Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe taking up a lot of memory.


  • This topic is locked This topic is locked
89 replies to this topic

#1 theoriginal

theoriginal

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:09:01 PM

Posted 02 February 2014 - 08:13 PM

Hi, as of recent, the problem I am experiencing is that the process called "svchost.exe" is using up a lot of memory. This problem started yesterday, and the last thing I remember doing is surfing the web with google chrome and then chrome's pop-up blocker blocked a pop-up window (I had chrome's adblock extension enabled as well). I'm not sure if that pop-up window in chrome had anything to do with triggering the svchost procress, though. I know for a fact that I had a similar problem before with svchost but then it went away after about 2 days. Assistance would be appreciated in helping me solve this problem. Thank you!! :)

 

Note: I notice that when I restart the computer, the svchost process decreases memory usage gradually, then increases it. I believe the second instance of svchost (there are multiple ones) is the one that's causing the problem. It's the one that starts up at around 110,000 K. This instance of svchost always increases to a maximum of around 205,000 K.

 

Here's my dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Yovanny at 19:44:18 on 2014-02-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16335.11912 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\Yovanny\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [F.lux] "C:\Users\Yovanny\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{F73B0AF9-0874-443C-8275-92C3AF78887E} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\a57yvq5i.default-1391112276605\
FF - prefs.js: browser.startup.homepage - www.google.com/firefox
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-12-2 565528]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-16 23832]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-11-27 67584]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-11-16 7168]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-27 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-8 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-16 677480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-27 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\System32\drivers\ActionReplayDS_x64.sys [2012-11-28 51600]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-11-16 130976]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-27 15129376]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-11-19 31800]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-15 1403200]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-11-29 113936]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 418376]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-02 08:43:26    --------    d-----w-    C:\Users\Yovanny\AppData\Local\Skype
2014-02-02 08:43:10    --------    d-----r-    C:\Program Files (x86)\Skype
2014-02-02 07:58:54    --------    d-----w-    C:\AdwCleaner
2014-01-31 13:50:07    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD070E2E-1F21-4638-8715-171DF2B2A110}\mpengine.dll
2014-01-29 09:03:57    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 02:52:15    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\Mp3tag
2014-01-29 02:51:55    --------    d-----w-    C:\Program Files (x86)\Mp3tag
2014-01-28 23:52:40    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\dBpoweramp
2014-01-28 23:33:31    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\AccurateRip
2014-01-28 23:33:25    4845640    ----a-w-    C:\Windows\SysWow64\SpoonUninstall.exe
2014-01-28 23:33:21    --------    d-----w-    C:\Program Files (x86)\Illustrate
2014-01-28 22:23:29    --------    d-----w-    C:\Users\Yovanny\Misc
2014-01-25 10:00:43    --------    d-----w-    C:\ModMii
2014-01-25 04:11:47    --------    d-----w-    C:\Program Files (x86)\EaseUS
2014-01-20 15:07:33    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 10:27:13    --------    d-----w-    C:\Program Files (x86)\uTorrent
2014-01-15 08:09:50    --------    d-----w-    C:\Program Files\VideoLAN
2014-01-15 00:48:48    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 00:48:48    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 00:48:48    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 00:48:48    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 00:48:48    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 00:48:48    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 00:48:48    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 00:48:47    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 00:48:46    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-14 18:59:15    218200    ----a-w-    C:\Windows\SysWow64\unrar.dll
2014-01-12 21:18:48    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\LibreOffice
2014-01-12 21:14:13    --------    d-----w-    C:\Program Files (x86)\LibreOffice 4
2014-01-10 03:29:57    --------    d-----w-    C:\Users\Yovanny\AppData\Local\gtk-2.0
2014-01-05 18:08:26    99384    ----a-w-    C:\Users\Yovanny\AppData\Roaming\inst.exe
2014-01-05 18:08:26    82816    ----a-w-    C:\Users\Yovanny\AppData\Roaming\pcouffin.sys
.
==================== Find3M  ====================
.
2014-01-19 15:44:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 15:44:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-19 18:53:46    6671648    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-12-19 17:20:22    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48    3539040    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-12-18 11:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-11 05:34:04    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 02:15:06    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:14:54    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:30    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-11-29 22:44:32    252688    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2013-11-29 22:43:00    154896    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-11-29 22:43:00    140560    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-11-29 22:43:00    126736    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-11-29 22:42:58    113936    ----a-w-    C:\Windows\System32\drivers\VBoxUSB.sys
2013-11-29 22:40:46    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2013-11-28 13:38:22    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18    197408    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-24 23:53:35    381440    ----a-w-    C:\Windows\System32\drivers\sptd.sys
2013-11-24 01:17:22    28    ----a-w-    C:\Windows\SysWow64\autoscan.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08    1515296    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-11-14 11:55:45    1510176    ----a-w-    C:\Windows\System32\nvhdagenco64.dll
2013-11-14 11:55:24    1884448    ----a-w-    C:\Windows\System32\nvdispco6433182.dll
2013-11-14 11:55:24    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433182.dll
2013-11-13 10:51:44    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2013-11-13 03:54:01    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-13 03:54:01    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-06 00:47:54    3707864    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2013-11-05 23:54:54    38385664    ----a-w-    C:\Windows\System32\RCoRes64.dat
.
============= FINISH: 19:44:39.75 ===============
 

