Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that fills up C Drive with unknown files - help required


  • This topic is locked This topic is locked
34 replies to this topic

#1 kanucks25

kanucks25

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 06 January 2014 - 10:03 PM

Previous thread, all info here:

 

http://www.bleepingcomputer.com/forums/t/513310/virus-that-fills-up-c-drive-with-unknown-files-help-required/

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.9.2
Run by KJ at 17:52:48 on 2014-01-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.2178 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0BFD2369-3758-448B-B06F-6F85576CD8A9} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KJ\AppData\Roaming\Mozilla\Firefox\Profiles\zwi6qlni.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\KJ\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-5-12 21104]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-27 46368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-30 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-20 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-12 2655768]
R3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-12 77936]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]
.
=============== Created Last 30 ================
.
2014-01-03 14:35:26 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7550F4C7-8CBB-49FC-8AE7-430B68DA5663}\mpengine.dll
2013-12-11 16:58:46 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 16:58:46 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 16:58:45 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 16:58:45 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 10:04:12 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 10:04:12 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 10:04:12 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 10:04:12 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 10:04:12 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 10:04:12 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 10:04:12 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 10:04:12 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-11 10:04:04 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 10:04:04 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 10:03:56 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 10:03:47 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 10:03:47 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 10:03:38 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 10:03:38 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 10:03:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 10:03:28 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 10:03:19 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 10:03:19 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
.
==================== Find3M  ====================
.
2013-12-11 08:41:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 08:41:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 08:41:06 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-26 05:04:06 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2013-11-26 05:04:06 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2013-11-26 05:04:06 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2013-11-26 04:34:28 2829 ----a-w- C:\Windows\DIIUnin.pif
2013-11-26 04:34:27 94208 ----a-w- C:\Windows\DIIUnin.exe
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-06 23:54:11 45181 ----a-w- C:\ProgramData\1383781930.3508.bin
2013-11-06 23:54:11 41131 ----a-w- C:\ProgramData\1383781930.5472.bin
2013-11-06 23:54:11 3557 ----a-w- C:\ProgramData\1383781930.5592.bin
2013-11-06 23:54:11 3126 ----a-w- C:\ProgramData\1383781930.3496.bin
2013-11-06 23:52:10 37823 ----a-w- C:\ProgramData\1383781924.bdinstall.bin
2013-11-06 22:43:19 208216 ----a-w- C:\Windows\System32\drivers\97342309.sys
2013-11-06 09:56:09 282217 ----a-w- C:\ProgramData\1383719799.bdinstall.bin
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH: 17:53:24.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 AM

Posted 11 January 2014 - 10:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519942 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 12 January 2014 - 01:40 AM

