Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System takes over 20 minutes to boot up in normal mode


  • This topic is locked This topic is locked
55 replies to this topic

#1 kurochikai

kurochikai

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 03 September 2013 - 06:13 AM

So, I've had some issues with this laptop since I've bought it last year, but lately it's been hell to deal with. I've gotten to urge to just throw the thing on the floor due to frustrating problems. However, I cannot exactly afford to go buying a new laptop, so I wanted to ask for help here.

 

As of late, my laptop has had issues booting up(as my topic title states) and often times takes over 20 minutes to boot up in normal mode. In safe mode, everything seems to be fine and boots up quickly.

I've also had some issues with freezing and random shut downs even when the laptop isn't really being intensively used and not overheating. I also have some issues trying to scan for malware and the like. I've tried to use Malwarebytes and it tends to stop and freeze the whole computer at a certain file. I wrote down as much as i could of it and narrowed it down to this file named Microsoft.Windows.Diagnosis.SDEngine.dll. I am not sure if this is a malware file disguised as an important windows file, but in any case I figured it might be good to note that this is where the Malwarebytes scans would freeze or stop around. When it would freeze, I could still move the mouse around(so i guess it's not completely frozen, maybe just the Malwarebytes window), but any attempt at clicking something else would lead to naught and despair. In any case, Malwarebytes didn't work out. I've tried to do other scans, like with ESET online scanner, the microsoft security essentials, AVG, etc. and I've had a lot of freezing before they could finish up. Some just couldn't pick up anything.

I've also had some issues with games. I would load up a game and right when it starts the actual gameplay it would immediately minimize me(or alt-tab?) me to my desk top and continue to do so, not letting me do a thing. The game would continue to load and play normally, but I would have no control over the constant and immediate minimizing to the desktop.

 

So, basically my problems are:

-LONG booting up time on normal mode

-Random shut downs(no blue screens, just shut down)

-Freezing of programs upon scanning for malware

-minimizing of games upon start

I brushed it off, thinking that this laptop was just dumb, but I know I shouldn't let it just slide when it's progressively getting worse. And thus, I turn wish to ask for some sort of help from someone knowledgeable in this area. >_<

 

Aand here's the DDS, as this asked me to put into my plea for help. Thank you in advance to anyone who can help! ;~;

