Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infestation ("Preparing security options" on CTRL+ALT+DEL))


  • This topic is locked This topic is locked
154 replies to this topic

#1 CaptainKillgore

CaptainKillgore

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 15 November 2013 - 02:20 PM

Hi Bleeping Computer forum,

 

I am running Windows 7 SP1 x64 on a 240GB Corsair Performance SSD (with TRIM enabled and latest AHCI drivers), with all latest drivers (incl. SATA controllers).

My OS is currently crawling while it used to have decent booting speed --- and no issues whatsoever when it came to running applications --- prior to the occurrence of these slow-downs/freezes.

Applications are now taking forever too load and when trying to run the Task Manager, the "Preparing securitiy options" message pops up and is lingering dozens of minutes (seems like forever to me). The slow-downs/freezes led to some voluntary unclean turn-offs, which triggered some chkdsk at startup. OS is avaible now (not only in safe mode).

Had to narrow down the start services to the Microsoft ones exclusively though so as to speed up starting of the OS.

Needless to say that all the above prompted me to this very forum, as I am supecting some "good old" infestation (as conflicting or outdated drivers ruled out, etc.).

 

I had to boot in safe mode so as to run the latest ComboFix (so that it did not freeze as I only have, say, two minutes before my OS hangs on me). The ComboFix.txt log is available upon request for your learned consideration.

 

As requested, I ran DDS (in safe boot mode so that the OS does not hang on me)  please see below DDS.txt and attached the Attach.txt.

 

Assistance will be much appreciated as I am completely stuck.

 

Thanks and regards,

CaptainKillgore

 

*********************DDS.txt*****************************

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.45.2
Run by DAN at 20:05:08 on 2013-11-15
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.33.1033.18.8191.7253 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 212.76.224.173 89.2.0.1 89.2.0.2
TCP: Interfaces\{0D3DC94F-E6AD-4059-AC10-73456A42E99B} : DHCPNameServer = 212.76.224.173 89.2.0.1 89.2.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-9-26 37392]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-3-17 310576]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-19 17720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-22 283064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2011-9-14 398112]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-29 65336]
S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-29 189936]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-8-4 1030952]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-26 378944]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-26 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-26 80816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-8-4 21992]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2008-8-28 51240]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2011-11-3 594472]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-4-13 39976]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-22 202840]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-22 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-22 1417304]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-22 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-22 94808]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-22 94808]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-10 91352]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2013-11-10 116440]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-25 20992]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-9-14 34336]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-12 59392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-9-14 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-5-26 14544]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-3 574272]
S4 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-7-22 46808]
S4 casperhpb;Casper SmartSense;C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [2011-6-5 419592]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-4-13 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-26 79360]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-9-14 23048]
S4 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-9-14 335168]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2012-5-19 289792]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
S4 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488]
.
=============== Created Last 30 ================
.
2013-11-14 21:11:58    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-14 20:46:21    98816    ----a-w-    C:\Windows\sed.exe
2013-11-14 20:46:21    256000    ----a-w-    C:\Windows\PEV.exe
2013-11-14 20:46:21    208896    ----a-w-    C:\Windows\MBR.exe
2013-11-13 20:31:53    --------    d-----w-    C:\found.000
2013-11-11 12:14:54    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA01A37F-7559-4082-95EA-9A2BCDFF1EF6}\mpengine.dll
2013-11-10 17:33:37    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 17:33:36    116440    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-11-10 17:33:16    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-10 17:32:16    5145633    ----a-w-    C:\ComboFix.exe
2013-11-10 17:32:15    4745728    ----a-w-    C:\aswmbr.exe
2013-11-10 17:32:15    350080    ----a-w-    C:\avastclear.exe
2013-11-10 17:32:15    2240864    ----a-w-    C:\tdsskiller.exe
2013-11-10 17:32:15    19275792    ----a-w-    C:\BootkitRemoval_x64.exe
2013-11-10 17:32:15    1525384    ----a-w-    C:\sarsfx.exe
2013-11-10 12:56:55    1957098    ----a-w-    C:\FRST64.exe
2013-11-10 12:56:54    509264    ----a-w-    C:\winsdk_web.exe
2013-11-10 12:56:45    301812736    ----a-w-    C:\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2013-11-10 12:56:40    12576792    ----a-w-    C:\mbar-1.07.0.1007.exe
2013-11-10 12:56:37    994704    ----a-w-    C:\sdksetup.exe
2013-11-10 06:01:15    171392    ----a-w-    C:\Windows\System32\drivers\scsciport.sys
2013-11-10 03:50:28    --------    d-----w-    C:\FRST
2013-11-09 18:12:30    --------    d-----w-    C:\Windows\Standalone System Sweeper
2013-11-08 19:11:30    --------    d-----w-    C:\Program Files (x86)\NEC Electronics
2013-11-06 15:21:58    --------    d-----w-    C:\ProgramData\Oracle
2013-11-06 15:21:12    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 11:17:54    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-05 11:17:54    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-02 13:47:00    31672    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-11-02 13:47:00    194488    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-11-02 13:47:00    1510328    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-11-02 13:30:12    3398914    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-11-02 13:28:32    --------    d-----w-    C:\temp
2013-10-27 09:08:28    --------    d-----w-    C:\Windows\CheckSur
2013-10-26 18:32:19    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 22:17:59    32600    ----a-w-    C:\Windows\System32\SmartDefragBootTime.exe
2013-10-19 22:17:51    17720    ----a-w-    C:\Windows\System32\drivers\SmartDefragDriver.sys
.
==================== Find3M  ====================
.
2013-11-06 09:21:07    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-10-25 06:41:37    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-25 06:41:37    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-15 21:47:39    6665504    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:39    3489568    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:36    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-09-07 17:00:32    298032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-07 17:00:32    298032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-09-06 18:05:31    298032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-03 12:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:05:12,96 ===============
 



