Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC freezes at start, high temps, not able to change Windows Firewall settings


  • This topic is locked This topic is locked
10 replies to this topic

#1 Darko1

Darko1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 03 August 2013 - 03:37 AM

Hi,
my PC is acting wired lately.
I googled for solutions and came on this site, seems like you have a good support team and I hope someone will help me out with this.
 
Issues that I noticed on my PC:
- slow start and sometimes it freezes on start (have to reboot it in order to get it work)
- File mdsdrv.sys is missing (c:\windows\system32\drivers\), this is 
Windows Firewall authorization driver and I am not able to disallow programs to communicate trough Firewall (change settings option is greyed)
- high processor temperature (sometimes over 100°C in full load)
 
So far I tried:
- cleaned interior of my PC from dust
- removed old and applyed new termal paste between CPU nad heat sink
- checked for errors by running sfc /scannow command in cmd (no errors were detected)
- reset firewall and set permissions following this guide:
- also I tried to install Combofix but installation stucked with this as last line:
"Output folder: C:\32788R22FWJFW"
After an hour I stopped the installation from task manager
- there is no errors in device manager
 
Here is my system and configuration:
 
Microsoft Windows 7 Ultimate
Service Pack 1
Antivirus: Kaspersky 2013
CPU Type: DualCore AMD Athlon 64 X2, 2700 MHz (13.5 x 200) 5200+
Motherboard: Gigabyte GA-MA78G-DS3H v1.0  (2 PCI, 3 PCI-E x1, 2 PCI-E x16, 4 DDR2 DIMM, Audio, Video, Gigabit LAN, IEEE-1394)
Motherboard Chipset: AMD 780G, AMD Hammer
System Memory: 4096 MB  (DDR2-800 DDR2 SDRAM)
Video Adapter: ATI Radeon HD 2600 XT  (256 MB)
 
Following your guide I enabled Firewall and run DDS.
 