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by TiGrimZ at 2:14:39 on 2013-09-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8079.6771 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uProxyOverride = <local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SansaDispatch] C:\Users\TiGrimZ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28E140WV05R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\TiGrimZ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\TiGrimZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1326DB3E-62E6-4F59-A57E-CE420EE458B1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{2F52E5F4-2FFE-400C-9771-89B9E1991819} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2F52E5F4-2FFE-400C-9771-89B9E1991819}\14454573337323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2F52E5F4-2FFE-400C-9771-89B9E1991819}\2427967686470557070797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2F52E5F4-2FFE-400C-9771-89B9E1991819}\2427967686470557070797D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{2F52E5F4-2FFE-400C-9771-89B9E1991819}\2656C6B696E6E2365343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F52E5F4-2FFE-400C-9771-89B9E1991819}\2656C6B696E6E2462336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5255A747-EB06-47E1-A865-7862E5FF0D08} : NameServer = 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TiGrimZ\AppData\Roaming\Mozilla\Firefox\Profiles\06s9at5c.default\
FF - ExtSQL: !HIDDEN! 2012-09-13 19:23; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-07-17 13:59; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2012-5-9 122776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-9 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-3-9 21616]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2012-5-9 39288]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-3-9 27760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-9 77936]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-3-9 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-3-9 212992]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
S1 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2012-5-9 15992]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-3-9 200320]
S2 DLABMFSE;DLABMFSE;C:\Windows\System32\DLA\DLABMFSE.SYS [2012-5-9 44152]
S2 DLABOIOE;DLABOIOE;C:\Windows\System32\DLA\DLABOIOE.SYS [2012-5-9 41976]
S2 DLADResE;DLADResE;C:\Windows\System32\DLA\DLADResE.SYS [2012-5-9 10360]
S2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\DLA\DLAIFS_E.SYS [2012-5-9 141560]
S2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\DLA\DLAOPIOE.SYS [2012-5-9 34168]
S2 DLAPoolE;DLAPoolE;C:\Windows\System32\DLA\DLAPoolE.SYS [2012-5-9 18040]
S2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\DLA\DLAUDF_E.SYS [2012-5-9 143096]
S2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\DLA\DLAUDFAE.SYS [2012-5-9 137080]
S2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2012-5-9 63608]
S2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-12-3 1270744]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-4-13 88576]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-9 1692480]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2012-5-9 5414184]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-10 4308320]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-9 2656280]
S2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2012-5-9 127272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-1-28 176000]
S3 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-3-9 109184]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-9 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-9 317440]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MCfilt;MCfilt;C:\Windows\System32\drivers\MCfilt64.sys [2012-3-9 32344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-25 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-9 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-25 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-5-9 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-03 08:45:52 -------- d-----w- C:\Users\TiGrimZ\AppData\Roaming\WTouch
2013-09-03 06:37:42 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-03 06:22:17 98816 ----a-w- C:\Windows\sed.exe
2013-09-03 06:22:17 256000 ----a-w- C:\Windows\PEV.exe
2013-09-03 06:22:17 208896 ----a-w- C:\Windows\MBR.exe
2013-09-03 00:03:18 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91ED6CE4-8656-435D-BCBF-AB06AAACFE7D}\mpengine.dll
2013-09-01 04:48:32 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-30 02:55:46 -------- d-----w- C:\Users\TiGrimZ\Games
2013-08-22 19:05:31 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AA839CE-676D-4FDB-B05E-71AF05CD4983}\gapaengine.dll
2013-08-17 21:16:52 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2013-08-17 21:16:52 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-08-17 20:42:15 -------- d-----w- C:\Users\TiGrimZ\AppData\Roaming\gd.sos.McPixel
2013-08-15 05:17:59 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-08-15 05:02:16 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 18:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 18:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 05:38:00 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 05:38:00 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-11 04:16:45 -------- d-----w- C:\Program Files (x86)\TeamViewer
.
==================== Find3M  ====================
.
2013-08-21 06:42:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 06:42:42 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 08:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 08:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 08:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 08:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 08:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-01 08:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-24 03:35:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 03:35:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 03:35:15 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-19 04:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 04:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH:  2:16:22.86 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 03 September 2013 - 03:29 PM

Good evening. :)

Did the PC come with a recovery disk or were you prompted to make one when you first booted the machine up?


So long, and thanks for all the fish.

 

 


#3 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 03 September 2013 - 03:44 PM

No, I tried to make one at some point, though. It didn't quite work out and pretty much said the process failed(i tried using some 4GB DVDs as the blank material). So, I just kind of let it slide. I didn't think i'd have too many problems later on (sigh). It did come with some drivers and utilities apparently though.

Oh, and something I'm not sure if i need to add. The DDS i posted was done during safe mode, and I'm not sure if it affects it in any way. I could do one in normal mode and re-post it if it makes a difference. Sorry, I'm new to this stuff (and here, hi), so I don't know what affects what.


Edited by kurochikai, 03 September 2013 - 03:47 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 04 September 2013 - 03:23 PM

Good evening. :)

Not have a recovery plan would not be the wisest position to be in, as I figure you can see for yourself. I suggest that you try to do so again as it may be necessary to reinstall your operating system if it's poorly sick.

 

In the mean time, you can start by uninstalling one of your anti-virus programs. The log shows both AVG AntiVirus Free Edition 2013 and Microsoft Security Essentials as enabled, and running two, or more, in this way can cause conflictions which may be the root cause of your PC's speed. Reboot the PC once you have done so and tell me what effect, if any, this has and we'll take it from there.

 

I suggest that if you haven't already done so that you back up any important data that you have on the system. While Windows is generally stable, you seem to have a long-standing problem that could head in a number of directions and safe is better than sorry.

 


So long, and thanks for all the fish.