BC AdBot (Login to Remove)

 


#2 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 20 November 2013 - 01:37 PM

any joy anyone?
CaptainKillgore

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 20 November 2013 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514143 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 21 November 2013 - 02:26 AM

New DDS log will follow shortly and thanks for the heads up, bot buddy.
In my view there are no such things as "silly little programs"... save from viruses and malwares!
Thanks and regards,
CaptainKillgore

#5 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 21 November 2013 - 02:33 PM

Hi Bleeping Computer forum,
 
1.I am running Windows 7 SP1 x64 on a 240GB Corsair Performance SSD (with TRIM enabled and latest AHCI drivers), with all latest drivers (incl. SATA controllers).
My OS is currently crawling while it used to have decent booting speed --- and no issues whatsoever when it came to running applications --- prior to the occurrence of these slow-downs/freezes.
Applications are now taking forever too load and when trying to run the Task Manager, the "Preparing securitiy options" message pops up and is lingering dozens of minutes (seems like forever to me). The slow-downs/freezes led to some voluntary unclean turn-offs, which triggered some chkdsk at startup. OS is avaible now (not only in safe mode).
Had to narrow down the start services to the Microsoft ones exclusively though so as to speed up starting of the OS.
Needless to say that all the above prompted me to this very forum, as I am supecting some "good old" infestation (as conflicting or outdated drivers ruled out, etc.).
 
I had to boot in safe mode so as to run the latest ComboFix (so that it did not freeze as I only have, say, two minutes before my OS hangs on me). The ComboFix.txt log is available upon request for your learned consideration.
 
As requested, I ran DDS please see below DDS.txt and attached the Attach.txt.
 
Assistance will be much appreciated as I am completely stuck.
 
Thanks and regards,
CaptainKillgore
 
2. ************************* DDS Log **************************
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.45.2
Run by DAN at 20:19:17 on 2013-11-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.33.1033.18.8191.6937 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\program files (x86)\stardock\fences\Fences.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 212.76.224.173 89.2.0.1 89.2.0.2
TCP: Interfaces\{0D3DC94F-E6AD-4059-AC10-73456A42E99B} : DHCPNameServer = 212.76.224.173 89.2.0.1 89.2.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-29 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-29 189936]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-9-26 37392]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-3-17 310576]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-19 17720]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-8-4 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-26 378944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-26 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-26 80816]
R2 CorsairSSDToolBox;Corsair SSD ToolBox;C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe [2013-11-16 1838352]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-8-4 21992]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-22 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-22 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-22 94808]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-22 283064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2011-9-14 398112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2008-8-28 51240]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2011-11-3 594472]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-4-13 39976]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-22 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-22 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-22 94808]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-10 91352]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-25 20992]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-9-14 34336]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-12 59392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-9-14 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-5-26 14544]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-3 574272]
S4 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-7-22 46808]
S4 casperhpb;Casper SmartSense;C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [2011-6-5 419592]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-4-13 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-26 79360]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-9-14 23048]
S4 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-9-14 335168]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2012-5-19 289792]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
S4 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488]
.
=============== Created Last 30 ================
.
2013-11-17 13:42:52    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-17 13:42:52    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-16 20:13:24    --------    d-----w-    C:\Program Files (x86)\ESET
2013-11-16 20:10:42    --------    d-----w-    C:\Users\DAN\AppData\Local\Corsair
2013-11-16 20:10:40    --------    d-----w-    C:\Program Files (x86)\Corsair SSD Toolbox
2013-11-14 21:11:58    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-14 20:46:21    98816    ----a-w-    C:\Windows\sed.exe
2013-11-14 20:46:21    256000    ----a-w-    C:\Windows\PEV.exe
2013-11-14 20:46:21    208896    ----a-w-    C:\Windows\MBR.exe
2013-11-11 12:14:54    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA01A37F-7559-4082-95EA-9A2BCDFF1EF6}\mpengine.dll
2013-11-10 17:33:37    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 17:33:16    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-10 17:32:16    5145633    ----a-w-    C:\ComboFix.exe
2013-11-10 17:32:15    4745728    ----a-w-    C:\aswmbr.exe
2013-11-10 17:32:15    350080    ----a-w-    C:\avastclear.exe
2013-11-10 17:32:15    2240864    ----a-w-    C:\tdsskiller.exe
2013-11-10 17:32:15    19275792    ----a-w-    C:\BootkitRemoval_x64.exe
2013-11-10 17:32:15    1525384    ----a-w-    C:\sarsfx.exe
2013-11-10 12:56:55    1957098    ----a-w-    C:\FRST64.exe
2013-11-10 12:56:54    509264    ----a-w-    C:\winsdk_web.exe
2013-11-10 12:56:45    301812736    ----a-w-    C:\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2013-11-10 12:56:40    12576792    ----a-w-    C:\mbar-1.07.0.1007.exe
2013-11-10 12:56:37    994704    ----a-w-    C:\sdksetup.exe
2013-11-10 06:01:15    171392    ----a-w-    C:\Windows\System32\drivers\scsciport.sys
2013-11-10 03:50:28    --------    d-----w-    C:\FRST
2013-11-09 18:12:30    --------    d-----w-    C:\Windows\Standalone System Sweeper
2013-11-08 19:11:30    --------    d-----w-    C:\Program Files (x86)\NEC Electronics
2013-11-06 15:21:58    --------    d-----w-    C:\ProgramData\Oracle
2013-11-06 15:21:12    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 11:17:54    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-05 11:17:54    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-02 13:47:00    31672    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-11-02 13:47:00    194488    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-11-02 13:47:00    1510328    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-11-02 13:30:12    3398914    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-11-02 13:28:32    --------    d-----w-    C:\temp
2013-10-27 09:08:28    --------    d-----w-    C:\Windows\CheckSur
2013-10-26 18:32:19    3155968    ----a-w-    C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-11-06 09:21:07    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-10-25 06:41:37    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-25 06:41:37    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-15 21:47:39    6665504    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:39    3489568    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:36    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-09-07 17:00:32    298032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-07 17:00:32    298032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-09-06 18:05:31    298032    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-03 12:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:21:55,04 ===============
 
