Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something that is affecting Windows and iTunes


  • This topic is locked This topic is locked
65 replies to this topic

#1 bufordclyde

bufordclyde

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 16 May 2013 - 08:07 PM

I have noticed the last few weeks that I was having issues.  When I went to empty the trash, it would take a few seconds for the confirmation to pop up, iTunes was slow and finally stopped working all together.  I figured I had something.  I have run the usual stuff I run but it cannot find anything.  Need assistance this time.  Thank you in advance for your assistance.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Belew at 19:57:34 on 2013-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8138.4736 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\explorer.exe
C:\Program Files (x86)\Clover\clover.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
StartupFolder: C:\Users\Belew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Belew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Belew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N13U.B1 Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N13U.B1 Wireless Router Utilities\ASDownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1 192.168.1.254
TCP: Interfaces\{1B348086-2110-4379-A213-CB647E992DE9} : DHCPNameServer = 192.168.2.1 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ExplorerWatcher Class: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Belew\AppData\Roaming\Mozilla\Firefox\Profiles\exqzbwy3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-10 22:04; fmconverter@gmail.com; C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2013-5-8 14464]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-5-8 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-5-8 38528]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2013-5-8 586880]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-4-18 1227800]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-4-18 659992]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-4-18 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-8 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-8 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-5-10 101888]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-5-11 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-5-11 9800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-11 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-9 1255736]
.
=============== Created Last 30 ================
.
2013-05-17 02:32:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-17 02:13:37 98816 ----a-w- C:\Windows\sed.exe
2013-05-17 02:13:37 256000 ----a-w- C:\Windows\PEV.exe
2013-05-17 02:13:37 208896 ----a-w- C:\Windows\MBR.exe
2013-05-17 02:13:33 -------- d-----w- C:\ComboFix
2013-05-17 01:06:00 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-17 01:02:13 -------- d-----w- C:\_OTL
2013-05-17 00:45:39 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6EB5DD7-5752-49D0-982B-CC55886C026E}\offreg.dll
2013-05-16 13:29:38 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6EB5DD7-5752-49D0-982B-CC55886C026E}\mpengine.dll
2013-05-16 13:27:08 -------- d-----w- C:\Windows\System32\log
2013-05-16 03:56:00 -------- d-----w- C:\Users\Belew\AppData\Local\Mozilla
2013-05-16 03:27:10 -------- d-----w- C:\Users\Belew\AppData\Local\Apple Computer
2013-05-16 03:26:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-16 03:25:11 -------- d-----w- C:\Users\Belew\AppData\Local\Apple
2013-05-16 00:39:13 24576 ----a-w- C:\Windows\SysWow64\FoolishEventLogMsgHelper.dll
2013-05-15 10:54:39 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 06:14:58 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 00:40:16 -------- d-----w- C:\Users\Belew\AppData\Local\Microsoft Games
2013-05-13 04:46:49 -------- d-----w- C:\Users\Belew\AppData\Roaming\QuickScan
2013-05-13 04:29:19 -------- d-----w- C:\Windows\pss
2013-05-13 04:07:13 -------- d-----w- C:\Users\Belew\AppData\Roaming\Auslogics
2013-05-13 03:57:04 -------- d-----w- C:\Program Files\CCleaner
2013-05-13 00:56:51 -------- d-----w- C:\Users\Belew\AppData\Roaming\calibre
2013-05-13 00:53:23 -------- d-----w- C:\Program Files (x86)\Calibre2
2013-05-12 15:31:08 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-12 13:36:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-05-12 13:35:59 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-05-12 13:35:35 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-05-12 03:20:25 42272 ----a-w- C:\Windows\System32\libdispatch.dll
2013-05-11 23:53:00 -------- d-----w- C:\Windows\System32\SPReview
2013-05-11 22:45:38 -------- d-----w- C:\Windows\System32\EventProviders
2013-05-11 22:42:59 777728 ----a-w- C:\Windows\System32\gpsvc.dll