64 Bit Windows 7
 
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.9.2
Run by KJ at 22:34:43 on 2014-01-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.2296 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5EC305FC-37DB-44D7-A2AE-D238F65E09DF&SSPV=
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0BFD2369-3758-448B-B06F-6F85576CD8A9} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KJ\AppData\Roaming\Mozilla\Firefox\Profiles\zwi6qlni.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\KJ\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-5-12 21104]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-27 46368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-30 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-20 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2013-12-16 2251552]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-12 2655768]
R3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-12 77936]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]
.
=============== Created Last 30 ================
.
2014-01-11 22:48:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D24AC3FA-B88A-43FD-BF14-F45759265CE7}\offreg.dll
2014-01-11 22:41:16 -------- d-----w- C:\Users\KJ\AppData\Roaming\VideoEditor
2014-01-11 22:32:51 -------- d-----w- C:\Users\KJ\.MCTranscodingSDK
2014-01-11 22:31:02 -------- d-----w- C:\ProgramData\Geevs
2014-01-11 22:29:54 -------- d-----w- C:\Program Files\Lightworks
2014-01-11 22:21:55 -------- d-----w- C:\Users\KJ\AppData\Roaming\avidemux
2014-01-11 00:30:19 -------- d-----w- C:\Users\KJ\AppData\Roaming\NCH Software
2014-01-11 00:30:06 -------- d-----w- C:\Program Files (x86)\NCH Software
2014-01-08 13:57:42 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D24AC3FA-B88A-43FD-BF14-F45759265CE7}\mpengine.dll
.
==================== Find3M  ====================
.
2013-12-11 08:41:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 08:41:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 08:41:06 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-26 05:04:06 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2013-11-26 05:04:06 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2013-11-26 05:04:06 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2013-11-26 04:34:28 2829 ----a-w- C:\Windows\DIIUnin.pif
2013-11-26 04:34:27 94208 ----a-w- C:\Windows\DIIUnin.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-06 23:54:11 45181 ----a-w- C:\ProgramData\1383781930.3508.bin
2013-11-06 23:54:11 41131 ----a-w- C:\ProgramData\1383781930.5472.bin
2013-11-06 23:54:11 3557 ----a-w- C:\ProgramData\1383781930.5592.bin
2013-11-06 23:54:11 3126 ----a-w- C:\ProgramData\1383781930.3496.bin
2013-11-06 23:52:10 37823 ----a-w- C:\ProgramData\1383781924.bdinstall.bin
2013-11-06 22:43:19 208216 ----a-w- C:\Windows\System32\drivers\97342309.sys
2013-11-06 09:56:09 282217 ----a-w- C:\ProgramData\1383719799.bdinstall.bin
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-24 03:51:24 82488 ----a-w- C:\Windows\SysWow64\mslvddsfilter2.ax
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 22:35:14.20 ===============
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 18 January 2014 - 03:01 PM

Greetings kanucks25 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 January 2014 - 04:20 PM

Hi, Gary. My name is KJ. Thanks for your help, I really appreciate it :)

 

Just as a simple update, it's still happening. My HD space has gone down by about 2GB over the past couple days and I haven't downloaded anything, in fact I've deleted files.

 

 

----

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by KJ (administrator) on KJ on 19-01-2014 13:16:39
Running from C:\Users\KJ\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKCU\...\Run: [Google Update] - C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-12] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-09-09] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6589208 2013-10-10] (SUPERAntiSpyware)
MountPoints2: G - G:\Setup.exe
MountPoints2: {3619e0de-9d0b-11e1-8ed1-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {7b0f3983-da77-11e1-bdde-902b3404fee8} - G:\Setup.exe
HKU\fbwuser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\fbwuser\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
HKU\fbwuser\...\Run: [Google Update] - C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-12] (Google Inc.)
HKU\fbwuser\...\Run: [WorkForce 320(Network)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\fbwuser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\fbwuser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKU\fbwuser\...\Run: [ScreenSnapr] - C:\Program Files (x86)\ScreenSnapr\ScreenSnapr.exe /winstart
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
HKU\UpdatusUser\...\Run: [Google Update] - C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-12] (Google Inc.)
HKU\UpdatusUser\...\Run: [WorkForce 320(Network)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [ScreenSnapr] - C:\Program Files (x86)\ScreenSnapr\ScreenSnapr.exe /winstart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC627A7B0D32FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\KJ\AppData\Roaming\Mozilla\Firefox\Profiles\zwi6qlni.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\KJ\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\KJ\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: ZoneAlarm Do Not Track - C:\Users\KJ\AppData\Roaming\Mozilla\Firefox\Profiles\zwi6qlni.default\Extensions\donottrack@checkpoint.com [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
 
Chrome: 
=======
CHR HomePage: hxxp://google.ca/
CHR Plugin: (Shockwave Flash) - C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\KJ\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (YouTube) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Adblock Plus) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-12]
CHR Extension: (Google Search) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (Google) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldjjifbpipdmligefcogandjojpdagn [2013-08-27]
CHR Extension: (Google Wallet) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\KJ\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-08-12]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\KJ\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-08-12]
CHR StartMenuInternet: Google Chrome - C:\Users\KJ\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-04-10] (SANDBOXIE L.T.D)
 