 

 


#5 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 05 September 2013 - 12:02 PM

Uninstalled AVG for now and currently creating a system image through windows 7 and created a system repair disc. I did happen to try to run a quick scan on malwarebytes on safe mode and got some infections, though I'm not too sure what they were. I also took off any files that I needed, though I know I can't do anything about some programs if i do a complete system reinstallation. In any case, I figure that posting that log might be of some help. I also ran a full scan and got stopped again around the winsxs folder. I didn't really manage to get the file, but I think there might be some problems there.

 

Thank you for replying and helping me out @_@

In any case, here's the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.03.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16660
TiGrimZ :: TIGRIMZ-PC [administrator]
 
9/3/2013 4:01:23 PM
mbam-log-2013-09-03 (16-01-23).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239294
Time elapsed: 5 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Users\TiGrimZ\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\TiGrimZ\AppData\Roaming\OpenCandy\12200A3B47284868823FB819B43104BE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\TiGrimZ\AppData\Roaming\OpenCandy\FD39E6523BA64C5D957425130DF28AE4 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
Files Detected: 3
C:\Users\TiGrimZ\Downloads\FreeYouTubeToMP3Converter (6).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\TiGrimZ\AppData\Roaming\OpenCandy\12200A3B47284868823FB819B43104BE\SendoriSetupx10403.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\TiGrimZ\AppData\Roaming\OpenCandy\FD39E6523BA64C5D957425130DF28AE4\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)

UPDATE: I restarted my computer after getting frustrated with the lack of any sort of progress with the backup thing I was trying and it loaded up normally. Didn't take 20 minutes or anything. I think the AVG and Microsoft essentials did play a role in that problem... @_@
 
So, all I need some help with is with why Malwarebytes keeps freezing on me...but I'll check on that in a bit
 
In any case, thank you so much for that advice. I had no idea the two could conflict and cause problems like that. I will keep that in mind when I deal with computers in the future.

Edited by kurochikai, 05 September 2013 - 01:16 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 05 September 2013 - 03:19 PM

Good evening. :)

Let me know how things go.

 

Just one important point, the system image you are creating from within Windows is a back-up of the present state of your hard drive, so all that it can do is to restore your PC to the state that it is in at the time of the back-up. Obviously if the PC has issues now then the back-up will contain the same issues. You need to contact Dell and see if they will supply you with a set of Recovery disks so that you can install a fresh copy of Windows if you need to do so at any point in the future.


So long, and thanks for all the fish.

 

 


#7 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 05 September 2013 - 07:16 PM

There is an option to reset the laptop to factory defaults, through the dell recovery program. However, I do not know whether or not this will reset everything properly rather than having a fresh copy of windows.

 

As for Malwarebytes, again it stopped at the winsxs folder. Some file called GdiPlus.dll. It didn't detect any infections prior to freezing on me again. I'm not sure if there's some other scanner that might be better for scanning because others I've tried ended up freezing one me as well.

 

In any case, if there's some way I could fix this problem, any help will be appreciated. ><



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 06 September 2013 - 02:39 PM

Good evening. :)

There is an option to reset the laptop to factory defaults, through the dell recovery program. However, I do not know whether or not this will reset everything properly rather than having a fresh copy of windows.

This is the equivalent of a fresh install of Windows - your system will look and behave just as it did when you first turned it on when it arrived.

 

We'll start with the MBAM logs that it may have saved - will you post one that is from a scan that stalled, assuming that there is one.


So long, and thanks for all the fish.

 

 


#9 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 06 September 2013 - 03:51 PM

Unfortunately, MBAM hasn't saved any logs because it pretty much freezes my computer and i have to shut it off from the power button. I checked for logs after, but it doesn't seem like it saves any. I could only run a quick scan successfully and not a full scan. ]:



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 06 September 2013 - 04:20 PM

Have you tried running a scan in Safe Mode with MBAM? I wouldn't have it delete anything just yet, if it runs and finds anything, but i'd like to see the log if you can get it to go full term.


So long, and thanks for all the fish.