2013-05-11 22:41:59 983040 ----a-w- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
2013-05-11 22:40:55 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2013-05-11 22:40:55 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2013-05-11 22:40:55 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2013-05-11 22:40:07 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-05-11 22:40:07 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-05-11 22:40:04 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-05-11 21:49:55 -------- d-----w- C:\Program Files (x86)\Canon
2013-05-11 21:23:51 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2013-05-11 21:23:50 52800 ----a-w- C:\Windows\SysWow64\drivers\PCASp50.sys
2013-05-11 21:23:50 41280 ----a-w- C:\Windows\SysWow64\drivers\PCASp50a64.sys
2013-05-11 21:23:49 61440 ----a-w- C:\Windows\SysWow64\ASIW32N50.dll
2013-05-11 21:23:49 16302 ----a-w- C:\Windows\SysWow64\ASINDIS5.sys
2013-05-11 21:23:49 15577 ----a-w- C:\Windows\SysWow64\ASINDIS3.vxd
2013-05-11 18:37:28 405360 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-11 18:26:05 -------- d-----w- C:\Users\Belew\AppData\Local\Secunia PSI
2013-05-11 18:25:57 -------- d-----w- C:\Program Files (x86)\Secunia
2013-05-11 18:13:40 -------- d-----w- C:\Temp
2013-05-11 18:02:29 -------- d-----w- C:\Program Files (x86)\stinger
2013-05-11 17:59:49 -------- d-----w- C:\Program Files\Speccy
2013-05-11 17:44:10 -------- d-----w- C:\Users\Belew\AppData\Roaming\Rainmeter
2013-05-11 17:40:11 -------- d-----w- C:\Program Files\Rainmeter
2013-05-11 17:36:38 -------- d-----w- C:\ProgramData\Package Cache
2013-05-11 17:01:55 9800 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2013-05-11 17:01:55 9160 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2013-05-11 17:01:55 87112 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2013-05-11 17:01:55 3376640 ----a-w- C:\Windows\System32\BootMan.exe
2013-05-11 17:01:55 2498216 ----a-w- C:\Windows\SysWow64\BootMan.exe
2013-05-11 17:01:55 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2013-05-11 17:01:55 17480 ----a-w- C:\Windows\System32\epmntdrv.sys
2013-05-11 17:01:55 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2013-05-11 17:01:55 13896 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2013-05-11 17:01:55 100936 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2013-05-11 17:01:43 -------- d-----w- C:\Program Files (x86)\EaseUS
2013-05-11 13:58:44 -------- d-----w- C:\Program Files (x86)\dumps
2013-05-11 05:06:31 -------- d-----w- C:\Users\Belew\AppData\Roaming\NVIDIA
2013-05-11 05:05:07 -------- d-----w- C:\Users\Belew\AppData\Local\FreemakeVideoConverter
2013-05-11 05:04:27 -------- d-----w- C:\ProgramData\Freemake
2013-05-11 05:04:17 -------- d-----w- C:\Users\Belew\AppData\Roaming\OpenCandy
2013-05-11 05:04:17 -------- d-----w- C:\Program Files (x86)\Freemake
2013-05-11 04:41:22 -------- d-----w- C:\Users\Belew\AppData\Local\sabnzbd
2013-05-11 04:40:32 -------- d-----w- C:\Program Files (x86)\SABnzbd
2013-05-11 04:24:58 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2013-05-11 04:24:56 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack
2013-05-11 04:24:46 -------- d-----w- C:\ProgramData\TVersity
2013-05-11 04:13:31 -------- d-----w- C:\Program Files (x86)\RocketDock
2013-05-11 04:01:47 -------- d-----w- C:\Program Files\Paint.NET
2013-05-11 04:00:55 -------- d-----w- C:\Users\Belew\AppData\Local\Paint.NET
2013-05-11 03:58:18 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-05-11 03:58:09 -------- d-----w- C:\Users\Belew\AppData\Roaming\Spotify
2013-05-11 03:57:37 -------- d-----w- C:\Program Files (x86)\Auslogics
2013-05-11 03:56:54 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-05-11 03:56:54 -------- d-----r- C:\Users\Belew\SkyDrive
2013-05-11 03:56:48 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-05-11 03:56:46 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-05-11 03:56:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-05-11 03:56:44 -------- d-----w- C:\Program Files (x86)\Steam
2013-05-11 03:55:57 -------- d-----w- C:\Users\Belew\AppData\Roaming\Greenshot
2013-05-11 03:55:57 -------- d-----w- C:\Users\Belew\AppData\Local\Greenshot
2013-05-11 03:55:35 -------- d-----w- C:\Program Files\Greenshot
2013-05-11 03:55:31 -------- d-----w- C:\Users\Belew\AppData\Roaming\uTorrent
2013-05-11 03:55:31 -------- d-----w- C:\Program Files (x86)\uTorrent
2013-05-11 03:54:31 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-05-11 03:54:23 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-11 03:54:23 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-05-11 03:54:21 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-11 03:52:47 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-11 03:52:47 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-11 03:52:45 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-11 03:51:07 -------- d-----w- C:\Users\Belew\AppData\Local\Adobe