 
3. My original Windows 7 x64 SP1 is available.

 

4. Attach.zip (zipped attach.txt log attached).

 

Cheers.

 



#6 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 23 November 2013 - 09:53 AM

Any joy anyone? anything suspicious?
Many thanks!
CaptainKillgore

#7 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 November 2013 - 02:25 AM

Additional (unsurprising) symptoms to report : Windows Security Center is unavailable; ditto for Windows Update (could not download latest Microsoft Malware Removal Tool nor any other update) and no Restoration Points to be found...
Thanks to whomever will consider the above.
CaptainKillgore

#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 25 November 2013 - 02:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:25 AM

Posted 27 November 2013 - 10:01 AM

Greetings CaptainKillgore and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 27 November 2013 - 01:49 PM

Hi Gary,
Thank you for the heads up an bear with me.
Requested logs will follow shortly.
Thanks and regards,
CaptainKillgore

#11 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 27 November 2013 - 06:10 PM

Hi Gary,

As requested please see below (1) the FRST.txt and (2) the Addition.txt.

Note that I tried to run FRST in "standard" mode (i.e. not safe mode) twice... in vain --- FRST would freeze and a hard reset was required both times.

Let the magic begin!

Thank you and regards,

CaptainKillgore

 

================================================FRST.TXT==========================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by DAN (administrator) on E8600-3-33GHZ on 27-11-2013 23:46:12
Running from C:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
MountPoints2: M - M:\setup.exe
MountPoints2: {0e81709a-780b-11e0-89dd-e0cb4e604336} - "M:\WD SmartWare.exe" autoplay=true
MountPoints2: {3a2fd169-c98d-11df-80bc-806e6f6e6963} - G:\setup64.exe
HKU\UpdatusUser.E8600-3-33GHZ\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
HKU\UpdatusUser.E8600-3-33GHZ\...\Run: [Xpadder] - F:\My Torrents\Xpadder v5.7 (2010.11.17)\Xpadder.exe [1714688 2010-07-27] ()
HKU\UpdatusUser.E8600-3-33GHZ\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\UpdatusUser.E8600-3-33GHZ\...\RunOnce: [InetReg] - "C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=en_EU
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=en_EU
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 212.76.224.173 89.2.0.1 89.2.0.2

FireFox:
========
FF ProfilePath: C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default
FF user.js: detected! => C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\user.js
FF NewTab: www.google.com
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: Dictionnaires français - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org
FF Extension: Adblock Plus - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: prefs - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

==================== Services (Whitelisted) =================

S4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
S4 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [419592 2011-06-05] (Future Systems Solutions, Inc.)
S4 CorsairSSDToolBox; C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe [1838352 2013-05-02] (Corsair)
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-18] ()
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [289792 2011-12-26] (Puran Software)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] ()

