Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects on different ones, lag, after formatting few times


  • This topic is locked This topic is locked
15 replies to this topic

#1 npfd

npfd

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 09 July 2013 - 10:30 PM

Hi there,

 

In order to get to the current issue, I have to go back a while... I use to use Google Chrome on my computer, until I noticed that the window would lag, freeze, and even when typing too, tried doing simple steps, but to no avail. I would get stutter in videogames, lower performance... and redirected search results. After formatting I noticed the issue came back, and by looking on the web figured out that, running adwcleaner it found this (on a previous install, which prompted me to start running tests, and before this I would notice windows defender wouldn't finish a full scan), and never detected anything, neither malware, or even AVG free).

 

# AdwCleaner v2.303 - Logfile created 07/01/2013 at 06:36:58
# Updated 08/06/2013 by Xplode
# Operating system : Windows 8 Pro with Media Center  (64 bits)
# User : Rajinder - R
# Boot Mode : Normal
# Running from : C:\Users\Rajinder\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Rajinder\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3031] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=CA&userid=54946b07-c1d4-4a19-a351-6d7d0d56645a&searchtype=hp" ]

 

The software removed the problem, but it always came back once I synched my Chrome settings.  Then decided to log in via IE to clear my sync settings which seemed to work. Then formatted, but then I started to get the redirects again, and the lag in IE.
 

I also ran, Roguekiller, Gmer.

Since then I've proceeded to format many times..... 3-4 times,
ran the bootrec.exe /fixmbr command...
made the bootable win 8 cd from another computer,

I've ran the Windows MRT tool, windows defender full scans quite a few times. to no avail. Even scanned with Malware bytes.
After I formatted the first run I even downloaded Bitdefender bootable CD to scan too, it did say it found

 

Even till today I get some lag in IE when using google maps, or while on facebook.
And at times when I close tabs, or IE, I get a IE has stopped responding, but it closes okay...

I've manually deleted the temporary internet folder too.

 

I even got a redirect to a full screen ad, under the name of (as seen in IE history)
cm.gdoubleclick (cm.g.doubleclick.net)

push?client=ca-pub-2049948180079264

push?client=ca-pub-5335449554482979

push?client=ca-pub-5559175468264177

push?client=ca-pub-7206021554793048

 

Thank you for any help

Rajinder

 