2013-05-11 03:51:02 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-11 03:38:23 -------- d-----w- C:\Users\Belew\AppData\Roaming\Malwarebytes
2013-05-11 03:38:05 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-11 03:38:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-11 03:38:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-11 03:37:51 -------- d-----w- C:\Users\Belew\AppData\Local\Programs
2013-05-11 03:35:25 -------- d-----w- C:\Users\Belew\AppData\Roaming\DiskSpaceFan
2013-05-11 03:35:20 -------- d-----w- C:\Program Files (x86)\Cookapp
2013-05-11 03:34:03 -------- d-----w- C:\Program Files (x86)\Everything
2013-05-11 03:32:38 -------- d-----w- C:\Program Files\CPUID
2013-05-11 03:29:46 -------- d-----w- C:\Users\Belew\AppData\Local\Clover
2013-05-11 03:29:45 -------- d-----w- C:\Program Files (x86)\Clover
2013-05-11 03:11:51 -------- d-----w- C:\Windows\PCHEALTH
2013-05-11 03:01:36 -------- d-----w- C:\Users\Belew\AppData\Local\Microsoft Help
2013-05-11 02:54:19 -------- d-----w- C:\Users\Belew\logitech
2013-05-11 02:36:45 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control Software Common
2013-05-11 02:35:12 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2013-05-11 02:26:02 127034 ------r- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2013-05-11 02:25:19 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-05-11 02:25:19 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-05-11 02:25:19 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-05-11 02:25:19 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-05-11 02:25:18 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-05-11 02:25:18 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-05-11 02:25:18 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-05-10 19:28:53 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-05-10 13:28:04 -------- d-----r- C:\Users\Belew\Dropbox
2013-05-10 13:26:04 -------- d-----w- C:\Users\Belew\AppData\Roaming\Dropbox
2013-05-10 02:57:27 -------- d-----w- C:\Windows\SysWow64\Wat
2013-05-10 02:57:26 -------- d-----w- C:\Windows\System32\Wat
2013-05-10 02:36:08 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-05-10 02:36:08 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-05-10 02:36:08 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-05-10 02:36:08 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-05-10 00:53:22 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-10 00:42:57 -------- d-----w- C:\Program Files\Microsoft LifeCam
2013-05-10 00:42:57 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2013-05-10 00:42:07 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2013-05-10 00:42:06 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-05-09 13:05:05 -------- d-----w- C:\ProgramData\EPSON
2013-05-09 12:58:59 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-05-09 12:58:59 -------- d-----w- C:\Program Files (x86)\EPSON Print CD
2013-05-09 12:58:58 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-05-09 12:58:58 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-05-09 12:58:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-05-09 12:58:58 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-05-09 12:58:58 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-05-09 12:58:58 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-05-09 12:56:32 -------- d-----w- C:\Users\Belew\AppData\Local\ElevatedDiagnostics
2013-05-09 12:54:56 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2013-05-09 12:54:56 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2013-05-09 12:54:56 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2013-05-09 12:54:56 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2013-05-09 12:54:56 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2013-05-09 12:54:30 -------- d-----w- C:\Program Files\EPSON
2013-05-09 12:54:04 86528 ----a-w- C:\Windows\System32\E_IBCBBPA.DLL
2013-05-09 12:54:04 126976 ----a-w- C:\Windows\System32\E_ILMBPA.DLL
2013-05-09 12:53:46 -------- d-----w- C:\Program Files (x86)\epson
2013-05-09 12:53:45 93184 ----a-w- C:\Windows\System32\esxcwiad.dll
2013-05-09 12:51:18 -------- d-----w- C:\Users\Belew\AppData\Local\PowerPanel Personal Edition