 

 


#11 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 September 2013 - 09:04 PM

Yes, I've been trying to scan in safe mode and still get the freezing around the winsxs folder. @_@ Only successful log was the quick scan i posted before. I tried to scan before I posted a reply again and it stopped at the winxs folder once again...at some file called GdiPlus.dll..again o-o;



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 08 September 2013 - 01:21 PM

Good evening. :)

Please go to Jotti's and click on the Browse... button at the top and navigate to the file in question and then click on Submit.
When all the scans have been completed, please copy and paste the "Permalink" that you'll find in the "Jotti's malware scan" box in the upper left hand part of the page into your next reply.

If this site is busy, try VirusTotal: Click the Choose File button, navigate to the file and double click it and then click the Scan it! button.


So long, and thanks for all the fish.

 

 


#13 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 08 September 2013 - 08:39 PM

I want to thank you again for your time helping me. I tried to scan all the GdiPlus.dll files in my winsxs folder, but there was one that I absolutely could not scan for unknown reasons. The fifth one would crash the browser and my computer in general. Jotti's and VirusTotal would try to run a scan, but they would keep "uploading" and not get anywhere. The virus total scan said that the chrome page stopped responding and when I tried to kill the page, it wouldn't do anything. I really don't know how these files work and whether or not I can go and delete that file or something. In any case, this file just doesn't want to be scanned. ]:

 

amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.17514_none_3bd2e487d8e769d3

http://virusscan.jotti.org/en/scanresult/d184856726c395470d460f89f663cf881f5ef43b/024329d3644302ad2fd7dfb1003844ebee253e82

amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.17825_none_3bd3cd9dd8e69dbe

http://virusscan.jotti.org/en/scanresult/652233ddb26f12e5f124a7dc1d49a3615fd0c8fa/8a20f91454a08cc03e7ea2a73cb0afa4e336e02a

amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.21977_none_250afabff289afb9

http://virusscan.jotti.org/en/scanresult/cf434597d337441c619ac34791a6bdf8be5df32c/80ccd39d88b49dd09b55623c83327de3bed78608

amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a

http://virusscan.jotti.org/en/scanresult/13107c35b275fdace7d7d3b1c59eb72e26865c8b/5a56f78b9a071254c6ed4b02b043a906417c396f

amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765

 

-doesnt scan  :(

 

amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.21977_none_145c69a48b8f8960

http://virusscan.jotti.org/en/scanresult/01d9f23ac8f528ee4c15c46559c0bbd56bca8ca8


Edited by kurochikai, 08 September 2013 - 08:40 PM.


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:10 PM

Posted 09 September 2013 - 02:04 PM

Good evening. :)
 

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
 

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.

* Please note from the instructions page:

Disabling your Anti-Virus - CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

 

 


So long, and thanks for all the fish.

 

 


#15 kurochikai

kurochikai
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 09 September 2013 - 10:30 PM

So I ran Combofix and did disable Microsoft Security Essentials, but it would still say it was enabled. I'm not 100% sure if that will be a problem, because I did disable it and ended its process.

As of late, my computer has been running decently, but at the same time I haven't been using it as much because of me being wary of malware. I haven't had any problems so far besides when I attempted to scan things. In any case, there aren't any problems with the startup any more, but the freezing when scanning does seem suspicious. I'll attempt to run a scan and see how that problem is.

 

Here's the log:
 