Here is DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Darko at 10:29:26 on 2013-08-03
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.4094.2313 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [uTorrent] "C:\Users\Darko\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Darko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: Interfaces\{729C646C-D9C6-4F43-B919-5DCE8B794D1A} : NameServer = 85.114.32.7,85.114.32.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-3-27 30000]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-5-12 54064]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-5-24 172888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-5-31 218880]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-7-26 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-5-25 27992]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-14 726160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-12 139592]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-12 418632]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2013-3-14 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2013-3-14 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2013-3-14 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2013-3-14 539176]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-3-14 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-3-14 42192]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-12 366216]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-12 786056]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-27 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-27 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-17 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-17 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-17 1255736]
.
=============== Created Last 30 ================
.
2013-08-03 07:40:47 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1B8CD53-640F-4FC5-B57E-43FF956A7FCF}\offreg.dll
2013-08-02 21:54:01 -------- d-----w- C:\Program Files (x86)\dumps
2013-08-02 21:53:35 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-08-02 21:53:33 -------- d-----w- C:\Program Files (x86)\Steam
2013-08-02 20:56:59 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
2013-08-02 20:40:34 -------- d-----w- C:\Program Files (x86)\Call of Duty Black Ops 2
2013-08-02 20:26:18 -------- d-----w- C:\Windows\SysWow64\directx
2013-08-02 20:26:12 -------- d-----w- C:\Games
2013-08-02 19:56:23 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2013-08-02 19:56:23 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2013-08-02 19:56:22 -------- d-----w- C:\Program Files (x86)\MagicDisc
2013-08-02 08:17:48 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2013-08-02 05:52:44 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1B8CD53-640F-4FC5-B57E-43FF956A7FCF}\mpengine.dll
2013-07-30 15:37:34 -------- d-----w- C:\ProgramData\EPSON
2013-07-30 15:36:15 83968 ----a-w- C:\Windows\System32\esxcwiad.dll
2013-07-30 15:36:14 -------- d-----w- C:\Program Files (x86)\epson
2013-07-28 15:58:23 -------- d-----w- C:\Program Files\AutoHotkey
2013-07-28 11:09:30 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2013-07-28 11:09:30 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-07-28 11:05:33 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-28 11:05:33 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-28 11:05:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-26 11:32:13 -------- d-----w- C:\Users\Darko\AppData\Local\AMD
2013-07-26 11:31:58 -------- d-----w- C:\Users\Darko\AppData\Local\ATI
2013-07-26 11:31:51 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-07-26 11:31:49 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-07-26 11:31:40 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-26 11:31:40 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-26 11:30:43 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2013-07-26 11:30:42 -------- d-----w- C:\ProgramData\AMD
2013-07-26 11:27:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-07-26 11:26:54 -------- d-----w- C:\Program Files\ATI Technologies
2013-07-26 11:26:50 -------- d-----w- C:\Program Files\ATI
2013-07-25 20:15:43 -------- d-----w- C:\Program Files (x86)\Haali
2013-07-25 20:11:42 -------- d-----w- C:\Program Files (x86)\DirectVobSub
2013-07-25 19:59:08 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-07-25 19:59:08 -------- d-----w- C:\Program Files (x86)\ffdshow
2013-07-21 16:05:54 -------- d-----w- C:\Users\Darko\AppData\Local\PokerStars
2013-07-21 16:05:46 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-07-21 15:59:26 -------- d-----w- C:\Users\Darko\AppData\Roaming\HoldemManager
2013-07-21 15:58:02 -------- d-----w- C:\Users\Darko\AppData\Local\In The Money
2013-07-21 15:57:22 -------- d-----w- C:\ProgramData\XHEO INC
2013-07-21 15:56:22 -------- d-----w- C:\Users\Darko\AppData\Local\IsolatedStorage
2013-07-21 15:56:20 -------- d-----w- C:\Users\Darko\AppData\Roaming\HEM Data
2013-07-21 15:52:40 -------- d-----w- C:\Program Files (x86)\PostgreSQL
2013-07-21 15:51:15 -------- d-----w- C:\Program Files (x86)\RVG Software
2013-07-21 15:50:32 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2013-07-20 12:23:17 -------- d-----w- C:\Program Files (x86)\MPC-HC
2013-07-20 12:23:02 -------- d-----w- C:\Users\Darko\AppData\Local\Programs
2013-07-20 11:54:09 -------- d-----w- C:\Program Files (x86)\URUSoft
2013-07-20 11:42:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-07-20 11:41:18 -------- d-----w- C:\Windows\PCHEALTH
2013-07-20 11:41:18 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-20 11:39:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-20 11:38:29 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-07-20 11:38:05 -------- d-----w- C:\Users\Darko\AppData\Local\Microsoft Help
2013-07-20 10:57:43 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-07-20 10:54:31 -------- d-----w- C:\Windows\System32\MRT
2013-07-20 10:03:38 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-07-20 09:31:36 -------- d-----r- C:\Users\Darko\Dropbox
2013-07-20 09:28:46 -------- d-----w- C:\Users\Darko\AppData\Roaming\Dropbox
2013-07-20 09:25:04 -------- d-----w- C:\ProgramData\APN
2013-07-20 09:18:49 -------- d-----w- C:\Program Files (x86)\FinalWire
2013-07-20 09:11:35 -------- d-----w- C:\Program Files (x86)\BeerSmith2
2013-07-20 08:23:49 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-07-20 08:23:49 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-07-20 08:23:43 85336 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-07-20 06:46:25 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-20 06:46:25 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-20 06:46:24 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-20 06:46:24 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-20 06:46:24 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-20 06:46:24 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-20 06:46:24 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-20 06:46:22 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-20 06:46:22 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-20 06:46:19 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-20 06:46:18 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:46:00 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-20 06:45:57 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 06:45:57 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-20 06:45:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-20 06:45:57 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-20 06:45:57 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 06:45:39 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-20 06:45:39 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-20 04:40:06 -------- d-----w- C:\Windows\Panther
2013-07-20 04:32:43 -------- d-----w- C:\Windows.old
2013-07-20 03:43:38 0 ----a-w- C:\Windows\ativpsrm.bin
2013-07-19 21:05:01 -------- d-----w- C:\Users\Darko\AppData\Local\CRE