2013-05-09 12:51:17 -------- d-----w- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2013-05-09 06:01:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-05-09 06:01:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-05-09 06:01:49 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-05-09 06:01:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-05-09 06:01:49 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-05-09 06:01:49 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-05-09 06:00:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-05-09 06:00:42 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-05-09 06:00:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-05-09 06:00:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-05-09 06:00:41 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-05-09 06:00:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-05-09 06:00:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-05-09 05:55:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-05-09 05:55:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-05-09 05:55:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-05-09 05:55:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-05-09 05:55:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-05-09 05:35:22 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2013-05-09 05:35:22 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2013-05-09 05:35:22 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2013-05-09 05:35:22 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2013-05-09 05:31:24 642944 ----a-w- C:\Windows\System32\winload.efi
2013-05-09 05:30:50 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
2013-05-09 05:29:35 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2013-05-09 05:28:56 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-05-09 05:28:55 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-05-09 05:28:53 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-09 05:28:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-09 05:28:52 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-09 05:28:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-09 05:28:52 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-09 05:28:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-09 05:28:44 67072 ----a-w- C:\Windows\splwow64.exe
2013-05-09 05:28:44 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-05-09 05:28:43 77312 ----a-w- C:\Windows\System32\packager.dll
2013-05-09 05:28:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-05-09 05:23:20 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-05-09 05:23:20 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-05-09 05:23:20 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-05-09 05:18:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-09 05:17:59 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-05-09 05:17:50 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-05-09 05:17:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-05-09 05:16:29 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7CC2F859-3E06-4754-B4FE-8B884F934974}\gapaengine.dll
2013-05-09 05:10:37 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-05-09 05:09:49 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-05-09 05:05:53 -------- d-----w- C:\Users\Belew\AppData\Local\Google
2013-05-09 05:05:29 -------- d-----w- C:\Users\Belew\AppData\Local\Deployment
2013-05-09 05:05:29 -------- d-----w- C:\Users\Belew\AppData\Local\Apps
2013-05-09 04:59:46 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2013-05-09 04:59:16 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-05-09 04:57:06 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-05-09 04:55:56 1614440 ----a-w- C:\Windows\System32\nvdispco642090.dll
2013-05-09 04:55:56 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll
2013-05-09 04:55:41 67176 ----a-w- C:\Windows\System32\OpenCL.dll
2013-05-09 04:55:41 57960 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-05-09 04:55:40 15508512 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-05-09 04:55:30 15042928 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-05-09 04:55:09 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2013-05-09 04:55:08 2864144 ----a-w- C:\Windows\System32\nvapi64.dll
2013-05-09 04:54:51 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-05-09 04:38:58 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2013-05-09 03:39:18 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{713BFBE7-3A29-4497-B40A-686B6F0DB3EF}\mpengine.dll
2013-05-09 03:39:18 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-09 03:24:30 14464 ----a-w- C:\Windows\System32\drivers\AiChargerPlus.sys
2013-05-09 03:24:01 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-05-09 03:21:47 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-05-09 03:20:21 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-05-09 03:20:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-05-09 03:20:21 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-05-09 03:20:21 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-05-09 03:11:43 -------- d-----w- C:\ProgramData\ASUS
2013-05-09 03:11:38 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll
2013-05-09 03:11:38 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2013-05-09 03:11:38 -------- d-----w- C:\Program Files (x86)\ASUS