==================== Drivers (Whitelisted) ====================
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-30] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-06-20] (AnchorFree Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [164528 2012-04-10] (SANDBOXIE L.T.D)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S1 lywtxjga; \??\C:\Windows\system32\drivers\lywtxjga.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-19 13:16 - 2014-01-19 13:17 - 00020058 _____ C:\Users\KJ\Desktop\FRST.txt
2014-01-19 13:16 - 2014-01-19 13:16 - 02076672 _____ (Farbar) C:\Users\KJ\Desktop\FRST64.exe
2014-01-19 13:16 - 2014-01-19 13:16 - 00000000 ____D C:\FRST
2014-01-14 22:10 - 2014-01-15 04:07 - 1073741824 _____ C:\Users\KJ\Desktop\mlbl.part1.rar
2014-01-14 16:45 - 2014-01-14 18:41 - 349162437 _____ C:\Users\KJ\Desktop\syren_HCGB.part2.rar
2014-01-14 15:50 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 15:50 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 15:50 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 15:50 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 15:50 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 15:50 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 15:50 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 15:50 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 15:50 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 19:01 - 2012-09-18 02:53 - 00002507 _____ C:\Users\KJ\Desktop\Windows Movie Maker 2.6.lnk
2014-01-11 14:41 - 2014-01-11 14:41 - 00000000 ____D C:\Users\KJ\Documents\FlashIntegro
2014-01-11 14:41 - 2014-01-11 14:41 - 00000000 ____D C:\Users\KJ\AppData\Roaming\VideoEditor
2014-01-11 14:39 - 2013-10-23 19:51 - 00082488 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2014-01-11 14:39 - 2005-08-01 19:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2014-01-11 14:39 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-01-11 14:39 - 2004-09-06 16:06 - 00053248 _____ C:\Windows\SysWOW64\xvid.ax
2014-01-11 14:39 - 2004-07-03 21:08 - 00139264 _____ C:\Windows\SysWOW64\xvidvfw.dll
2014-01-11 14:39 - 2004-07-03 20:59 - 00524288 _____ C:\Windows\SysWOW64\xvidcore.dll
2014-01-11 14:39 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2014-01-11 14:39 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2014-01-11 14:39 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2014-01-11 14:39 - 2003-05-21 23:50 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-01-11 14:39 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2014-01-11 14:39 - 2003-05-21 23:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2014-01-11 14:39 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2014-01-11 14:39 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2014-01-11 14:39 - 2003-05-21 23:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-01-11 14:39 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2014-01-11 14:39 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2014-01-11 14:39 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2014-01-11 14:32 - 2014-01-11 14:32 - 00000000 ____D C:\Users\KJ\.MCTranscodingSDK
2014-01-11 14:31 - 2014-01-11 14:31 - 00000000 ____D C:\ProgramData\Geevs
2014-01-11 14:30 - 2014-01-11 14:32 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2014-01-11 14:30 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-11 14:30 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-11 14:30 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-11 14:30 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-11 14:30 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-11 14:30 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-11 14:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-11 14:29 - 2014-01-11 14:33 - 00000000 ____D C:\Program Files\Lightworks
2014-01-11 14:21 - 2014-01-11 14:25 - 00000000 ____D C:\Users\KJ\AppData\Roaming\avidemux
2014-01-11 10:58 - 2014-01-18 06:33 - 00002671 _____ C:\Users\KJ\Desktop\New Text Document.txt
2014-01-10 16:30 - 2014-01-11 14:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2014-01-10 16:30 - 2014-01-10 16:33 - 00000000 ____D C:\Users\KJ\AppData\Roaming\NCH Software
2014-01-10 16:30 - 2014-01-10 16:30 - 00000000 ____D C:\ProgramData\NCH Software
2013-12-26 03:18 - 2013-12-26 03:18 - 00000000 ____D C:\Users\KJ\Desktop\Harpreet
2013-12-26 03:18 - 2013-12-09 23:08 - 1262557332 _____ C:\Users\KJ\Desktop\Cindy's Wedding.zip
2013-12-24 18:34 - 2013-12-24 18:34 - 00002055 _____ C:\Users\KJ\AppData\Local\recently-used.xbel
2013-12-21 05:34 - 2013-12-21 05:34 - 00000085 _____ C:\Windows\wininit.ini
2013-12-20 17:47 - 2013-12-20 17:47 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2951217715-2226315638-3524513954-1000Core1cefdee96ef1440.job
 