==================== Drivers (Whitelisted) ====================

S3 54953221; No ImagePath
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-27] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-22] (Disc Soft Ltd)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-01-17] (Paragon Software Group)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-24] (Duplex Secure Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [48144 2010-01-17] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [158736 2010-01-17] (Paragon)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S2 atksgt; system32\DRIVERS\atksgt.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GPU-Z; \??\C:\Users\DAN\AppData\Local\Temp\GPU-Z.sys [x]
S2 lirsgt; system32\DRIVERS\lirsgt.sys [x]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 23:08 - 2013-11-27 23:08 - 01958850 _____ (Farbar) C:\FRST64.exe
2013-11-24 21:59 - 2013-11-24 21:59 - 00000000 ____D C:\Windows\Tasks\TaskDisabled
2013-11-24 19:24 - 2013-11-24 12:46 - 00173144 ____R (Gibson Research Corp.) C:\Users\DAN\Desktop\SpinRite.exe
2013-11-17 14:42 - 2013-11-17 14:59 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 14:42 - 2013-11-17 14:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 14:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-16 21:13 - 2013-11-16 21:13 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-16 21:10 - 2013-11-23 16:21 - 00567242 _____ C:\Users\DAN\cssdt.log
2013-11-16 21:10 - 2013-11-16 21:10 - 00001129 _____ C:\Users\Public\Desktop\Corsair SSD Toolbox.lnk
2013-11-16 21:10 - 2013-11-16 21:10 - 00000000 ____D C:\Users\DAN\AppData\Local\Corsair
2013-11-16 21:10 - 2013-11-16 21:10 - 00000000 ____D C:\Program Files (x86)\Corsair SSD Toolbox
2013-11-15 19:58 - 2013-11-21 20:22 - 00016090 _____ C:\Users\DAN\Desktop\attach.txt
2013-11-15 19:58 - 2013-11-21 20:21 - 00019390 _____ C:\Users\DAN\Desktop\dds.txt
2013-11-15 19:55 - 2013-11-15 19:47 - 00688992 ____R (Swearware) C:\Users\DAN\Desktop\dds.com
2013-11-14 22:11 - 2013-11-14 22:11 - 00025788 _____ C:\ComboFix.txt
2013-11-14 21:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-14 21:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-14 21:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-14 21:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-14 21:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-14 21:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-14 21:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-14 21:46 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-14 21:45 - 2013-11-14 22:11 - 00000000 ____D C:\Qoobox
2013-11-14 21:45 - 2013-11-14 21:53 - 00000000 ____D C:\Windows\erdnt
2013-11-11 22:34 - 2013-11-11 22:34 - 00000432 ____H C:\Windows\YukonInstall.log
2013-11-11 21:37 - 2013-11-11 21:37 - 00951760 _____ C:\Windows\Minidump\111113-211740-01.dmp
2013-11-10 18:33 - 2013-11-10 18:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 18:33 - 2013-11-10 18:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-10 18:33 - 2013-11-10 18:33 - 00000000 ____D C:\Users\DAN\Desktop\mbar
2013-11-10 18:32 - 2013-11-10 14:57 - 00350080 _____ (AVAST Software) C:\avastclear.exe
2013-11-10 18:32 - 2013-11-10 14:08 - 19275792 _____ (Bitdefender LLC) C:\BootkitRemoval_x64.exe
2013-11-10 18:32 - 2013-11-10 14:08 - 04745728 _____ (AVAST Software) C:\aswmbr.exe
2013-11-10 18:32 - 2013-11-10 14:08 - 02240864 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2013-11-10 18:32 - 2013-11-10 14:07 - 01525384 _____ C:\sarsfx.exe
2013-11-10 18:32 - 2013-11-10 13:30 - 05145633 _____ (Swearware) C:\ComboFix.exe
2013-11-10 13:56 - 2013-11-27 23:46 - 00012632 _____ C:\FRST.txt
2013-11-10 13:56 - 2013-11-10 13:46 - 00994704 _____ (Microsoft Corporation) C:\sdksetup.exe
2013-11-10 13:56 - 2013-11-10 13:34 - 12576792 _____ (Malwarebytes Corp.) C:\mbar-1.07.0.1007.exe
2013-11-10 13:56 - 2013-11-10 13:30 - 05145633 ____R (Swearware) C:\Users\DAN\Desktop\ComboFix.exe
2013-11-10 13:56 - 2013-11-10 12:41 - 301812736 _____ C:\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2013-11-10 13:56 - 2013-11-10 09:53 - 00509264 _____ (Microsoft Corporation) C:\winsdk_web.exe
2013-11-10 07:01 - 2010-11-20 23:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsciport.sys
2013-11-10 04:50 - 2013-11-10 04:50 - 00000000 ____D C:\FRST
2013-11-09 19:12 - 2013-11-09 19:12 - 00000000 ____D C:\Windows\Standalone System Sweeper
2013-11-08 20:11 - 2013-11-11 22:45 - 00000000 ____D C:\Program Files (x86)\NEC Electronics
2013-11-06 16:21 - 2013-11-06 16:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-06 16:21 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-06 16:21 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-06 16:21 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-06 16:21 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-06 16:18 - 2013-11-06 16:21 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-06 16:14 - 2013-11-21 20:22 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-05 13:03 - 2013-11-09 22:30 - 00011189 _____ C:\Users\DAN\AppData\Local\Temp9.html
2013-11-05 12:17 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-05 12:17 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-02 21:26 - 2013-11-02 21:26 - 00289344 _____ C:\Windows\Minidump\110213-67298-01.dmp
2013-11-02 14:47 - 2013-11-02 14:47 - 01510328 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-11-02 14:47 - 2013-11-02 14:47 - 00194488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-11-02 14:47 - 2013-11-02 14:47 - 00031672 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-11-02 14:30 - 2013-10-08 20:14 - 03398914 _____ C:\Windows\system32\nvcoproc.bin
2013-11-02 14:26 - 2013-11-02 14:26 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 18290536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 18243632 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 15244272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-02 14:26 - 2013-11-02 14:26 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 02694664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-02 13:42 - 2013-11-02 13:42 - 00272104 _____ C:\Windows\Minidump\110213-58921-01.dmp
2013-11-02 13:13 - 2013-11-02 13:13 - 00030088 ____N C:\bootsqm.dat