Here is the dds file

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Rajinder at 23:09:43 on 2013-07-09
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.32716.29777 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dashost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\explorer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\Taskmgr.exe
C:\Users\Rajinder\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\mmc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4C041E0A-5700-4B75-A1E5-B558C6736E55} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-5 1900728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-22 21160]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2013-07-10 02:08:08 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03727C18-7BFE-4A82-B3B6-58A7ADB5A0F7}\offreg.dll
2013-07-10 01:57:19 -------- d-----w- C:\Windows\System32\MRT
2013-07-10 01:50:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03727C18-7BFE-4A82-B3B6-58A7ADB5A0F7}\mpengine.dll
2013-07-10 01:47:42 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-07-09 20:54:21 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-09 03:52:36 -------- d-----w- C:\ProgramData\EA Core
2013-07-09 03:52:35 -------- d-----w- C:\ProgramData\EA Logs
2013-07-09 02:01:43 -------- d-----w- C:\Users\Rajinder\AppData\Roaming\Malwarebytes
2013-07-09 02:01:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-09 02:01:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-09 02:01:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-09 02:01:13 -------- d-----w- C:\Users\Rajinder\AppData\Local\Programs
2013-07-07 22:12:12 65793 ----a-w- C:\Windows\System32\esfwad.bin
2013-07-07 22:12:12 204800 ----a-w- C:\Windows\SysWow64\esintad.dll
2013-07-07 22:12:12 181248 ----a-w- C:\Windows\System32\esxuinad.dll
2013-07-07 22:12:12 167936 ----a-w- C:\Windows\System32\esxw2_ad.dll
2013-07-07 22:12:12 13824 ----a-w- C:\Windows\System32\esxcdev.dll
2013-07-07 22:12:12 132560 ----a-w- C:\Windows\System32\esdevapp.exe
2013-07-07 22:12:10 -------- d-----w- C:\Program Files (x86)\epson
2013-07-06 22:03:46 237744 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10209.bin
2013-07-06 21:33:14 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-06 21:33:11 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-06 21:32:44 -------- d-----r- C:\Program Files (x86)\Skype
2013-07-06 03:27:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-07-06 03:24:16 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2013-07-06 03:21:11 -------- d-----w- C:\Users\Rajinder\AppData\Roaming\Origin
2013-07-06 03:21:11 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-07-06 03:21:06 -------- d-----w- C:\Users\Rajinder\AppData\Local\Origin
2013-07-06 03:20:15 -------- d-----w- C:\ProgramData\Origin
2013-07-06 03:20:15 -------- d-----w- C:\ProgramData\Electronic Arts
2013-07-06 01:47:59 -------- d-----w- C:\Users\Rajinder\AppData\Local\Thunderbird
2013-07-06 01:47:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 01:46:05 -------- d-----w- C:\Users\Rajinder\AppData\Local\ATI
2013-07-06 01:46:05 -------- d-----w- C:\ProgramData\AMD
2013-07-06 01:46:04 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-06 01:46:04 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-07-06 01:45:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-07-06 01:45:25 -------- d-----w- C:\Program Files\ATI
2013-07-06 01:45:15 -------- d-----w- C:\Program Files\ATI Technologies
2013-07-06 01:44:45 -------- d-----w- C:\AMD
2013-07-06 01:31:14 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-07-06 01:31:14 -------- d-----r- C:\Users\Rajinder\SkyDrive
2013-07-06 01:31:09 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-07-06 01:25:18 564432 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-06 01:20:59 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-07-05 22:42:44 -------- d-----w- C:\Windows\Panther
2013-07-05 22:42:30 -------- d-sh--w- C:\Boot
2013-07-05 21:45:00 -------- d-sh--w- C:\Recovery
2013-07-05 21:43:34 0 ----a-w- C:\Windows\ativpsrm.bin
2013-07-05 19:45:04 2367528 ----a-w- C:\Windows\System32\WSService.dll
2013-07-05 19:45:01 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
2013-07-05 19:43:52 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-07-05 19:25:55 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-07-05 19:13:45 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-05 19:11:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-07-05 19:11:36 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-07-05 19:11:36 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-07-05 19:11:36 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-05 19:11:35 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-05 19:11:35 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-05 19:11:35 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-05 19:11:35 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-07-05 19:11:35 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-05 19:11:35 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-07-05 19:08:19 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-07-05 19:07:49 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-07-05 19:06:55 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-07-05 19:06:55 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-07-05 19:05:04 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-05 19:03:56 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2013-07-05 19:03:55 -------- d-----w- C:\Program Files\Microsoft LifeCam
2013-07-05 19:02:01 -------- d-----r- C:\Users\Rajinder\Searches
2013-07-05 19:02:01 -------- d-----r- C:\Users\Rajinder\Contacts
.
==================== Find3M  ====================
.
2013-07-06 03:24:03 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-06 03:23:58 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-06 03:23:58 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-02 00:40:40 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-06-02 00:40:40 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-06-01 17:36:12 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-06-01 17:36:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-04 06:59:21 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll
2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll
2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
.
============= FINISH: 23:10:08.62 ===============
 

 

Also here is the HiJack log, I haven't done anything, only ran the log

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:09:17 PM, on 7/9/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Rajinder\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5758 bytes

 

 

I also get IE crashing at random, not all the time when closing tabs, or closing it all together

The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14d4

Start Time: 01ce7d1cd06bf4be

Termination Time: 28

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 777d1f76-e910-11e2-be70-c8600098cc2d

Faulting package full name:

Faulting package-relative application ID:

 

 Its an application hang, event 1002

 

 

 

I've also ran memory tests, stress tests all seem fine

 

 

and I've attached the attach file....Attached File  attach.txt   3.91KB   1 downloads

 

Thank you very much

rajinder


Edited by npfd, 09 July 2013 - 10:56 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 14 July 2013 - 10:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500604 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 14 July 2013 - 10:55 PM

Hi there

 