==================== One Month Modified Files and Folders =======
 
2014-01-19 13:17 - 2014-01-19 13:16 - 00020058 _____ C:\Users\KJ\Desktop\FRST.txt
2014-01-19 13:16 - 2014-01-19 13:16 - 02076672 _____ (Farbar) C:\Users\KJ\Desktop\FRST64.exe
2014-01-19 13:16 - 2014-01-19 13:16 - 00000000 ____D C:\FRST
2014-01-19 12:41 - 2012-06-30 23:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 12:17 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 12:17 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 12:13 - 2013-11-07 00:15 - 01907071 _____ C:\Windows\WindowsUpdate.log
2014-01-19 12:10 - 2013-06-07 16:40 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-01-19 12:10 - 2013-06-03 11:03 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-19 12:10 - 2012-05-12 18:12 - 00000000 ____D C:\Users\KJ\AppData\Roaming\Skype
2014-01-19 12:09 - 2013-11-07 00:12 - 00003864 _____ C:\Windows\setupact.log
2014-01-19 12:09 - 2012-11-09 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-19 12:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 06:37 - 2012-05-13 02:49 - 00000000 ____D C:\Users\KJ\AppData\Roaming\vlc
2014-01-18 06:33 - 2014-01-11 10:58 - 00002671 _____ C:\Users\KJ\Desktop\New Text Document.txt
2014-01-16 05:02 - 2012-09-18 03:11 - 00000000 ____D C:\Users\KJ\AppData\Local\WMTools Downloaded Files
2014-01-16 04:12 - 2012-09-18 03:01 - 00044544 _____ C:\Users\KJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 14:50 - 2009-07-13 20:45 - 00416688 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 04:26 - 2013-09-08 01:40 - 00000000 ____D C:\Users\KJ\Downloads\Game of Thrones - The Complete Season 3 [HDTV]
2014-01-15 04:07 - 2014-01-14 22:10 - 1073741824 _____ C:\Users\KJ\Desktop\mlbl.part1.rar
2014-01-14 18:41 - 2014-01-14 16:45 - 349162437 _____ C:\Users\KJ\Desktop\syren_HCGB.part2.rar
2014-01-13 11:20 - 2013-11-12 14:23 - 00313484 _____ C:\Windows\PFRO.log
2014-01-11 14:41 - 2014-01-11 14:41 - 00000000 ____D C:\Users\KJ\Documents\FlashIntegro
2014-01-11 14:41 - 2014-01-11 14:41 - 00000000 ____D C:\Users\KJ\AppData\Roaming\VideoEditor
2014-01-11 14:33 - 2014-01-11 14:29 - 00000000 ____D C:\Program Files\Lightworks