2013-05-09 03:11:37 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2013-05-09 03:06:35 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-05-09 03:06:35 471144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-05-09 03:06:35 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-05-09 02:57:38 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-05-09 02:57:38 -------- d-----w- C:\Program Files\Realtek
2013-05-09 02:54:25 504936 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2013-05-09 02:53:15 1251944 ------r- C:\Windows\RtlExUpd.dll
2013-05-09 02:53:15 -------- d--h--w- C:\Program Files (x86)\Temp
2013-05-09 02:53:14 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-05-09 02:53:14 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2013-05-09 02:53:14 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-05-09 02:53:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-05-09 02:53:14 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-05-09 02:53:13 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-05-09 02:53:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-05-09 02:53:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-05-09 02:53:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-05-09 02:50:11 -------- d-----w- C:\Windows\Panther
2013-05-09 02:48:00 78976 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2013-05-09 02:48:00 38528 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
2013-05-09 02:45:45 47232 ----a-r- C:\Windows\System32\drivers\usbfilter.sys
2013-05-09 02:43:37 -------- d-----w- C:\Program Files\ATI
2013-05-09 02:41:54 -------- d-sh--w- C:\Windows\Installer
2013-04-18 13:55:50 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
.
==================== Find3M  ====================
.
2013-05-12 15:31:08 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-12 00:00:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-12 00:00:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-26 07:32:38 1814304 ----a-w- C:\Windows\System32\nvdispco64.dll
2013-02-26 07:32:32 1510176 ----a-w- C:\Windows\System32\nvdispgenco64.dll
.
============= FINISH: 19:57:44.92 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2013 7:24:07 PM
System Uptime: 5/16/2013 6:18:22 AM (13 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | M5A97
Processor: AMD FX™-4100 Quad-Core Processor | AM3r2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 346.236 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 708.98 GiB free.
H: is FIXED (FAT32) - 466 GiB total, 331.341 GiB free.
I: is FIXED (NTFS) - 1863 GiB total, 890.133 GiB free.
J: is Removable
K: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9722#085102000229&3#
Manufacturer: Kingston
Name: M:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9722#085102000229&3#
Service: WUDFRd
.
Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3164&SUBSYS_31641106&REV_06\4&2B4059EA&0&30A4
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3164&SUBSYS_31641106&REV_06\4&2B4059EA&0&30A4
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9722#085102000229&1#
Manufacturer: Kingston
Name: K:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9722#085102000229&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: FCR-HS219/1
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9722#085102000229&2#
Manufacturer: Kingston
Name: L:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_FCR-HS219#1&REV_9722#085102000229&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
AI Suite II
ASUS RT-N13U.B1 Wireless Router Utilities
ATI Catalyst Install Manager
Auslogics Disk Defrag
calibre
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCleaner
Clover 3.0
CPUID CPU-Z 1.64.0
CyberPower PowerPanel Personal Edition 1.3.3
Disk Space Fan 4 4.5.4.152
Dropbox
EaseUS Partition Master 9.2.2
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
ESET Online Scanner v3
Everything 1.2.1.371
Freemake Video Converter version 4.0.1
Google Chrome
Google Drive
Google Earth
Google Update Helper
Greenshot 1.1.4.2622
ImgBurn
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
MovieEdit Task
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Notepad++
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Graphics Driver 314.22
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.11.3
NVIDIA Update Components
Paint.NET v3.5.10
PhotoStitch
Picasa 3
Rainmeter
RAW Image Task 2.2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Remote Control USB Driver
Revo Uninstaller 1.94
RocketDock 1.3.5
SABnzbd 0.7.11
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sid Meier's Civilization V
Speccy
Spotify
Steam
swMSM
TVersity Codec Pack 1.7
TVersity Media Server 2.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.6
WinRAR 4.20 (64-bit)
Xiph.Org Open Codecs 0.85.17777
.
==== End Of File ===========================