I still need help

I do have the windows 8 download version, from the site

New DDS file

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Rajinder at 23:49:16 on 2013-07-14
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.32716.28870 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Games\Origin\Origin.exe
C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
StartupFolder: C:\Users\Rajinder\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4C041E0A-5700-4B75-A1E5-B558C6736E55} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-5 1900728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\Drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\Drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-23 16008]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\Drivers\LHidEqd.sys [2013-1-3 15752]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-22 21160]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-15 03:47:34 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{439C519D-8CD0-4E8A-A911-FFC9A5A8EFED}\mpengine.dll
2013-07-14 23:16:30 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-14 00:41:45 -------- d-----w- C:\Program Files (x86)\Common Files\Control Panels
2013-07-14 00:39:49 -------- d-----w- C:\ProgramData\ALM
2013-07-14 00:36:50 2463976 ----a-w- C:\Windows\SysWow64\NPSWF32.dll
2013-07-14 00:36:50 190696 ----a-w- C:\Windows\SysWow64\NPSWF32_FlashUtil.exe
2013-07-14 00:33:18 -------- d-----w- C:\Windows\SysWow64\spool
2013-07-14 00:33:09 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-07-14 00:30:43 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-07-12 04:04:17 -------- d-----w- C:\Program Files (x86)\NCWest
2013-07-12 03:04:55 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-07-11 04:51:48 -------- d-----w- C:\Users\Rajinder\AppData\Local\Ubisoft Game Launcher
2013-07-10 23:58:22 -------- d-----w- C:\Program Files\CPUID
2013-07-10 22:45:34 -------- d-----w- C:\Users\Rajinder\AppData\Local\Logitech
2013-07-10 22:45:23 -------- d-----w- C:\Windows\LastGood.Tmp
2013-07-10 22:45:17 -------- d-----w- C:\Program Files\Logitech Gaming Software
2013-07-10 22:43:54 53248 ----a-r- C:\Users\Rajinder\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-07-10 22:43:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-07-10 22:43:00 -------- d-----w- C:\Users\Rajinder\AppData\Roaming\Logishrd
2013-07-10 18:28:58 -------- d-----w- C:\Users\Rajinder\AppData\Roaming\foobar2000
2013-07-10 18:28:52 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-07-10 04:44:00 -------- d-----w- C:\Program Files (x86)\MonitorDriver
2013-07-10 01:57:19 -------- d-----w- C:\Windows\System32\MRT
2013-07-10 01:47:42 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-07-09 03:52:36 -------- d-----w- C:\ProgramData\EA Core
2013-07-09 03:52:35 -------- d-----w- C:\ProgramData\EA Logs
2013-07-09 02:01:43 -------- d-----w- C:\Users\Rajinder\AppData\Roaming\Malwarebytes
2013-07-09 02:01:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-09 02:01:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-09 02:01:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-09 02:01:13 -------- d-----w- C:\Users\Rajinder\AppData\Local\Programs
2013-07-07 22:12:12 65793 ----a-w- C:\Windows\System32\esfwad.bin
2013-07-07 22:12:12 204800 ----a-w- C:\Windows\SysWow64\esintad.dll
2013-07-07 22:12:12 181248 ----a-w- C:\Windows\System32\esxuinad.dll
2013-07-07 22:12:12 167936 ----a-w- C:\Windows\System32\esxw2_ad.dll
2013-07-07 22:12:12 13824 ----a-w- C:\Windows\System32\esxcdev.dll
2013-07-07 22:12:12 132560 ----a-w- C:\Windows\System32\esdevapp.exe
2013-07-07 22:12:10 -------- d-----w- C:\Program Files (x86)\epson
2013-07-06 22:03:46 237744 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10209.bin
2013-07-06 21:33:14 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-06 21:33:11 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-06 21:32:44 -------- d-----r- C:\Program Files (x86)\Skype
2013-07-06 03:27:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-07-06 03:24:16 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2013-07-06 03:21:11 -------- d-----w- C:\Users\Rajinder\AppData\Roaming\Origin
2013-07-06 03:21:11 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-07-06 03:21:06 -------- d-----w- C:\Users\Rajinder\AppData\Local\Origin
2013-07-06 03:20:15 -------- d-----w- C:\ProgramData\Origin
2013-07-06 03:20:15 -------- d-----w- C:\ProgramData\Electronic Arts
2013-07-06 01:47:59 -------- d-----w- C:\Users\Rajinder\AppData\Local\Thunderbird
2013-07-06 01:47:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 01:46:05 -------- d-----w- C:\Users\Rajinder\AppData\Local\ATI
2013-07-06 01:46:05 -------- d-----w- C:\ProgramData\AMD
2013-07-06 01:46:04 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-06 01:46:04 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-07-06 01:45:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-07-06 01:45:25 -------- d-----w- C:\Program Files\ATI
2013-07-06 01:45:15 -------- d-----w- C:\Program Files\ATI Technologies
2013-07-06 01:44:45 -------- d-----w- C:\AMD
2013-07-06 01:31:14 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-07-06 01:31:14 -------- d-----r- C:\Users\Rajinder\SkyDrive
2013-07-06 01:31:09 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-07-06 01:25:18 564432 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-06 01:20:59 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-07-05 22:42:44 -------- d-----w- C:\Windows\Panther
2013-07-05 22:42:30 -------- d-sh--w- C:\Boot
2013-07-05 21:45:00 -------- d-sh--w- C:\Recovery
2013-07-05 21:43:34 0 ----a-w- C:\Windows\ativpsrm.bin
2013-07-05 19:45:04 2367528 ----a-w- C:\Windows\System32\WSService.dll
2013-07-05 19:45:01 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
2013-07-05 19:43:52 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-07-05 19:25:55 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-07-05 19:13:45 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-05 19:11:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-07-05 19:11:36 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-07-05 19:11:36 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-07-05 19:11:36 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-05 19:11:35 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-05 19:11:35 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-05 19:11:35 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-05 19:11:35 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-07-05 19:11:35 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-05 19:11:35 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-07-05 19:08:19 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-07-05 19:07:49 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-07-05 19:06:55 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-07-05 19:06:55 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-07-05 19:05:04 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-05 19:03:56 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2013-07-05 19:03:55 -------- d-----w- C:\Program Files\Microsoft LifeCam
2013-07-05 19:02:01 -------- d-----r- C:\Users\Rajinder\Searches
2013-07-05 19:02:01 -------- d-----r- C:\Users\Rajinder\Contacts
.
==================== Find3M  ====================
.
2013-07-06 03:24:03 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-06 03:23:58 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-06 03:23:58 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-02 00:40:40 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-06-02 00:40:40 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-04 06:59:21 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll
2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll
2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
.
============= FINISH: 23:49:32.71 ===============