2014-01-11 14:32 - 2014-01-11 14:32 - 00000000 ____D C:\Users\KJ\.MCTranscodingSDK
2014-01-11 14:32 - 2014-01-11 14:30 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2014-01-11 14:32 - 2012-05-12 16:02 - 00000000 ____D C:\Users\KJ
2014-01-11 14:31 - 2014-01-11 14:31 - 00000000 ____D C:\ProgramData\Geevs
2014-01-11 14:25 - 2014-01-11 14:21 - 00000000 ____D C:\Users\KJ\AppData\Roaming\avidemux
2014-01-11 14:14 - 2014-01-10 16:30 - 00000000 ____D C:\Program Files (x86)\NCH Software
2014-01-11 08:08 - 2012-09-21 15:24 - 00000000 ____D C:\Users\KJ\Desktop\School
2014-01-10 16:33 - 2014-01-10 16:30 - 00000000 ____D C:\Users\KJ\AppData\Roaming\NCH Software
2014-01-10 16:31 - 2013-07-19 14:31 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-10 16:30 - 2014-01-10 16:30 - 00000000 ____D C:\ProgramData\NCH Software
2014-01-09 00:40 - 2012-05-12 16:45 - 00010344 _____ C:\Users\KJ\Desktop\Info.txt
2013-12-30 12:47 - 2013-08-30 16:43 - 00000000 ____D C:\Users\KJ\Downloads\Game.of.Thrones.S02
2013-12-26 03:28 - 2013-08-18 22:53 - 00000154 _____ C:\Users\KJ\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-12-26 03:28 - 2013-08-18 22:53 - 00000154 _____ C:\Users\KJ\AppData\Roaming\Rim.Desktop.Exception.log
2013-12-26 03:20 - 2009-07-13 21:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 03:18 - 2013-12-26 03:18 - 00000000 ____D C:\Users\KJ\Desktop\Harpreet
2013-12-24 18:52 - 2013-07-19 14:27 - 00000000 ____D C:\Users\KJ\.gimp-2.8
2013-12-24 18:34 - 2013-12-24 18:34 - 00002055 _____ C:\Users\KJ\AppData\Local\recently-used.xbel
2013-12-24 18:33 - 2013-09-13 21:14 - 00000000 ____D C:\Users\KJ\AppData\Local\gtk-2.0
2013-12-21 11:59 - 2013-11-06 22:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-21 05:34 - 2013-12-21 05:34 - 00000085 _____ C:\Windows\wininit.ini
2013-12-21 05:34 - 2013-11-06 22:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-21 05:33 - 2012-05-12 16:54 - 00000000 ____D C:\Users\KJ\AppData\Roaming\uTorrent
2013-12-21 05:32 - 2011-04-12 00:28 - 00000000 ____D C:\Windows\ShellNew
2013-12-20 17:47 - 2013-12-20 17:47 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2951217715-2226315638-3524513954-1000Core1cefdee96ef1440.job
 