2013-07-19 21:03:41 -------- d-----w- C:\Users\Darko\AppData\Roaming\uTorrent
2013-07-19 20:46:04 -------- d-----w- C:\Users\Darko\AppData\Local\ElevatedDiagnostics
2013-07-19 20:30:40 -------- d-----w- C:\Users\Darko\AppData\Local\Adobe
2013-07-19 20:08:37 -------- d-----w- C:\Program Files (x86)\Western Digital
2013-07-19 20:05:00 -------- d-sh--w- C:\Windows\Installer
2013-07-19 20:03:02 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-19 20:00:12 -------- d-----w- C:\Users\Darko\AppData\Local\Google
2013-07-19 20:00:02 -------- d-----w- C:\Users\Darko\AppData\Local\Apps
2013-07-19 20:00:01 -------- d-----w- C:\Users\Darko\AppData\Local\Deployment
2013-07-19 19:41:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-07-19 19:41:22 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-07-19 19:41:11 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-07-19 19:41:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-07-19 19:40:31 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-19 19:40:28 9460464 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-07-19 19:40:14 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-07-19 19:40:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M  ====================
.
2013-06-17 03:21:10 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-06-17 03:21:10 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-06-17 03:21:10 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-06-17 03:21:10 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-06-17 03:21:10 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-06-17 03:21:09 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-06-17 03:21:09 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-06-17 03:21:09 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-06-17 03:21:09 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-06-17 03:21:09 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-06-17 03:19:57 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-06-17 03:19:57 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-17 03:19:23 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-06-17 03:18:50 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-17 03:18:50 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-17 03:17:12 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-17 03:17:12 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-17 03:16:41 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-17 03:16:41 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-17 03:16:09 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-17 03:16:09 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-17 03:16:09 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-17 03:15:02 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-06-17 03:15:02 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-06-17 03:15:02 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-06-17 03:15:02 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-06-17 03:15:02 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-06-17 03:15:02 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-06-17 03:13:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-17 03:13:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-17 03:13:25 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-17 03:13:25 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-17 03:13:24 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-17 03:13:24 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-17 03:13:24 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-17 03:13:24 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-17 03:13:24 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-17 03:13:24 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-17 03:13:24 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-17 03:13:24 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-17 03:11:53 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-17 03:11:53 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-17 03:11:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-06-17 03:11:53 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-17 03:11:53 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-06-17 03:11:53 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-17 03:11:16 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-17 03:11:16 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-17 03:10:35 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-06-17 03:09:34 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-06-17 03:08:40 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-06-17 03:08:40 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-06-17 03:08:40 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-06-17 03:08:40 111448 ----a-w- C:\Windows\System32\consent.exe
2013-06-17 03:07:57 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2013-06-17 03:07:22 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-06-17 03:07:22 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-06-17 03:07:22 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-06-17 03:07:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-06-17 03:07:22 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-06-17 03:07:22 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-06-17 03:07:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-06-17 03:06:10 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-06-17 03:06:10 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-06-17 03:05:39 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-17 03:05:08 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-06-17 03:05:08 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-06-17 03:04:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-06-17 03:04:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-06-17 03:02:50 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-06-17 03:02:50 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-06-17 03:02:19 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-17 03:02:19 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-17 03:02:19 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-17 03:02:19 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-17 03:01:12 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-06-17 03:01:12 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-06-17 03:01:12 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-06-17 03:01:12 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-06-17 03:01:12 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-06-17 03:01:12 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-06-17 02:58:44 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-06-17 02:58:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-06-17 02:58:15 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-06-17 02:58:15 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-06-17 02:56:29 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-06-17 02:56:29 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-06-17 02:55:32 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-06-17 02:52:18 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-17 02:52:18 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-06-17 02:51:21 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-06-17 02:50:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-06-17 02:50:53 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-06-17 02:50:25 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-06-17 02:49:56 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-06-17 02:49:56 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-06-17 02:49:56 136704 ----a-w- C:\Windows\System32\browser.dll
2013-06-17 02:49:27 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-06-17 02:49:27 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-06-17 02:48:56 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 10:30:16,75 ===============
 