 

thank you

Rajinder
 



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 24 July 2013 - 07:54 AM

Hello, my name is Elise and I'll assist you with this issue.
 
Could you please post also the attach.txt log created by DDS?

We need to run a scan with Combofix:
  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    download.png
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. cf-icon.jpg
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    cf-preparing.jpg
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    recovery-console-prompt.jpg

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    cf-log.jpg
More information about downloading and using ComboFix can be found here if needed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 24 July 2013 - 06:31 PM

hi Elise,

 

Thank you very much for the reponse, I have ran the Combo fix, it did find something.... that it deleted (I have no idea when it comes to this) Here is the log:

 

 

ComboFix 13-07-24.03 - Rajinder 07/24/2013  19:11:57.1.4 - x64
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.32716.30818 [GMT -4:00]
Running from: c:\users\Rajinder\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rajinder\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8AC28B31-8300-40E3-99E9-D30FFD68E1BA}.xps
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 23:14 . 2013-07-24 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-24 17:29 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68676F76-4A6B-4B10-8F3D-E0DA459BC2C5}\mpengine.dll
2013-07-22 05:52 . 2013-07-22 05:52 -------- d-----w- c:\programdata\Codemasters
2013-07-21 22:51 . 2013-06-10 01:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll
2013-07-21 22:51 . 2013-07-21 22:51 -------- d-----w- c:\program files (x86)\Foxit Software
2013-07-19 15:52 . 2013-07-19 15:52 -------- d-----w- c:\programdata\ATI
2013-07-19 15:52 . 2013-07-19 15:52 -------- d-----w- c:\programdata\AMD
2013-07-19 15:52 . 2013-07-19 15:52 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-07-19 15:52 . 2013-07-19 15:52 -------- d-----w- c:\program files (x86)\AMD AVT
2013-07-19 15:51 . 2013-07-19 15:51 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-07-19 15:51 . 2013-07-19 15:51 -------- d-----w- c:\programdata\Package Cache
2013-07-19 15:50 . 2013-07-19 15:50 -------- d-----w- c:\program files\ATI
2013-07-19 15:49 . 2013-07-19 15:52 -------- d-----w- c:\program files\ATI Technologies
2013-07-19 15:48 . 2013-07-19 15:48 -------- d-----w- C:\AMD
2013-07-19 15:47 . 2013-07-19 15:52 -------- d-----w- c:\windows\LastGood
2013-07-18 04:12 . 2013-07-22 05:52 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2013-07-18 04:12 . 2013-07-22 05:52 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-07-18 04:12 . 2013-07-22 05:52 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2013-07-18 04:12 . 2013-07-22 05:52 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-07-18 04:12 . 2013-07-18 04:12 -------- d-----w- c:\program files (x86)\OpenAL
2013-07-17 18:32 . 2013-07-17 18:32 -------- d-----w- c:\windows\ehome
2013-07-17 18:32 . 2013-07-17 18:32 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2013-07-17 18:32 . 2013-07-17 18:32 -------- d-----r- c:\users\Public\Recorded TV
2013-07-17 15:31 . 2013-07-17 15:31 252080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-16 04:36 . 2013-07-16 04:36 -------- d-----w- c:\program files (x86)\Geeks3D
2013-07-16 04:17 . 2013-07-16 04:17 -------- d-----w- c:\programdata\FLEXnet
2013-07-16 04:15 . 2013-07-16 04:15 -------- d-----w- c:\program files (x86)\Reference Assemblies
2013-07-16 04:15 . 2013-07-16 04:15 -------- d-----w- c:\program files (x86)\MSBuild
2013-07-16 04:14 . 2013-07-16 04:14 -------- d-----w- c:\program files\Reference Assemblies
2013-07-16 04:14 . 2013-07-16 04:14 -------- d-----w- c:\program files\MSBuild
2013-07-16 04:13 . 2012-07-06 02:02 778856 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2013-07-16 04:13 . 2012-07-06 02:02 35400 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2013-07-16 04:13 . 2012-07-06 02:02 102528 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-16 04:13 . 2012-07-06 02:02 35400 ----a-w- c:\windows\system32\TsWpfWrp.exe
2013-07-16 04:13 . 2012-07-06 02:02 124040 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-16 04:13 . 2012-07-06 02:02 1166440 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2013-07-14 00:41 . 2013-07-14 00:41 -------- d-----w- c:\program files (x86)\Common Files\Control Panels