Some content of TEMP:
====================
C:\Users\KJ\AppData\Local\Temp\binkw32.dll
C:\Users\KJ\AppData\Local\Temp\d2l_Install.exe
C:\Users\KJ\AppData\Local\Temp\nse4888.exe
C:\Users\KJ\AppData\Local\Temp\nse7788.exe
C:\Users\KJ\AppData\Local\Temp\nsj4F6D.exe
C:\Users\KJ\AppData\Local\Temp\nso794D.exe
C:\Users\KJ\AppData\Local\Temp\nsy4BD2.exe
C:\Users\KJ\AppData\Local\Temp\nsy4DA7.exe
C:\Users\KJ\AppData\Local\Temp\nsz75E2.exe
C:\Users\KJ\AppData\Local\Temp\Quarantine.exe
C:\Users\KJ\AppData\Local\Temp\uttA8F7.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 11:47
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by KJ at 2014-01-19 13:17:21
Running from C:\Users\KJ\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43 - Atheros Communications Inc.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (x32 Version: 4.45.4.0315 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Diablo II (x32 Version:  - )
Diablo III (x32 Version: 1.0.8.16603 - Blizzard Entertainment)
Epson FAX Utility (x32 Version: 1.10.00 - SEIKO EPSON CORPORATION)
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EPSON WorkForce 320 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (x32 Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (x32 Version: 3.3b - SEIKO EPSON CORPORATION)
FormatFactory 3.0.1 (x32 Version: 3.0.1 - Free Time)
GhostMouse (x32 Version: Free V3.2.1 - ghost-mouse.com)
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Greenshot 1.1.5.2643 (Version: 1.1.5.2643 - Greenshot)
Intel® Management Engine Components (x32 Version: 7.0.0.1118 - Intel Corporation)
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 9 (x32 Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Logitech Print Service (x32 Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 13.0.1 (x86 en-US) (x32 Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 13.0.1 - Mozilla)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417 - MPC-HC Team)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA 3D Vision Controller Driver 296.16 (Version: 296.16 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.0110.1 (x32 Version: 1.00.0001 - GIGABYTE)
Project64 1.6 (x32 Version: 1.6 - Project64)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Sandboxie 3.68 (64-bit) (Version: 3.68 - SANDBOXIE L.T.D)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (Version: 5.6.1040 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.00 beta 3 (64-bit) (Version: 5.00.3 - win.rar GmbH)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {27248996-3427-4C51-A53A-CF3CA153DA1F} - System32\Tasks\{52D59B01-DB0D-42FD-8B1E-2E5312ABC385} => Chrome.exe http://ui.skype.com/ui/0/6.6.73.106.456/en/abandoninstall?page=tsMain
Task: {2BD7C13C-65B0-451F-BB35-A25B8AD2DB67} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe
Task: {5ED69088-BA55-46FC-A2D7-2BA4E171D25C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {7B0EAFDD-6179-4F1D-B58B-A1B1D0EDA131} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {96286682-EC85-4EB8-B1C3-A7111E3A0FBB} - System32\Tasks\{FF4B0E20-3189-4D75-A7D5-CDAF27E4026F} => Chrome.exe http://ui.skype.com/ui/0/5.9.0.115/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {AD4763A2-303D-4F88-B230-5B017BDB920A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2951217715-2226315638-3524513954-1000UA => C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12] (Google Inc.)
Task: {B33C8342-6565-444F-80CD-24ED517BFEF3} - \Dealply No Task File
Task: {E1FF9905-705B-469F-84AA-B9917CE0F335} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2951217715-2226315638-3524513954-1000Core1cefdee96ef1440.job => C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2951217715-2226315638-3524513954-1000UA.job => C:\Users\KJ\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-05 16:38 - 2013-12-03 18:47 - 00702416 _____ () C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 16:38 - 2013-12-03 18:47 - 00099792 _____ () C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 16:38 - 2013-12-03 18:48 - 04055504 _____ () C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 16:38 - 2013-12-03 18:48 - 00399312 _____ () C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 16:38 - 2013-12-03 18:47 - 01619408 _____ () C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 16:38 - 2013-12-03 18:48 - 13586896 _____ () C:\Users\KJ\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/19/2014 00:11:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2014 00:42:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/17/2014 11:25:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2014 01:02:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/15/2014 02:52:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/15/2014 00:19:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: MOVIEMK.exe, version: 2.6.4037.0, time stamp: 0x460d9f31
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1648
Faulting application start time: 0xMOVIEMK.exe0
Faulting application path: MOVIEMK.exe1
Faulting module path: MOVIEMK.exe2
Report Id: MOVIEMK.exe3
 