 

 

Attach.txt is in attach.

 

Thanks in advance.

Darko

Attached Files


Edited by Darko1, 03 August 2013 - 03:40 AM.


BC AdBot (Login to Remove)

 


#2 Darko1

Darko1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 05 August 2013 - 02:32 AM

Anyone?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 08 August 2013 - 03:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/503170 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Darko1

Darko1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2013 - 11:27 AM

Computer still sometimes freeze at start and I can't change FW settings (option Change settings in "Allow programs to communicate trough WF is grayed out). 
I assume overheating is not due to virus attack but you'll know it better.
 
My system is Windows 7 Ultimate, SP1, 64 bit.
I don't have original Windows DVD.
 
Thanks for help.
 
New DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Darko at 18:34:44 on 2013-08-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.4094.2542 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: Interfaces\{729C646C-D9C6-4F43-B919-5DCE8B794D1A} : NameServer = 85.114.32.7,85.114.32.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-3-27 30000]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-5-12 54064]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-5-24 172888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2013-5-24 58088]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-5-31 218880]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-7-26 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-5-25 27992]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2013-5-24 137256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-12 139592]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-12 418632]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2013-3-14 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2013-3-14 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2013-3-14 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2013-3-14 539176]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-3-14 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-3-14 42192]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-12 366216]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-12 786056]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-27 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-27 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-17 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-14 726160]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-17 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-17 1255736]
.
=============== Created Last 30 ================
.
2013-08-07 05:32:25 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E03797A1-5440-4D42-9B6F-53007DB92DD1}\mpengine.dll
2013-08-05 15:41:58 -------- d-----w- C:\Program Files (x86)\AMD
2013-08-05 15:41:22 -------- d-----w- C:\Users\Darko\AppData\Local\Downloaded Installations
2013-08-04 16:54:38 -------- d-----w- C:\Program Files\Core Temp
2013-08-03 21:11:23 -------- d-----w- C:\Users\Darko\AppData\Roaming\Wargaming.net
2013-08-03 12:29:24 -------- d-----w- C:\Windows\pss
2013-08-02 21:54:01 -------- d-----w- C:\Program Files (x86)\dumps
2013-08-02 21:53:35 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-08-02 21:53:33 -------- d-----w- C:\Program Files (x86)\Steam
2013-08-02 20:56:59 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
2013-08-02 20:40:34 -------- d-----w- C:\Program Files (x86)\Call of Duty Black Ops 2
2013-08-02 20:26:18 -------- d-----w- C:\Windows\SysWow64\directx
2013-08-02 20:26:12 -------- d-----w- C:\Games
2013-08-02 19:56:23 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2013-08-02 19:56:23 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2013-08-02 19:56:22 -------- d-----w- C:\Program Files (x86)\MagicDisc
2013-08-02 08:17:48 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2013-07-30 15:37:34 -------- d-----w- C:\ProgramData\EPSON
2013-07-30 15:36:15 83968 ----a-w- C:\Windows\System32\esxcwiad.dll
2013-07-30 15:36:14 -------- d-----w- C:\Program Files (x86)\epson
2013-07-28 15:58:23 -------- d-----w- C:\Program Files\AutoHotkey
2013-07-28 11:09:30 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2013-07-28 11:09:30 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-07-28 11:05:33 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-28 11:05:33 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-28 11:05:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-26 11:32:13 -------- d-----w- C:\Users\Darko\AppData\Local\AMD
2013-07-26 11:31:58 -------- d-----w- C:\Users\Darko\AppData\Local\ATI
2013-07-26 11:31:51 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-07-26 11:31:49 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-07-26 11:31:40 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-26 11:31:40 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-26 11:30:43 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2013-07-26 11:30:42 -------- d-----w- C:\ProgramData\AMD
2013-07-26 11:27:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-07-26 11:26:54 -------- d-----w- C:\Program Files\ATI Technologies
2013-07-26 11:26:50 -------- d-----w- C:\Program Files\ATI
2013-07-25 20:15:43 -------- d-----w- C:\Program Files (x86)\Haali
2013-07-25 20:11:42 -------- d-----w- C:\Program Files (x86)\DirectVobSub
2013-07-25 19:59:08 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-07-25 19:59:08 -------- d-----w- C:\Program Files (x86)\ffdshow
2013-07-21 16:05:54 -------- d-----w- C:\Users\Darko\AppData\Local\PokerStars
2013-07-21 16:05:46 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-07-21 15:59:26 -------- d-----w- C:\Users\Darko\AppData\Roaming\HoldemManager
2013-07-21 15:58:02 -------- d-----w- C:\Users\Darko\AppData\Local\In The Money
2013-07-21 15:57:22 -------- d-----w- C:\ProgramData\XHEO INC
2013-07-21 15:56:22 -------- d-----w- C:\Users\Darko\AppData\Local\IsolatedStorage
2013-07-21 15:56:20 -------- d-----w- C:\Users\Darko\AppData\Roaming\HEM Data
2013-07-21 15:52:40 -------- d-----w- C:\Program Files (x86)\PostgreSQL
2013-07-21 15:51:15 -------- d-----w- C:\Program Files (x86)\RVG Software
2013-07-21 15:50:32 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2013-07-20 12:23:17 -------- d-----w- C:\Program Files (x86)\MPC-HC
2013-07-20 12:23:02 -------- d-----w- C:\Users\Darko\AppData\Local\Programs
2013-07-20 11:54:09 -------- d-----w- C:\Program Files (x86)\URUSoft
2013-07-20 11:42:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-07-20 11:41:18 -------- d-----w- C:\Windows\PCHEALTH
2013-07-20 11:41:18 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-20 11:39:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-20 11:38:29 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-07-20 11:38:05 -------- d-----w- C:\Users\Darko\AppData\Local\Microsoft Help
2013-07-20 10:57:43 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-07-20 10:54:31 -------- d-----w- C:\Windows\System32\MRT
2013-07-20 10:03:38 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-07-20 09:31:36 -------- d-----r- C:\Users\Darko\Dropbox
2013-07-20 09:28:46 -------- d-----w- C:\Users\Darko\AppData\Roaming\Dropbox
2013-07-20 09:25:04 -------- d-----w- C:\ProgramData\APN
2013-07-20 09:18:49 -------- d-----w- C:\Program Files (x86)\FinalWire
2013-07-20 09:11:35 -------- d-----w- C:\Program Files (x86)\BeerSmith2
2013-07-20 08:23:49 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-07-20 08:23:49 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-07-20 08:23:43 85336 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-07-20 06:46:25 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-20 06:46:25 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-20 06:46:24 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-20 06:46:24 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-20 06:46:24 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-20 06:46:24 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-20 06:46:24 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-20 06:46:22 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-20 06:46:22 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-20 06:46:19 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-20 06:46:18 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:46:00 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-20 06:45:57 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 06:45:57 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-20 06:45:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-20 06:45:57 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-20 06:45:57 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 06:45:39 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-20 06:45:39 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-20 04:40:06 -------- d-----w- C:\Windows\Panther