2013-07-14 00:39 . 2013-07-14 00:39 -------- d-----w- c:\programdata\ALM
2013-07-14 00:36 . 2007-02-20 20:04 190696 ----a-w- c:\windows\SysWow64\NPSWF32_FlashUtil.exe
2013-07-14 00:36 . 2007-02-20 20:04 2463976 ----a-w- c:\windows\SysWow64\NPSWF32.dll
2013-07-14 00:33 . 2013-07-14 00:33 -------- d-----w- c:\windows\SysWow64\spool
2013-07-14 00:33 . 2013-07-14 00:33 -------- d-----w- c:\program files (x86)\Bonjour
2013-07-14 00:30 . 2013-07-14 00:30 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-07-14 00:22 . 2013-07-14 00:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-13 01:45 . 2013-07-13 01:45 -------- d-----r- C:\MSOCache
2013-07-12 04:04 . 2013-07-16 04:22 -------- d-----w- c:\program files (x86)\NCWest
2013-07-12 03:04 . 2013-07-12 03:10 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-07-11 20:15 . 2013-07-11 20:15 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-11 20:15 . 2013-07-11 20:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-10 23:58 . 2013-07-10 23:58 -------- d-----w- c:\program files\CPUID
2013-07-10 22:45 . 2013-07-10 22:45 -------- d-----w- c:\program files\Logitech Gaming Software
2013-07-10 22:43 . 2013-07-10 22:43 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2013-07-10 22:43 . 2013-07-10 22:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-07-10 22:43 . 2013-07-10 22:43 -------- d-----w- c:\programdata\Logitech
2013-07-10 22:43 . 2013-07-10 22:44 -------- d-----w- c:\programdata\Logishrd
2013-07-10 22:43 . 2013-07-10 22:43 -------- d-----w- c:\program files\Logitech
2013-07-10 22:43 . 2013-07-10 22:43 -------- d-----w- c:\program files\Common Files\LogiShrd
2013-07-10 18:28 . 2013-07-10 18:28 -------- d-----w- c:\program files (x86)\foobar2000
2013-07-10 04:44 . 2013-07-16 04:22 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-07-10 04:44 . 2013-07-10 04:44 -------- d-----w- c:\program files (x86)\MonitorDriver
2013-07-10 01:57 . 2013-07-10 01:57 -------- d-----w- c:\windows\system32\MRT
2013-07-10 01:47 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-07-09 03:52 . 2013-07-09 03:52 -------- d-----w- c:\programdata\EA Core
2013-07-09 03:52 . 2013-07-11 18:19 -------- d-----w- c:\programdata\EA Logs
2013-07-09 02:01 . 2013-07-09 02:01 -------- d-----w- c:\programdata\Malwarebytes
2013-07-09 02:01 . 2013-07-09 02:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-09 02:01 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-07 22:12 . 2010-01-19 17:12 167936 ----a-w- c:\windows\system32\esxw2_ad.dll
2013-07-07 22:12 . 2009-12-21 04:00 65793 ----a-w- c:\windows\system32\esfwad.bin
2013-07-07 22:12 . 2009-12-07 04:00 204800 ----a-w- c:\windows\SysWow64\esintad.dll
2013-07-07 22:12 . 2009-12-07 04:00 181248 ----a-w- c:\windows\system32\esxuinad.dll
2013-07-07 22:12 . 2009-10-16 04:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2013-07-07 22:12 . 2009-10-16 04:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2013-07-07 22:12 . 2013-07-07 22:12 -------- d-----w- c:\program files (x86)\epson
2013-07-06 21:33 . 2013-07-06 21:33 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-06 21:33 . 2013-07-06 21:33 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-06 21:32 . 2013-07-06 21:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-07-06 21:32 . 2013-07-06 21:32 -------- d-----r- c:\program files (x86)\Skype
2013-07-06 21:32 . 2013-07-06 21:32 -------- d-----w- c:\programdata\Skype
2013-07-06 03:27 . 2013-07-06 03:27 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-07-06 03:24 . 2013-07-06 03:29 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-07-06 03:21 . 2013-07-06 03:21 -------- d-----w- c:\program files (x86)\Origin Games
2013-07-06 03:20 . 2013-07-09 03:52 -------- d-----w- c:\programdata\Electronic Arts
2013-07-06 03:20 . 2013-07-06 03:22 -------- d-----w- c:\programdata\Origin
2013-07-06 01:47 . 2013-07-06 01:47 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-06 01:47 . 2013-07-06 01:47 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-07-06 01:31 . 2013-07-06 01:31 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-07-06 01:31 . 2013-07-06 01:31 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-07-06 01:25 . 2013-07-10 02:11 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-06 01:20 . 2013-07-10 02:13 -------- d-----w- c:\program files\Microsoft Office 15
