RealTemp_370\WinRing0x64.sys [x]

 
To remove them execute this:
 
Please run Notepad and copy the following text into a new file:
 

sc config X6va012 start= disabled
sc stop X6va012
sc deleteX6va012
sc config clwvd start= disabled
sc stop clwvd
sc delete clwvd
sc config WinRing0_1_2_0 start= disabled
sc stop WinRing0_1_2_0
sc delete WinRing0_1_2_0

 
Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal. 
If any errors errors encountered please post.
When done you can delete the remove.bat file.
 
p.s. On a Vista/Windows7 Operating System run the remove.bat file as Administrator.
===
 
As for the HP driver I do not have any concerned.
 
===

And one question about my router DNS setting, what should it be set at or leave it do it's own thing?

Unless you have problems with it leave it alone.
 
Lets check your Windows Updates situation.
 
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action center
  • Windows Update
  • Windows Defender
  • Press Scan.
    This will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


#8 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 14 May 2013 - 02:58 AM

Hello again,

 

I actually was referring to these devices...

R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-01-25 31080]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-01-25 31080]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-01-25 31080]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-01-25 31080]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-01-25 31080]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]

 

I see they arent listed in device manager so I must have gotten rid of them. 

Ran the remove.bat with no errors.

Otherwise it seems to be working fine, boot time is good and no blue screens so I guess maybe I'm too picky and should quite snooping around.  If it ain't broke don't fix it right?

 

Thanks again.

 

Here is the FSS log

 

Farbar Service Scanner Version: 14-04-2013
Ran by ShawnR (administrator) on 14-05-2013 at 02:53:31
Running from "C:\Users\ShawnR\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 14 May 2013 - 07:59 AM

The WsAudio_Devices are virtual drivers for Wondershare Virtual Audio Device.
Can you relate to this?
===


Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point

===

Repair & Fix Windows Updates with Fix WU Utility
http://www.thewindowsclub.com/repair-fix-windows-updates-with-fix-wu-utility
It has been tested on Windows 7 & Vista, 32bit and 64bit versions.

Restart the computer normally after this fix.

Let me know if the problem persists.

#10 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 18 May 2013 - 01:50 AM

I have no idea what Wondershare Virtual Audio Device is or how it got on my PC.  I created a restore point and ran the WU Utility.  I received updates on the 15th there was 12 of them, they all installed properly.  I think we might have 'er licked my friend.  

 

Thank you for your patience and knowledge in helping me with my problem.

 

Spoonman21 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 18 May 2013 - 08:30 AM

There is nothing rong with Wondershare. It may just be needed by some programs you use.

Have a look at their site: http://www.wondershare.com/

If all is well leave them alone.

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#12 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:06:45 PM

Posted 19 May 2013 - 06:18 PM

Thanks again for all your help.

 

 

Spoonman21



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 20 May 2013 - 06:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users