==================== One Month Modified Files and Folders =======

2013-11-27 23:46 - 2013-11-10 13:56 - 00012632 _____ C:\FRST.txt
2013-11-27 23:30 - 2010-09-26 11:50 - 00258694 _____ C:\Windows\WindowsUpdate.log
2013-11-27 23:27 - 2013-10-19 23:18 - 00000286 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-11-27 23:26 - 2013-10-25 07:29 - 00006746 _____ C:\Windows\setupact.log
2013-11-27 23:26 - 2012-05-27 17:21 - 00000000 ____D C:\ProgramData\VMware
2013-11-27 23:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 23:25 - 2013-10-25 20:59 - 00010122 _____ C:\Windows\PFRO.log
2013-11-27 23:10 - 2009-07-14 06:13 - 00800562 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 23:08 - 2013-11-27 23:08 - 01958850 _____ (Farbar) C:\FRST64.exe
2013-11-24 22:04 - 2011-12-29 10:33 - 00000000 ____D C:\Windows\pss
2013-11-24 22:04 - 2010-09-26 11:51 - 00000000 ___RD C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 21:59 - 2013-11-24 21:59 - 00000000 ____D C:\Windows\Tasks\TaskDisabled
2013-11-24 19:38 - 2012-06-30 15:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 12:46 - 2013-11-24 19:24 - 00173144 ____R (Gibson Research Corp.) C:\Users\DAN\Desktop\SpinRite.exe
2013-11-24 01:06 - 2013-09-08 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-23 16:21 - 2013-11-16 21:10 - 00567242 _____ C:\Users\DAN\cssdt.log
2013-11-23 16:21 - 2009-07-14 05:45 - 00010288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-23 16:21 - 2009-07-14 05:45 - 00010288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-21 20:22 - 2013-11-15 19:58 - 00016090 _____ C:\Users\DAN\Desktop\attach.txt
2013-11-21 20:22 - 2013-11-06 16:14 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-21 20:21 - 2013-11-15 19:58 - 00019390 _____ C:\Users\DAN\Desktop\dds.txt
2013-11-17 14:59 - 2013-11-17 14:42 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 14:59 - 2013-11-17 14:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-16 21:13 - 2013-11-16 21:13 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-16 21:10 - 2013-11-16 21:10 - 00001129 _____ C:\Users\Public\Desktop\Corsair SSD Toolbox.lnk
2013-11-16 21:10 - 2013-11-16 21:10 - 00000000 ____D C:\Users\DAN\AppData\Local\Corsair
2013-11-16 21:10 - 2013-11-16 21:10 - 00000000 ____D C:\Program Files (x86)\Corsair SSD Toolbox
2013-11-16 21:10 - 2010-09-26 11:50 - 00000000 ____D C:\Users\DAN
2013-11-15 19:47 - 2013-11-15 19:55 - 00688992 ____R (Swearware) C:\Users\DAN\Desktop\dds.com
2013-11-14 22:11 - 2013-11-14 22:11 - 00025788 _____ C:\ComboFix.txt
2013-11-14 22:11 - 2013-11-14 21:45 - 00000000 ____D C:\Qoobox
2013-11-14 21:53 - 2013-11-14 21:45 - 00000000 ____D C:\Windows\erdnt
2013-11-14 21:52 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-11 22:45 - 2013-11-08 20:11 - 00000000 ____D C:\Program Files (x86)\NEC Electronics
2013-11-11 22:43 - 2011-12-03 09:49 - 00000000 ____D C:\Program Files (x86)\Marvell
2013-11-11 22:34 - 2013-11-11 22:34 - 00000432 ____H C:\Windows\YukonInstall.log
2013-11-11 21:54 - 2010-09-26 12:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-11 21:37 - 2013-11-11 21:37 - 00951760 _____ C:\Windows\Minidump\111113-211740-01.dmp
2013-11-11 21:37 - 2011-11-03 21:37 - 00000000 ____D C:\Windows\Minidump
2013-11-11 21:36 - 2013-10-27 10:34 - 617218159 _____ C:\Windows\MEMORY.DMP
2013-11-10 18:54 - 2013-11-10 18:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 18:33 - 2013-11-10 18:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-10 18:33 - 2013-11-10 18:33 - 00000000 ____D C:\Users\DAN\Desktop\mbar
2013-11-10 14:57 - 2013-11-10 18:32 - 00350080 _____ (AVAST Software) C:\avastclear.exe
2013-11-10 14:08 - 2013-11-10 18:32 - 19275792 _____ (Bitdefender LLC) C:\BootkitRemoval_x64.exe
2013-11-10 14:08 - 2013-11-10 18:32 - 04745728 _____ (AVAST Software) C:\aswmbr.exe