ComboFix 13-09-09.04 - TiGrimZ 09/09/2013  20:14:46.3.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8079.7013 [GMT -7:00]
Running from: c:\users\TiGrimZ\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TiGrimZ\N411ZA06.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-10 to 2013-09-10  )))))))))))))))))))))))))))))))
.
.
2013-09-10 03:18 . 2013-09-10 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-10 03:18 . 2013-09-10 03:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-09 23:25 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE08B1FE-9E57-48E7-8047-45142EAAD2AE}\mpengine.dll
2013-09-09 17:32 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 21:55 . 2013-09-06 21:55 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D378E47-EB4B-4E15-8B5D-A8E903B96B42}\gapaengine.dll
2013-09-05 23:29 . 2013-09-05 23:29 -------- d-----w- c:\users\TiGrimZ\AppData\Local\Apps
2013-09-05 23:29 . 2013-09-05 23:30 -------- d-----w- c:\users\TiGrimZ\AppData\Local\Deployment
2013-09-05 17:54 . 2013-09-05 17:54 -------- dc----w- c:\users\TiGrimZ\AppData\Local\MigWiz
2013-08-30 02:55 . 2013-08-30 02:59 -------- d-----w- c:\users\TiGrimZ\Games
2013-08-17 21:16 . 2013-08-17 21:17 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-08-17 21:16 . 2013-08-17 21:17 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-08-17 20:42 . 2013-08-17 20:42 -------- d-----w- c:\users\TiGrimZ\AppData\Roaming\gd.sos.McPixel
2013-08-15 05:17 . 2013-07-26 06:23 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-08-15 05:02 . 2013-08-15 05:09 -------- d-----w- c:\windows\system32\MRT
2013-08-14 18:11 . 2013-08-14 18:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 18:11 . 2013-08-14 18:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 05:38 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 05:38 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-11 04:16 . 2013-08-11 04:16 -------- d-----w- c:\program files (x86)\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 19:04 . 2012-06-13 12:49 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-21 06:42 . 2012-05-06 00:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 06:42 . 2012-03-09 14:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 05:02 . 2012-05-17 22:42 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-14 05:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-24 03:35 . 2013-06-24 03:35 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 03:35 . 2012-05-10 05:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 03:35 . 2012-05-10 05:41 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-19 04:50 . 2013-06-19 04:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50 . 2011-04-27 21:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\TiGrimZ\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-04-01 613888]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-05-08 2552168]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-12-03 610776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\TiGrimZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS;c:\windows\SYSNATIVE\Drivers\DLACDBHE.SYS [x]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS;c:\windows\SYSNATIVE\DLA\DLABMFSE.SYS [x]
R2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS;c:\windows\SYSNATIVE\DLA\DLABOIOE.SYS [x]
R2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS;c:\windows\SYSNATIVE\DLA\DLADResE.SYS [x]
R2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS;c:\windows\SYSNATIVE\DLA\DLAIFS_E.SYS [x]
R2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS;c:\windows\SYSNATIVE\DLA\DLAOPIOE.SYS [x]
R2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS;c:\windows\SYSNATIVE\DLA\DLAPoolE.SYS [x]
R2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS;c:\windows\SYSNATIVE\DLA\DLAUDF_E.SYS [x]
R2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS;c:\windows\SYSNATIVE\DLA\DLAUDFAE.SYS [x]
R2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS;c:\windows\SYSNATIVE\Drivers\DRVEDDM.SYS [x]
R2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe;c:\program files\WTouch\WTouchService.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys;c:\windows\SYSNATIVE\drivers\MCfilt64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS;c:\windows\SYSNATIVE\Drivers\DRVECDB.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS;c:\windows\SYSNATIVE\Drivers\DLARTL_E.SYS [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 21:35 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 06:42]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 18:32]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 18:32]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532341382-3202234564-2611067050-1000Core.job
- c:\users\TiGrimZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06 04:24]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532341382-3202234564-2611067050-1000UA.job
- c:\users\TiGrimZ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06 04:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 416024]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-08-01 1574016]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\TiGrimZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5255A747-EB06-47E1-A865-7862E5FF0D08}: NameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\TiGrimZ\AppData\Roaming\Mozilla\Firefox\Profiles\06s9at5c.default\
FF - ExtSQL: !HIDDEN! 2012-09-13 19:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-07-17 13:59; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-09  20:20:49
ComboFix-quarantined-files.txt  2013-09-10 03:20
ComboFix2.txt  2013-09-10 03:07
ComboFix3.txt  2013-09-03 06:37
.
Pre-Run: 726,406,410,240 bytes free
Post-Run: 726,333,063,168 bytes free
.
- - End Of File - - 1F859B1FBB30C366E783A681D2E73CD7





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users