2013-07-20 04:32:43 -------- d-----w- C:\Windows.old
2013-07-20 03:43:38 0 ----a-w- C:\Windows\ativpsrm.bin
2013-07-19 21:05:01 -------- d-----w- C:\Users\Darko\AppData\Local\CRE
2013-07-19 21:03:41 -------- d-----w- C:\Users\Darko\AppData\Roaming\uTorrent
2013-07-19 20:46:04 -------- d-----w- C:\Users\Darko\AppData\Local\ElevatedDiagnostics
2013-07-19 20:30:40 -------- d-----w- C:\Users\Darko\AppData\Local\Adobe
2013-07-19 20:08:37 -------- d-----w- C:\Program Files (x86)\Western Digital
2013-07-19 20:05:00 -------- d-sh--w- C:\Windows\Installer
2013-07-19 20:03:02 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-19 20:00:12 -------- d-----w- C:\Users\Darko\AppData\Local\Google
2013-07-19 20:00:02 -------- d-----w- C:\Users\Darko\AppData\Local\Apps
2013-07-19 20:00:01 -------- d-----w- C:\Users\Darko\AppData\Local\Deployment
2013-07-19 19:41:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-07-19 19:41:22 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-07-19 19:41:11 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-07-19 19:41:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-07-19 19:40:31 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-19 19:40:28 9460464 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-07-19 19:40:14 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-07-19 19:40:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M  ====================
.
2013-06-17 03:21:10 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-06-17 03:21:10 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-06-17 03:21:10 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-06-17 03:21:10 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-06-17 03:21:10 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-06-17 03:21:09 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-06-17 03:21:09 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-06-17 03:21:09 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-06-17 03:21:09 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-06-17 03:21:09 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-06-17 03:19:57 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-06-17 03:19:57 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-17 03:19:23 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-06-17 03:18:50 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-17 03:18:50 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-17 03:17:12 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-17 03:17:12 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-17 03:16:41 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-17 03:16:41 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-17 03:16:09 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-17 03:16:09 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-17 03:16:09 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-17 03:15:02 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-06-17 03:15:02 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-06-17 03:15:02 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-06-17 03:15:02 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-06-17 03:15:02 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-06-17 03:15:02 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-06-17 03:13:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-17 03:13:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-17 03:13:25 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-17 03:13:25 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-17 03:13:24 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-17 03:13:24 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-17 03:13:24 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-17 03:13:24 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-17 03:13:24 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-17 03:13:24 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-17 03:13:24 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-17 03:13:24 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-17 03:11:53 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-17 03:11:53 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-17 03:11:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-06-17 03:11:53 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-17 03:11:53 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-06-17 03:11:53 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-17 03:11:16 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-17 03:11:16 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-17 03:10:35 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-06-17 03:09:34 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-06-17 03:08:40 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-06-17 03:08:40 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-06-17 03:08:40 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-06-17 03:08:40 111448 ----a-w- C:\Windows\System32\consent.exe
2013-06-17 03:07:57 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2013-06-17 03:07:22 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-06-17 03:07:22 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-06-17 03:07:22 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-06-17 03:07:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-06-17 03:07:22 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-06-17 03:07:22 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-06-17 03:07:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-06-17 03:06:10 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-06-17 03:06:10 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-06-17 03:05:39 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-17 03:05:08 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-06-17 03:05:08 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-06-17 03:04:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-06-17 03:04:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-06-17 03:02:50 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-06-17 03:02:50 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-06-17 03:02:19 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-17 03:02:19 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-17 03:02:19 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-17 03:02:19 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-17 03:01:12 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-06-17 03:01:12 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-06-17 03:01:12 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-06-17 03:01:12 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-06-17 03:01:12 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-06-17 03:01:12 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-06-17 02:58:44 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-06-17 02:58:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-06-17 02:58:15 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-06-17 02:58:15 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-06-17 02:56:29 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-06-17 02:56:29 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-06-17 02:55:32 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-06-17 02:52:18 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-17 02:52:18 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-06-17 02:51:21 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-06-17 02:50:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-06-17 02:50:53 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-06-17 02:50:25 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-06-17 02:49:56 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-06-17 02:49:56 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-06-17 02:49:56 136704 ----a-w- C:\Windows\System32\browser.dll
2013-06-17 02:49:27 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-06-17 02:49:27 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-06-17 02:48:56 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 18:34:59,00 ===============
 