Attached Files


Edited by theoriginal, 03 February 2014 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 07 February 2014 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523011 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:09:01 PM

Posted 07 February 2014 - 09:58 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Yovanny at 21:47:38 on 2014-02-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16335.12406 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Yovanny\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [F.lux] "C:\Users\Yovanny\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{F73B0AF9-0874-443C-8275-92C3AF78887E} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\a57yvq5i.default-1391112276605\
FF - prefs.js: browser.startup.homepage - www.google.com/firefox
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-12-2 565528]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-16 23832]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-11-27 67584]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-11-16 7168]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1593632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-27 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-27 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\System32\drivers\ActionReplayDS_x64.sys [2012-11-28 51600]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-11-16 130976]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-27 16939296]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-11-19 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-16 677480]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-15 1403200]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-11-29 113936]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 418376]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-07 16:29:22    --------    d-----w-    C:\Program Files (x86)\Mobipocket.com
2014-02-07 09:52:41    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{35644D90-54A7-4E59-875C-0887D243722A}\mpengine.dll
2014-02-06 12:19:42    --------    d-----w-    C:\Program Files (x86)\uTorrent
2014-02-06 11:37:01    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-02-06 11:37:01    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-02-06 11:37:01    33056    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-02-06 11:01:35    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\uTorrent
2014-02-05 23:46:37    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-05 23:42:05    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-04 08:40:48    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\BleachBit
2014-02-03 08:20:35    252688    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2014-02-03 08:20:29    126736    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-02-02 08:43:26    --------    d-----w-    C:\Users\Yovanny\AppData\Local\Skype
2014-02-02 08:43:10    --------    d-----r-    C:\Program Files (x86)\Skype
2014-02-02 07:58:54    --------    d-----w-    C:\AdwCleaner
2014-01-29 09:03:57    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 02:52:15    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\Mp3tag
2014-01-29 02:51:55    --------    d-----w-    C:\Program Files (x86)\Mp3tag
2014-01-28 23:52:40    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\dBpoweramp
2014-01-28 23:33:31    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\AccurateRip
2014-01-28 23:33:25    4845640    ----a-w-    C:\Windows\SysWow64\SpoonUninstall.exe
2014-01-28 23:33:21    --------    d-----w-    C:\Program Files (x86)\Illustrate
2014-01-28 22:23:29    --------    d-----w-    C:\Users\Yovanny\Misc
2014-01-25 10:00:43    --------    d-----w-    C:\ModMii
2014-01-25 04:11:47    --------    d-----w-    C:\Program Files (x86)\EaseUS
2014-01-20 15:07:33    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 08:09:50    --------    d-----w-    C:\Program Files\VideoLAN
2014-01-15 00:48:48    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 00:48:48    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 00:48:48    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 00:48:48    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 00:48:48    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 00:48:48    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 00:48:48    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 00:48:47    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 00:48:46    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-14 18:59:15    218200    ----a-w-    C:\Windows\SysWow64\unrar.dll
2014-01-12 21:18:48    --------    d-----w-    C:\Users\Yovanny\AppData\Roaming\LibreOffice
2014-01-12 21:14:13    --------    d-----w-    C:\Program Files (x86)\LibreOffice 4
2014-01-10 03:29:57    --------    d-----w-    C:\Users\Yovanny\AppData\Local\gtk-2.0
.
==================== Find3M  ====================
.
2014-02-05 10:34:06    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 10:34:06    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-21 02:53:40    1048152    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29    1179576    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-01-16 14:59:44    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-05 18:08:26    99384    ----a-w-    C:\Users\Yovanny\AppData\Roaming\inst.exe
2014-01-05 18:08:26    82816    ----a-w-    C:\Users\Yovanny\AppData\Roaming\pcouffin.sys
2013-12-19 18:53:46    6671648    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-12-19 17:20:22    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48    3539040    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-12-18 22:16:44    154896    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-12-18 22:16:44    140560    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-12-18 22:13:30    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2013-11-29 22:42:58    113936    ----a-w-    C:\Windows\System32\drivers\VBoxUSB.sys
2013-11-28 13:38:22    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18    197408    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-24 23:53:35    381440    ----a-w-    C:\Windows\System32\drivers\sptd.sys
2013-11-24 01:17:22    28    ----a-w-    C:\Windows\SysWow64\autoscan.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08    1515296    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-11-14 11:55:45    1510176    ----a-w-    C:\Windows\System32\nvhdagenco64.dll
2013-11-14 11:55:24    1884448    ----a-w-    C:\Windows\System32\nvdispco6433182.dll
2013-11-14 11:55:24    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433182.dll
2013-11-13 10:51:44    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2013-11-13 03:54:01    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-13 03:54:01    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:47:43.94 ===============

 

I have the original Windows CD.
 