Edited by Oh My, 21 May 2013 - 08:10 PM.
Posted Attach.txt


BC AdBot (Login to Remove)

 


#2 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 17 May 2013 - 06:45 AM

So after I posted this  I read through a couple of the items as far as what you request.  I have already run some cleaners that you request we not run as I have used these tools before.   I would like to post the logs but I do not see a way to upload a file now.  I have run ComboFix and gmer already and can post the logs if you would like.  Sorry, should have read the instructions first.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 07:45 PM

Greetings bufordclyde and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.

Please post the Combofix and GMER logs. I know iTunes does not run but can you be more specific about the "Windows" issue?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 21 May 2013 - 07:58 PM

Thank you for response.  I understand this is not your first job and greatly appreciate any assistance.  I work in IT and normally can fix an issue like this.  I have several computers I work on for family and friends on a regular basis but this one has me stumped.  
 
The only Windows issues are when you put something in the trash it doesn't show up for a while and same for when you choose to empty the trash, it takes a while.  I have also seen the svchost processes get very large on occasion and Windows will slow down considerably.  No other real issues except the iTunes thing which is the biggest one for now.
 
Thanks again Gary and you can call me Biff.
 
Here are the GMER and ComboFix logs:
 
 
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 17:44:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005e WDC_WD50 rev.12.0 465.76GB
Running: 9etgdq02.exe; Driver: C:\Users\Belew\AppData\Local\Temp\kgloqpow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                 fffff800031f4000 45 bytes [00, 00, 51, 02, 54, 68, 72, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                 fffff800031f402f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                         0000000076bc549c 5 bytes JMP 0000000100080800
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_packet_split_side_data + 972                       00000000711f2a9c 3 bytes [20, 8D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_packet_split_side_data + 987                       00000000711f2aab 3 bytes [20, 8D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!init_vlc_sparse + 289                                 00000000711f3151 3 bytes [20, 8D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!init_vlc_sparse + 299                                 00000000711f315b 3 bytes [20, 8D, 1D]
.text     ...                                                                                                                                                * 7
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_get_chroma_sub_sample + 13                    000000007123fced 3 bytes [40, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!ff_is_hwaccel_pix_fmt + 10                            000000007123fd2a 3 bytes [47, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avpicture_layout + 85                                 000000007123fef5 3 bytes [44, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avpicture_layout + 115                                000000007123ff13 3 bytes [48, 9D, 1D]
.text     ...                                                                                                                                                * 3
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_get_pix_fmt_loss + 108                        00000000712400ac 3 bytes [40, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_get_pix_fmt_loss + 114                        00000000712400b2 3 bytes [40, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_find_best_pix_fmt + 90                        000000007124025a 3 bytes [44, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_find_best_pix_fmt + 107                       000000007124026b 3 bytes [46, 9D, 1D]
.text     ...                                                                                                                                                * 2
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_picture_crop + 51                                  0000000071240823 3 bytes [40, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_picture_pad + 750                                  0000000071240bfe 3 bytes [40, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_pix_fmt_to_codec_tag + 497                    0000000071247121 3 bytes [47, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_align_dimensions + 30                         000000007124aabe 3 bytes [45, 9D, 1D]
.text     C:\Program Files (x86)\Steam\Steam.exe[2396] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_default_get_buffer + 796                      000000007124ce5c 3 bytes [48, 9D, 1D]
.text     C:\Program Files (x86)\RocketDock\RocketDock.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\RocketDock\RocketDock.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
.text     C:\Program Files (x86)\Everything\Everything.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Everything\Everything.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!init_vlc_sparse + 217               000000006ad82671 4 bytes [C0, 2D, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!init_vlc_sparse + 232               000000006ad82680 4 bytes [C0, 2D, BB, 00]
.text     ...                                                                                                                                                * 7
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_chroma_sub_sample + 8   000000006ae63fa8 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_name + 14       000000006ae63fd2 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_pix_fmt_string + 94         000000006ae64046 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_is_hwaccel_pix_fmt + 10          000000006ae6408a 4 bytes [47, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_linesize + 36               000000006ae641b8 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_linesize + 150              000000006ae6422a 4 bytes [4A, 31, BB, 00]
.text     ...                                                                                                                                                * 7
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_pointer + 82                000000006ae643e6 4 bytes [46, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_pointer + 138               000000006ae6441e 4 bytes [46, 31, BB, 00]
.text     ...                                                                                                                                                * 2
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avpicture_layout + 503              000000006ae64737 4 bytes [45, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avpicture_layout + 554              000000006ae6476a 4 bytes [46, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_loss + 97       000000006ae64959 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_loss + 108      000000006ae64964 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_find_best_pix_fmt + 57      000000006ae64af9 4 bytes [45, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_find_best_pix_fmt + 91      000000006ae64b1b 4 bytes [44, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_get_plane_bytewidth + 122        000000006ae64cf2 4 bytes [45, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_copy + 352               000000006ae64e6c 4 bytes [46, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_copy + 567               000000006ae64f43 4 bytes [45, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_crop + 68                000000006ae65614 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_pad + 617                000000006ae658e1 4 bytes [40, 31, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_ivi_create_huff_from_desc + 209  000000006ae7d195 4 bytes [C0, 2D, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_ivi_create_huff_from_desc + 342  000000006ae7d21a 4 bytes [C0, 2D, BB, 00]
.text     ...                                                                                                                                                * 5
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_estimate_p_frame_motion + 996    000000006aeb9754 4 bytes [C0, 2B, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_rle_encode + 734                 000000006af4aff6 4 bytes [C1, 2B, BB, 00]
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_rle_encode + 931                 000000006af4b0bb 4 bytes [C0, 2B, BB, 00]
.text     ...                                                                                                                                                * 2
.text     C:\ProgramData\TVersity\Media Server\MediaServer.exe[2348] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_align_dimensions + 21       000000006afb4965 4 bytes [45, 31, BB, 00]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
.text     C:\Users\Belew\AppData\Roaming\Dropbox\bin\Dropbox.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000075371465 2 bytes [37, 75]
.text     C:\Users\Belew\AppData\Roaming\Dropbox\bin\Dropbox.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
.text     C:\Users\Belew\Downloads\9etgdq02.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075371465 2 bytes [37, 75]
.text     C:\Users\Belew\Downloads\9etgdq02.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                * 2
 