 


Edited by Darko1, 08 August 2013 - 11:36 AM.


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:36 PM

Posted 11 August 2013 - 09:17 AM

Hi,
 
My name is Casey and I will be helping you with your malware problems.
 
Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.
 
You may wish to "Follow this topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.
 
Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Additionally, it is important that you answer any questions I have and that you keep me updated on the state of the PC.
 
Regards,
 
Casey

Edited by Casey_boy, 11 August 2013 - 09:19 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:36 PM

Posted 11 August 2013 - 09:31 AM

Hi,

 

First looks suggests nothing malicious. Have you run a virus scan with Kaspersky?

 

With regards to your firewall issues, Kaspersky will override the Windows firewall and its settings - that may be why your settings are greyed out. Try changing settings through Kaspersky or disabling the Kaspersky firewall component altogether.

 

As you've noted, your freezing and overheating may not be due to virus infection (it's looking unlikely right now, especially due to lack of other symptoms) and could be another issue like a program memory hogging - antivirus programs are good at doing that! You could try disconnecting from the internet (either take out the Ethernet cable or disable your wireless chip) and then disabling Kaspersky completely (don't let it run on start up), reboot and try using your PC for a bit (no internet though) and see if the issue remains.

 

If these things don't work, we can look further.

 

Casey


If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Darko1

Darko1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 13 August 2013 - 09:29 AM

Thanks for reply.

Seems that Kaspersky slowed computer on start which caused occasionally freeze, I run scan but virus were detected.

 

I disabled Kaspersky firewall but Windows still don't allow me to change settings, disabling whole Kasp, protection also didn't make any difference.

As for overheating, I ordered new heat sink and thermal paste, hope it will solve the temperature problem.

 

If you think there is no malicious on my pc we can close this case.



#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:36 PM

Posted 13 August 2013 - 11:08 AM

I run scan but virus were detected.

 

Is that supposed to say weren't? If viruses were indeed detected, then I'd like to have a look at the Kaspersky log :)

Casey
 


If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Darko1

Darko1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 13 August 2013 - 01:47 PM

Sorry for the typo, I meant "no virus were detected".



#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:36 PM

Posted 13 August 2013 - 02:27 PM

OK, in that case, I think you're clean. 

 

I would recommend uninstalling Kaspersky (just for a test). You can try using another antivirus vendor (such as Microsoft Security Essentials) and just Windows Firewall to see how you get on. You can always go back to Kaspersky afterwards.

 

Casey


If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:36 PM

Posted 20 August 2013 - 03:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users