2013-11-10 14:08 - 2013-11-10 18:32 - 02240864 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2013-11-10 14:07 - 2013-11-10 18:32 - 01525384 _____ C:\sarsfx.exe
2013-11-10 13:46 - 2013-11-10 13:56 - 00994704 _____ (Microsoft Corporation) C:\sdksetup.exe
2013-11-10 13:34 - 2013-11-10 13:56 - 12576792 _____ (Malwarebytes Corp.) C:\mbar-1.07.0.1007.exe
2013-11-10 13:30 - 2013-11-10 18:32 - 05145633 _____ (Swearware) C:\ComboFix.exe
2013-11-10 13:30 - 2013-11-10 13:56 - 05145633 ____R (Swearware) C:\Users\DAN\Desktop\ComboFix.exe
2013-11-10 12:41 - 2013-11-10 13:56 - 301812736 _____ C:\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2013-11-10 09:53 - 2013-11-10 13:56 - 00509264 _____ (Microsoft Corporation) C:\winsdk_web.exe
2013-11-10 04:50 - 2013-11-10 04:50 - 00000000 ____D C:\FRST
2013-11-09 22:30 - 2013-11-05 13:03 - 00011189 _____ C:\Users\DAN\AppData\Local\Temp9.html
2013-11-09 22:30 - 2011-12-24 11:27 - 00000000 ____D C:\Program Files\WhoCrashed
2013-11-09 22:28 - 2011-12-24 11:27 - 00001955 _____ C:\Users\DAN\AppData\Local\Temp1.html
2013-11-09 19:12 - 2013-11-09 19:12 - 00000000 ____D C:\Windows\Standalone System Sweeper
2013-11-08 20:15 - 2010-09-26 11:59 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-08 09:04 - 2010-09-26 12:08 - 00000000 ____D C:\Users\DAN\AppData\Roaming\BitTorrent
2013-11-06 16:22 - 2013-11-06 16:21 - 00000000 ____D C:\ProgramData\Oracle
2013-11-06 16:21 - 2013-11-06 16:18 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-06 16:21 - 2012-06-30 18:25 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-06 16:13 - 2010-09-26 13:27 - 00001908 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-06 16:13 - 2010-09-26 13:27 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-11-06 10:22 - 2013-10-25 21:40 - 00002712 _____ C:\Windows\LkmdfCoInst.log
2013-11-06 10:21 - 2013-04-13 10:34 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-05 13:01 - 2012-05-12 11:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-05 13:01 - 2012-05-12 11:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-03 14:38 - 2013-04-13 08:59 - 00000000 ____D C:\ProgramData\Logitech
2013-11-02 21:26 - 2013-11-02 21:26 - 00289344 _____ C:\Windows\Minidump\110213-67298-01.dmp
2013-11-02 14:47 - 2013-11-02 14:47 - 01510328 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-11-02 14:47 - 2013-11-02 14:47 - 00194488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-11-02 14:47 - 2013-11-02 14:47 - 00031672 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-11-02 14:38 - 2010-09-26 13:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-02 14:26 - 2013-11-02 14:26 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 18290536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 18243632 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 15244272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-02 14:26 - 2013-11-02 14:26 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 02694664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-02 14:26 - 2013-11-02 14:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-02 14:26 - 2013-02-25 23:32 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-11-02 13:53 - 2010-09-26 15:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-02 13:53 - 2010-09-26 14:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-02 13:42 - 2013-11-02 13:42 - 00272104 _____ C:\Windows\Minidump\110213-58921-01.dmp
2013-11-02 13:13 - 2013-11-02 13:13 - 00030088 ____N C:\bootsqm.dat
2013-11-01 11:32 - 2010-09-26 11:51 - 00000000 ___RD C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Some content of TEMP:
====================
C:\Users\DAN\AppData\Local\Temp\mbam-setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 20:16