---- EOF - GMER 2.1 ----
 

 

 

 

2013-05-17 02:22:48 . 2013-05-17 02:22:48              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-05-17 02:22:39 . 2013-05-17 02:22:39              203 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon.reg.dat
2013-05-17 02:22:39 . 2013-05-17 02:22:39              189 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-ApplePhotoStreams.reg.dat
2013-05-17 02:22:39 . 2013-05-17 02:22:39              183 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-iCloudServices.reg.dat
2013-05-17 02:18:39 . 2013-05-17 02:18:39            3,860 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-05-17 02:13:34 . 2013-05-17 02:13:34               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-05-09 02:25:16 . 2013-05-09 02:25:16                0 ----a-w-  C:\Qoobox\Quarantine\C\Users\Belew\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.vir


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 08:30 PM

Hi Biff,

Thank you for your very prompt reply. I really do appreciate that.

I would like to do a bit of testing with the Recycle issue. I would like you to disable your antivirus and see if there is a change. I would also like you to do a clean boot and test that as well. The clean boot instructions are below.

===================================================

Clean Boot
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Notice any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 21 May 2013 - 08:43 PM

Same, and my AI Suite crashed at boot.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 08:52 PM

Is this the first time AI Suite crashed?

Please boot into Safe Mode and see if there is any change.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 21 May 2013 - 09:02 PM

AI Suite crash happens sporadically.  

 

Same issues in Safe Mode.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 09:05 PM

OK Biff,

I see you ran OTL on 5-17 but I would like to look at a fresh log before we take any intrusive steps. Please rerun OTL and post the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 21 May 2013 - 09:20 PM

Here it is.  Had to attach.   It wouldn't post the reply with that much in the post. 

 

 

 

 

 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 09:41 PM

Hi Biff,

Thanks for the report. I would like to run the following program and do so in a way that will check file signatures. There are some files I want to follow up on.

Can you tell me if you have the resources to reinstall AI Suite if necessary?

Please do this for me.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you reinstall AI Suite?
  • TDSSKiller zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 21 May 2013 - 09:59 PM

Yes, I have the resources to reinstall AI Suite.

 

Also, cannot upload file.  Says its too big.  Only 7.65k left.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 10:01 PM

OK, the following steps should rectify the upload problem then you can try it again.

===================================================

Managing Attachments

----------
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0bytes of 250K

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 bufordclyde

bufordclyde
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 21 May 2013 - 10:03 PM

Thank you.  File is attached.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 21 May 2013 - 10:21 PM

Hi Biff,

Did I mention I appreciate your attentiveness? :)

It looks like you have a hidden file system attached to your Master Boot Record. Please rerun TDSSKiller and select Delete for the below entry. Following that give your computer a spin and see how it behaves. I will most likely be winding down for the evening but will be looking forward to the results when I check in the morning.
 

21:51:33.0693 4180 \Device\Harddisk8\DR8 ( TDSS File System )


Edited by Oh My, 21 May 2013 - 10:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users