Error: (01/14/2014 00:02:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/13/2014 11:22:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2014 02:17:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2014 03:28:17 AM) (Source: Application Hang) (User: )
Description: The program videopad.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1f4c
 
Start Time: 01cf0ebf4ec1a1e1
 
Termination Time: 146
 
Application Path: C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe
 
Report Id:
 
 
System errors:
=============
Error: (01/19/2014 00:12:03 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/19/2014 00:12:03 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/19/2014 00:09:57 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (01/19/2014 00:09:53 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/18/2014 03:01:43 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/18/2014 00:42:43 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/18/2014 00:42:43 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/18/2014 00:40:26 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Error: (01/17/2014 08:29:35 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/17/2014 08:15:09 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
Microsoft Office Sessions:
=========================
Error: (01/19/2014 00:11:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2014 00:42:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/17/2014 11:25:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2014 01:02:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/15/2014 02:52:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/15/2014 00:19:54 AM) (Source: Application Error)(User: )
Description: MOVIEMK.exe2.6.4037.0460d9f31unknown0.0.0.000000000c000000500000000164801cf11c9e54e27bfC:\Program Files (x86)\Movie Maker 2.6\MOVIEMK.exeunknowncf6db942-7dbd-11e3-bd41-902b3404fee8
 
Error: (01/14/2014 00:02:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/13/2014 11:22:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2014 02:17:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2014 03:28:17 AM) (Source: Application Hang)(User: )
Description: videopad.exe0.0.0.01f4c01cf0ebf4ec1a1e1146C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-08 02:59:01.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:59:01.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:59:01.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:55:15.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:55:15.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:55:15.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:47:53.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:47:53.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:47:53.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 02:47:53.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 4079.3 MB
Available physical RAM: 2055.89 MB
Total Pagefile: 8156.79 MB
Available Pagefile: 5521.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:1.25 GB) NTFS
Drive d: (EXPANSION) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
Drive e: (ACER) (Fixed) (Total:144.29 GB) (Free:24.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (DATA) (Fixed) (Total:144.04 GB) (Free:75.39 GB) NTFS
Drive g: (Tomb Raider) (CDROM) (Total:9.36 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00947EF5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 298 GB) (Disk ID: 235BFA9F)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=06)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 19 January 2014 - 05:13 PM

Greetings KJ,

We have a few things to address in this first round. Please consider and perform the following or me.

===================================================

No Antivirus Program Installed

-------------------
  • Please download and install an antivirus program, and make sure that you keep it updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus.
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Please download and run Microsoft Fix it 50688 to fix a non-malware related technical issue with Windows.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
MountPoints2: G - G:\Setup.exe
MountPoints2: {3619e0de-9d0b-11e1-8ed1-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {7b0f3983-da77-11e1-bdde-902b3404fee8} - G:\Setup.exe
S1 lywtxjga; \??\C:\Windows\system32\drivers\lywtxjga.sys [x]
C:\Users\KJ\AppData\Local\Temp\binkw32.dll
C:\Users\KJ\AppData\Local\Temp\d2l_Install.exe
C:\Users\KJ\AppData\Local\Temp\nse4888.exe
C:\Users\KJ\AppData\Local\Temp\nse7788.exe
C:\Users\KJ\AppData\Local\Temp\nsj4F6D.exe
C:\Users\KJ\AppData\Local\Temp\nso794D.exe
C:\Users\KJ\AppData\Local\Temp\nsy4BD2.exe
C:\Users\KJ\AppData\Local\Temp\nsy4DA7.exe
C:\Users\KJ\AppData\Local\Temp\nsz75E2.exe
C:\Users\KJ\AppData\Local\Temp\Quarantine.exe
C:\Users\KJ\AppData\Local\Temp\uttA8F7.tmp.exe
Task: {B33C8342-6565-444F-80CD-24ED517BFEF3} - \Dealply No Task File
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe
C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe
C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 January 2014 - 06:30 PM

AdwCleaner:

 

# AdwCleaner v3.017 - Report created 19/01/2014 at 15:11:00
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : KJ - KJ
# Running from : C:\Users\KJ\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\KJ\AppData\Roaming\NCH Software
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\KJ\AppData\Roaming\Mozilla\Firefox\Profiles\zwi6qlni.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11705 octets] - [10/11/2013 17:56:52]
AdwCleaner[R1].txt - [1884 octets] - [19/01/2014 15:06:46]
AdwCleaner[S0].txt - [11444 octets] - [10/11/2013 17:57:30]
AdwCleaner[S1].txt - [1594 octets] - [19/01/2014 15:11:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1654 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Junkware:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by KJ on Sun 01/19/2014 at 15:18:25.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/19/2014 at 15:22:18.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
 