2013-07-05 22:42 . 2013-07-05 21:44 -------- d-----w- c:\windows\Panther
2013-07-05 22:42 . 2013-07-05 19:50 -------- d-----w- C:\Boot
2013-07-05 21:45 . 2013-07-05 21:45 -------- d-----w- C:\Recovery
2013-07-05 21:43 . 2013-07-05 21:43 0 ----a-w- c:\windows\ativpsrm.bin
2013-07-05 19:45 . 2012-09-20 09:10 2367528 ----a-w- c:\windows\system32\WSService.dll
2013-07-05 19:45 . 2012-09-20 07:55 3265256 ----a-w- c:\windows\system32\drivers\evbda.sys
2013-07-05 19:43 . 2012-10-11 05:45 3236864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-07-05 19:25 . 2013-05-02 06:06 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-05 19:13 . 2013-04-16 02:34 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-05 19:11 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 19:11 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-07-05 19:11 . 2012-10-06 04:53 2893824 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-05 19:11 . 2012-10-06 04:15 2400256 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-05 19:11 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-05 19:11 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-05 19:11 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-05 19:11 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-07-05 19:11 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-05 19:11 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-05 19:09 . 2013-03-06 06:31 19758592 ----a-w- c:\windows\system32\shell32.dll
2013-07-05 19:08 . 2013-04-09 04:51 14267904 ----a-w- c:\windows\system32\wmp.dll
2013-07-05 19:07 . 2013-04-28 22:28 915968 ----a-w- c:\windows\system32\uxtheme.dll
2013-07-05 19:06 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-07-05 19:06 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-05 19:05 . 2013-07-05 19:05 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-07-05 19:03 . 2013-07-08 02:34 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2013-07-05 19:03 . 2013-07-08 02:34 -------- d-----w- c:\program files\Microsoft LifeCam
2013-07-05 19:02 . 2013-07-05 19:02 -------- d--h--r- c:\users\Public\AccountPictures
2013-07-05 19:01 . 2013-07-05 19:02 -------- d-----w- c:\programdata\PRICache
2013-07-05 19:01 . 2013-07-12 03:04 -------- d-----w- c:\users\Rajinder
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-05 19:01 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-04 23:12 . 2013-06-04 23:12 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-06-04 23:12 . 2013-06-04 23:12 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-06-04 23:12 . 2013-06-04 23:12 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-06-04 23:12 . 2013-06-04 23:12 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-06-04 23:12 . 2013-06-04 23:12 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-06-04 23:12 . 2013-06-04 23:12 123216 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-06-04 23:12 . 2013-06-04 23:12 97448 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-06-04 23:12 . 2013-06-04 23:12 113464 ----a-w- c:\windows\system32\atiu9p64.dll
2013-06-04 23:11 . 2012-07-25 20:22 1182056 ----a-w- c:\windows\system32\aticfx64.dll
2013-06-04 23:11 . 2013-06-04 23:11 990976 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-06-04 23:11 . 2012-07-25 20:22 8431232 ----a-w- c:\windows\system32\atidxx64.dll
2013-06-04 23:11 . 2013-06-04 23:11 7378560 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-06-04 23:11 . 2013-06-04 23:11 4415256 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-06-04 23:11 . 2013-06-04 23:11 5963328 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-06-04 23:11 . 2013-06-04 23:11 4957536 ----a-w- c:\windows\system32\atiumd6a.dll
2013-06-04 23:11 . 2013-06-04 23:11 6984088 ----a-w- c:\windows\system32\atiumd64.dll
2013-06-04 23:09 . 2013-06-04 23:09 11833856 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-06-04 22:51 . 2013-06-04 22:51 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-06-04 22:51 . 2013-06-04 22:51 98304 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-06-04 22:50 . 2013-06-04 22:50 82944 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-06-04 22:50 . 2013-06-04 22:50 86016 ----a-w- c:\windows\system32\OVDecode64.dll
2013-06-04 22:50 . 2013-06-04 22:50 72704 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-06-04 22:50 . 2013-06-04 22:50 27800576 ----a-w- c:\windows\system32\amdocl64.dll