==================== End Of Log ============================

 

 

===========================================================Addition.txt================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013 01
Ran by DAN at 2013-11-27 23:48:08
Running from C:\
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

Active@ Partition Recovery Enterprise (x32)
Activision® (x32 Version: 1.0)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.0.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Advanced SystemCare 6 (x32 Version: 6.4)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.1.000)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Broadcom Bluetooth Software (Version: 6.5.1.2700)
Casper 7.0 (Version: 7.0.1801)
ControlMK 0.232 (x32 Version: 0.232)
Corsair SSD Toolbox (x32 Version: 1.0.0.0)
CPUID ROG CPU-Z 1.58 (Version: 1.58)
Creative ALchemy (x32 Version: 1.43)
Creative Audio Control Panel (x32 Version: 2.00)
Creative Console Launcher (x32)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Sound Blaster Properties x64 Edition (x32)
CrystalDiskInfo 4.1.4 (x32 Version: 4.1.4)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0335)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dragon NaturallySpeaking 12 (x32 Version: 12.00.100)
Driver Booster (x32 Version: 1.0)
Driver Genius (x32 Version: 12.0)
Driver Genius Professional Edition (x32 Version: 10.0)
eReg (x32 Version: 1.20.138.34)
erLT (x32 Version: 1.20.0137)
ESET Online Scanner v3 (x32)
Fences (Version: 1.0)
Fences (x32)
Game Booster 3 (x32 Version: 3.4)
HDD Regenerator (x32 Version: 20.11.0011)
Heaven DX11 Benchmark version 3.0 (Version: 3.0)
Host OpenAL (ADI) (x32)
Intégrateur de périphériques Windows Live (x32 Version: 1.0.104.0)
IObit Malware Fighter (x32 Version: 2.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 33 (x32 Version: 6.0.330)
Logitech SetPoint 6.61 (Version: 6.61.15)
Magic ISO Maker v5.5 (build 0273) (x32)
MagicDisc 2.7.106 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 331.58 (Version: 331.58)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenAL (x32)
Paragon Alignment Tool™ 3.0 (x32 Version: 90.00.0003)
Paragon Hard Disk Manager™ 2010 Professional (Version: 90.00.0003)
Paragon Migrate OS to SSD™ (x32 Version: 90.00.0003)
Puran Defrag Free Edition 7.3
PVSonyDll (Version: 1.00.0001)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Smart Defrag 2 (x32 Version: 2.9)
SoundMAX (x32 Version: 6.10.2.6585)
Source SDK Base 2007 (x32)
SSDlife Pro (x32 Version: 2.2.42)
Steam (x32 Version: 1.0.0.0)
TechPowerUp GPU-Z (x32)
tools-freebsd (x32 Version: 8.8.1.528992)
tools-linux (x32 Version: 8.8.1.528992)
tools-netware (x32 Version: 8.8.1.528992)
tools-solaris (x32 Version: 8.8.1.528992)
tools-windows (x32 Version: 8.8.1.528992)
tools-winPre2k (x32 Version: 8.8.1.528992)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
VistaBootPRO 3.3 (x32 Version: 3.3.0)
VLC media player 1.1.11 (x32 Version: 1.1.11)
VmciSockets (Version: 9.1.54.1)
VMware Workstation (x32 Version: 8.0.1.27038)
WhoCrashed 3.03
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR archiver
XviD MPEG-4 Codec (x32)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-14 21:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00D0010C-85FE-4425-80C3-20B4090676AB} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-09-08] (IObit)
Task: {08A31197-174F-457D-9783-991156E3025F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File
Task: {0E45CA25-CD61-4B5F-B712-2B2AE44FDD60} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4B6F7577-D858-461A-A51F-0F182E109546} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2011-06-05] (Future Systems Solutions, Inc.)
Task: {5CB42FD8-DA77-4104-A719-E14F27C2A4F0} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-09-08] (IObit)
Task: {7757C471-24FA-481C-9B0E-501AF7E10514} - System32\Tasks\Future Systems Solutions\Casper\My Corsair Performance 3 SSD Backup => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2011-06-05] (Future Systems Solutions, Inc.)
Task: {852F46A5-B13C-41AA-9986-32C0BB390868} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {891233C1-4E52-4CBC-8106-BA5016F348EA} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {9AB5D6D7-7282-42E0-8824-1F0BA35AED89} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A018105A-27BE-448D-A26B-AE15E80F61F2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
Task: {B59320BE-4329-4C65-9598-273D0D325F3B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File
Task: {BCF8F5B8-C9EB-4F7E-902F-600A61106E38} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-25] (Adobe Systems Incorporated)
Task: {CED08415-2037-427A-8D8A-51E11E10386D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe [2012-04-23] (IObit)
Task: {E3E8DCE0-BA89-4B73-8648-56F623FAFBF1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {FE369895-6142-45E4-92C1-494A29710729} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster\gbtray.exe [2012-04-23] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-09-26 12:41 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-03 15:25 - 2013-01-15 17:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:2CFDCA54

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware VMCI Host Device
Description: VMware VMCI Host Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: vmci
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 11:08:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/24/2013 07:38:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: SPINRITE.EXE, version: 1.0.0.0, time stamp: 0x00000000
Faulting module name: SPINRITE.EXE, version: 1.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0003c007
Faulting process id: 0xf3c
Faulting application start time: 0xSPINRITE.EXE0
Faulting application path: SPINRITE.EXE1
Faulting module path: SPINRITE.EXE2
Report Id: SPINRITE.EXE3

System errors:
=============
Error: (11/27/2013 11:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:45:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:45:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:45:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:45:32 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:45:31 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/27/2013 11:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/27/2013 11:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/27/2013 11:45:06 PM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001

Error: (11/27/2013 11:45:06 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C

Error: (11/27/2013 11:08:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\My Downloads\esetsmartinstaller_enu.exe

Error: (11/24/2013 08:06:38 PM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001

Error: (11/24/2013 08:06:37 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C

Error: (11/24/2013 07:58:07 PM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001

Error: (11/24/2013 07:58:07 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C

Error: (11/24/2013 07:38:53 PM) (Source: Application Error)(User: )
Description: SPINRITE.EXE1.0.0.000000000SPINRITE.EXE1.0.0.000000000c00000050003c007f3c01cee9446b63ba16I:\SPINRITE.EXEI:\SPINRITE.EXEaa64a9bd-5537-11e3-9fee-005056c00008

Error: (11/24/2013 07:22:42 PM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001

Error: (11/24/2013 07:22:39 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C