 
Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04
Ran by KJ at 2014-01-19 15:27:20 Run:1
Running from C:\Users\KJ\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
MountPoints2: G - G:\Setup.exe
MountPoints2: {3619e0de-9d0b-11e1-8ed1-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {7b0f3983-da77-11e1-bdde-902b3404fee8} - G:\Setup.exe
S1 lywtxjga; \??\C:\Windows\system32\drivers\lywtxjga.sys [x]
C:\Users\KJ\AppData\Local\Temp\binkw32.dll
C:\Users\KJ\AppData\Local\Temp\d2l_Install.exe
C:\Users\KJ\AppData\Local\Temp\nse4888.exe
C:\Users\KJ\AppData\Local\Temp\nse7788.exe
C:\Users\KJ\AppData\Local\Temp\nsj4F6D.exe
C:\Users\KJ\AppData\Local\Temp\nso794D.exe
C:\Users\KJ\AppData\Local\Temp\nsy4BD2.exe
C:\Users\KJ\AppData\Local\Temp\nsy4DA7.exe
C:\Users\KJ\AppData\Local\Temp\nsz75E2.exe
C:\Users\KJ\AppData\Local\Temp\Quarantine.exe
C:\Users\KJ\AppData\Local\Temp\uttA8F7.tmp.exe
Task: {B33C8342-6565-444F-80CD-24ED517BFEF3} - \Dealply No Task File
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe
C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe
C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3619e0de-9d0b-11e1-8ed1-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{3619e0de-9d0b-11e1-8ed1-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b0f3983-da77-11e1-bdde-902b3404fee8} => Key deleted successfully.
HKCR\CLSID\{7b0f3983-da77-11e1-bdde-902b3404fee8} => Key not found.
lywtxjga => Service deleted successfully.
C:\Users\KJ\AppData\Local\Temp\binkw32.dll => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\d2l_Install.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nse4888.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nse7788.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nsj4F6D.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nso794D.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nsy4BD2.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nsy4DA7.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\nsz75E2.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\KJ\AppData\Local\Temp\uttA8F7.tmp.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B33C8342-6565-444F-80CD-24ED517BFEF3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B33C8342-6565-444F-80CD-24ED517BFEF3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
"C:\Windows\TEMP\{61C70479-654C-4600-935E-0673D186707C}.exe" => File/Directory not found.
"C:\Windows\TEMP\{02CBDBBA-4CC3-4966-AB96-469E79E35803}.exe" => File/Directory not found.
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Not exactly what you mean when you ask how my computer is running :P Other than the HD problem, seems to be normal. Sorry if I misunderstood.
 
Also, I installed Avira and uninstalled uTorrent a few weeks ago (it doesn't show in my add/remove programs list).

Edited by kanucks25, 19 January 2014 - 06:31 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 19 January 2014 - 06:35 PM

Are you still losing hard drive space? If necessary, give it some time and monitor it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 19 January 2014 - 06:37 PM

Also, there is no evidence Avira is installed on your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 January 2014 - 07:05 PM

Yes, I'll have to monitor it over a few hours to know.

 

I forgot to mention it before, but I noticed space would be reduced in chunks (like 1GB per minute) when I watched videos on the internet on certain sites and when I used this video editing software (which I now uninstalled). Don't know if that's important but I thought I'd let you know.

 

M6lyJCU.png



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 19 January 2014 - 07:08 PM

Thanks for the information. Avira is not listed anywhere in the reports but it is obviously there!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 January 2014 - 07:10 PM

Just went down at least ~200MB over the past 10 minutes. Only thing I did was post here during that time.

 

e/ Now back up 100MB  :bananas:


Edited by kanucks25, 19 January 2014 - 07:21 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 19 January 2014 - 07:28 PM

Please disconnect from the internet and check the fluctuation.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 January 2014 - 07:29 PM

(Just went down another 100MB).

 

 

Okay, I'll disconnect and monitor for about 30 mins (a bit longer if there's no change) and get back to you.



#15 kanucks25

kanucks25
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 January 2014 - 08:25 PM

Disconnecting didn't help, still happening :(

 

I also uninstalled a few programs and lost even more space somehow.  :scratchhead:

 

e/ Just went up ~700MB over the past 10 minutes

 

e2/ Any sort of program out there that monitors file changes/creations/deletions? Perhaps we can pinpoint where the activity is and then figure out why from there?


Edited by kanucks25, 19 January 2014 - 08:46 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users