2013-06-04 22:48 . 2013-06-04 22:48 23421440 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-06-04 22:46 . 2013-06-04 22:46 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-04 22:46 . 2013-06-04 22:46 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-04 22:33 . 2013-06-04 22:33 24250880 ----a-w- c:\windows\system32\atio6axx.dll
2013-06-04 22:27 . 2013-06-04 22:27 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-06-04 22:25 . 2013-06-04 22:25 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-06-04 22:25 . 2013-06-04 22:25 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-06-04 22:25 . 2013-06-04 22:25 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-06-04 22:25 . 2013-06-04 22:25 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-06-04 22:25 . 2013-06-04 22:25 118784 ----a-w- c:\windows\system32\coinst_13.101.dll
2013-06-04 22:24 . 2013-06-04 22:24 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-06-04 22:20 . 2013-06-04 22:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-06-04 22:13 . 2013-06-04 22:13 19906560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-06-04 22:03 . 2013-06-04 22:03 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-06-04 22:03 . 2013-06-04 22:03 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-06-04 22:03 . 2013-06-04 22:03 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-06-04 22:02 . 2013-06-04 22:02 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-06-04 22:00 . 2013-06-04 22:00 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-06-04 22:00 . 2013-06-04 22:00 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-06-04 22:00 . 2013-06-04 22:00 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-06-04 21:36 . 2013-06-04 21:36 95232 ----a-w- c:\windows\system32\amdave64.dll
2013-06-04 21:35 . 2013-06-04 21:35 89600 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-06-04 21:35 . 2013-06-04 21:35 594944 ----a-w- c:\windows\system32\atiadlxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 419840 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-06-04 21:35 . 2013-06-04 21:35 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-06-04 21:35 . 2013-06-04 21:35 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-06-04 21:35 . 2013-06-04 21:35 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 15872 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 15872 ----a-w- c:\windows\system32\atiglpxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 41984 ----a-w- c:\windows\system32\atig6txx.dll
2013-06-04 21:35 . 2013-06-04 21:35 36352 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 608768 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-06-04 21:31 . 2013-06-04 21:31 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-02 00:40 . 2013-06-02 00:40 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-06-02 00:40 . 2013-06-02 00:40 608080 ----a-w- c:\windows\system32\msvcp100.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-06 01:31 222712 ----a-w- c:\users\Rajinder\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-06 01:31 222712 ----a-w- c:\users\Rajinder\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-06 01:31 222712 ----a-w- c:\users\Rajinder\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2013-07-16 528360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
.
c:\users\Rajinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 cpuz136;cpuz136;c:\users\Rajinder\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Rajinder\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-06 01:31 261624 ----a-w- c:\users\Rajinder\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-06 01:31 261624 ----a-w- c:\users\Rajinder\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-06 01:31 261624 ----a-w- c:\users\Rajinder\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-10 02:12 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-10 02:12 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-10 02:12 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-LifeCam - c:\program files (x86)\Microsoft LifeCam\LifeExp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-24  19:16:08
ComboFix-quarantined-files.txt  2013-07-24 23:16
.
Pre-Run: 197,451,268,096 bytes free
Post-Run: 197,455,552,512 bytes free
.
- - End Of File - - D7E7D6A71094A613FA25F1B430F923DC
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