CodeIntegrity Errors:
===================================
  Date: 2013-11-14 21:51:36.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-14 21:51:36.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 21:39:17.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 21:39:17.521
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 21:39:16.943
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 21:39:16.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-10 18:12:01.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-10 18:12:01.642
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-10 18:11:58.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-10 18:11:58.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8191.11 MB
Available physical RAM: 7264.96 MB
Total Pagefile: 16380.41 MB
Available Pagefile: 15475.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows 7 64bit) (Fixed) (Total:238.47 GB) (Free:54.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Games) (Fixed) (Total:698.63 GB) (Free:406.64 GB) NTFS
Drive e: (PATRIOT) (Removable) (Total:7.46 GB) (Free:5.72 GB) FAT32
Drive f: (Torrents) (Fixed) (Total:698.64 GB) (Free:360.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 240C240B)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 46A36C83)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 008B008A)

Partition: GPT Partition TypePartition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.

========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 7E572B20)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 238 GB) (Disk ID: B8805C40)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 9 (Size: 7 GB) (Disk ID: 4C049703)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:25 AM

Posted 27 November 2013 - 11:19 PM

I am very sorry for the delay.  I was not automatically added to the follow topic list when I posted and so I was not notified you had responded.   It is about time for me to shut down but I will certainly be posting back tomorrow.  Thanks for your continued patience.  We will hit it hard very shortly!


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 28 November 2013 - 02:17 AM

Understood and thanks for the heads up, Gary.
CaptainKillgore

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:25 AM

Posted 28 November 2013 - 08:53 AM

Greetings Captain!

Thanks for your patience. Lots to do in this first post to make up for my tardiness! :)

Please consider and do these things.

===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P (Torrent) downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.


===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:2CFDCA54
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Clean Boot
--------------------
  • From either Nornal or Safe Mode press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Adwcleaner log
  • Junkware log
  • Farbar log
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 28 November 2013 - 02:39 PM

Hi Gary,

 

As requested please find below:

(1) Adwcleaner log;

(2) Junkware log; and

(3) Farbar log.

 

PC's behaviour will follow in a separate post.

 

Thanks and regards,
CaptainKillgore

 

====================================Adwcleaner===============================================

# AdwCleaner v3.013 - Report created 28/11/2013 at 19:52:17
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : DAN - E8600-3-33GHZ
# Running from : C:\Users\DAN\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\DAN\AppData\Local\AskToolbar
Folder Deleted : C:\Users\DAN\AppData\Local\PackageAware
Folder Deleted : C:\Users\DAN\AppData\LocalLow\AskToolbar
File Deleted : C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\8oo8ruob.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

AdwCleaner[R0].txt - [3221 octets] - [28/11/2013 19:50:26]
AdwCleaner[S0].txt - [2967 octets] - [28/11/2013 19:52:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3027 octets] ##########
 

 

=============================================JRT log==========================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by DAN on 28/11/2013 at 20:24:25,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{07D52C1B-9BAD-42A4-9CD9-7333E940C780}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{15CAE811-84B7-4DB2-96CB-842964387A6A}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{17A522B4-99C3-46E1-A860-12EC5A572F3C}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{23A6C975-7EB7-4766-ABD9-154F1B392F88}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{2D952D4A-C673-4BEA-8989-7A1C7611CF7D}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{316356B0-62C9-4979-AF66-E20B0FD7F34B}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{319E0F25-5E4A-4A6C-8D2F-551C23FE568A}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{3FF72FA6-ABF1-4DB7-B88A-1C0C040BDA34}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{44273C5D-E0B4-4098-B573-0E71EFC9154F}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{450298B9-1260-47F2-9642-886A5A6B5722}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{52C7AFAB-E7F3-4634-B7A7-0E364633E9B6}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{60B7BCBA-FCBE-4384-BDDA-931FC6AF412E}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{6E82501F-CF80-4855-8C58-EF0C3D26D5A0}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{758DEA24-EFC9-4DF1-BF42-AE4140D8E399}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{7BD46574-230E-464D-91FA-05886AFCB04E}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{814CA808-8CEC-4CD6-8103-893ED877E44B}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{877916CA-99FB-42BF-8EDE-FCCB50C0F0B5}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{8AD49038-F59B-4059-9B8F-4A0C78171894}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{8F4FA712-FC51-477C-8411-A98C932F5B2E}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{90927339-241C-41F1-8CE5-0C31282AE4D2}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{9E2E23E9-2D2C-4C5B-95F5-1E8FE187D12C}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{C3159E0C-0D7B-4A7A-85A9-CB3AE0D25EBE}
Successfully deleted: [Empty Folder] C:\Users\DAN\appdata\local\{CB12B148-89A1-4F78-B8BB-2A29F54F00C7}



~~~ FireFox

Emptied folder: C:\Users\DAN\AppData\Roaming\mozilla\firefox\profiles\8oo8ruob.default\minidumps [52 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/11/2013 at 20:26:47,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

=============================================FRST log==========================================================

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by DAN at 2013-11-28 20:28:40 Run:1
Running from C:\
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:2CFDCA54
*****************

C:\ProgramData\TEMP => ":1AAB2E68" ADS removed successfully.
C:\ProgramData\TEMP => ":2CFDCA54" ADS removed successfully.

==== End of Fixlog ====

 

===================================================================================================================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users