Here is the attach file:

Attached File  attach.txt   5.44KB   1 downloads

 

Thank you very much,

raj

 



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 25 July 2013 - 05:43 AM

7/9/2013 12:30:04 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.

Do you know if recently any such changes were made (did you change anything in BIOS around 9 July)?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 25 July 2013 - 10:36 AM

hi Elise,

 

thank you again.... from what I remember was a format that I did recently.... I did enable a hotplug for the sata, but that was much after.

Thing is I had to format like 10 times in the last few months....... and on this last time I didn't install the Intel Chipset drivers...
I just reset the bios settings, via the menu, and put some revelant to the system configuration....
You probably know this already, but I just realized that that error could be related to the computer not going to sleep, e.g. its set for three hours, and looks like about the time, when I checked the windows event log in control panel.

 

as for deleting the xps file what does that mean?

 

Thank you

rajinder
 



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 25 July 2013 - 11:23 AM

That file sometimes is associated with malware, but not actually malicious. 

Did you do any hard disk tests over the past few months?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 25 July 2013 - 11:28 AM

hi Elise... hard disks, as in testing for reliability? or malware virus?

 

I've ran quite a few windows defender scans, MRT scans, malware bytes, those kind?
I've also ran the basic western digital reliability test...

 

thank you



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 25 July 2013 - 11:41 AM

No, I mean a disk check to test the surface and data integrity. :)

 

Please press windows key + E and in the left panel click Computer. Locate your Windows disk and right click it. Select Properties and click the Tools tab. Under error checking click the Check button and check all options. You'll be asked to restart the computer. Please do this and let the check run unhindered.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 25 July 2013 - 11:51 AM

oh got it, yes, I have ran that many times too I will do another one now.....  the last few ones haven't asked me to restart yet...

 

will keep you posted



#12 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 25 July 2013 - 12:07 PM

update: I just ran scans on all the hard drives and so far looks good! thank you... :) so what else should I do to try to find out what this issue is?
I've emailed the motherboard company, graphic card, amd, and posted on a windows forum....  



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 25 July 2013 - 02:42 PM

To me it sounds like this is a hardware problem, but just to be sure lets do one last scan.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 npfd

npfd
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal
  • Local time:01:43 PM

Posted 25 July 2013 - 05:54 PM

hi Elise, so here are the results,,, I haven't installed these apps from that drive lately.. I have downloaded a newer version of hwmonitor and foxit reader

 

E:\dl recent progs\FoxitReader543.0920_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
E:\dl recent progs\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
E:\june backup\Drivers\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
 

 

 

thank you

rajinder



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:43 PM

Posted 26 July 2013 - 01:26 AM

Those are fine, ESET detects them because they offer Ask toolbar during installation.

As far as malware is concerned your computer is clean. As you mentioned you posted regarding this issue on a Windows forum as well, it would be best to stick to that.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.

      run-box.jpg
    • This will remove Combofix and other tools we used from your computer.
  • You can delete any other tool or log by simply deleting them.
Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
    Some more links you might find of interest:Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users