Attached Files



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:01 PM

Posted 08 February 2014 - 09:52 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

 
81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:09:01 PM

Posted 08 February 2014 - 11:22 PM

# AdwCleaner v3.018 - Report created 08/02/2014 at 23:10:49
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Yovanny - YOVANNY-PC
# Running from : C:\Users\Yovanny\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\a57yvq5i.default-1391112276605\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Yovanny\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2208 octets] - [02/02/2014 03:00:02]
AdwCleaner[R1].txt - [1114 octets] - [08/02/2014 23:10:49]
AdwCleaner[S0].txt - [2259 octets] - [02/02/2014 03:03:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1234 octets] ##########
 

Attached Files



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:01 PM

Posted 09 February 2014 - 11:00 AM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:09:01 PM

Posted 09 February 2014 - 01:39 PM

ComboFix 14-02-05.02 - Yovanny 02/09/2014  12:57:46.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16335.13535 [GMT -5:00]
Running from: c:\users\Yovanny\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yovanny\AppData\Local\assembly\tmp
c:\windows\SysWow64\autoscan.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-09 to 2014-02-09  )))))))))))))))))))))))))))))))
.
.
2014-02-09 18:02 . 2014-02-09 18:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-09 07:00 . 2014-02-09 07:00    --------    d-----w-    c:\users\Yovanny\AppData\Local\Adobe
2014-02-07 16:29 . 2014-02-07 16:29    --------    d-----w-    c:\program files (x86)\Mobipocket.com
2014-02-07 09:52 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{35644D90-54A7-4E59-875C-0887D243722A}\mpengine.dll
2014-02-06 12:19 . 2014-02-06 12:19    --------    d-----w-    c:\program files (x86)\uTorrent
2014-02-06 11:37 . 2013-12-27 18:42    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-02-06 11:37 . 2013-12-27 18:42    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2014-02-06 11:37 . 2013-12-27 18:42    33056    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-02-06 11:01 . 2014-02-09 17:58    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\uTorrent
2014-02-05 23:46 . 2014-02-06 00:41    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-05 23:42 . 2014-02-05 23:46    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-04 08:40 . 2014-02-04 08:40    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\BleachBit
2014-02-03 17:17 . 2014-02-03 17:17    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\Oracle
2014-02-03 08:20 . 2013-12-18 22:19    252688    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys
2014-02-03 08:20 . 2013-12-18 22:16    126736    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys
2014-02-02 08:43 . 2014-02-02 08:43    --------    d-----w-    c:\users\Yovanny\AppData\Local\Skype
2014-02-02 08:43 . 2014-02-03 18:16    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\Skype
2014-02-02 08:43 . 2014-02-02 08:43    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-02-02 08:43 . 2014-02-03 18:13    --------    d-----r-    c:\program files (x86)\Skype
2014-02-02 08:43 . 2014-02-03 18:13    --------    d-----w-    c:\programdata\Skype
2014-02-02 07:58 . 2014-02-09 04:11    --------    d-----w-    C:\AdwCleaner
2014-01-29 09:03 . 2014-01-29 23:35    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 02:52 . 2014-01-29 22:07    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\Mp3tag
2014-01-29 02:51 . 2014-01-29 02:51    --------    d-----w-    c:\program files (x86)\Mp3tag
2014-01-28 23:52 . 2014-01-28 23:52    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\dBpoweramp
2014-01-28 23:33 . 2014-01-28 23:33    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\AccurateRip
2014-01-28 23:33 . 2014-01-28 23:33    4845640    ----a-w-    c:\windows\SysWow64\SpoonUninstall.exe
2014-01-28 23:33 . 2014-01-28 23:33    --------    d-----w-    c:\program files (x86)\Illustrate
2014-01-28 22:23 . 2014-01-28 22:24    --------    d-----w-    c:\users\Yovanny\Misc
2014-01-25 10:00 . 2014-02-07 08:48    --------    d-----w-    C:\ModMii
2014-01-25 04:11 . 2014-01-28 18:23    --------    d-----w-    c:\program files (x86)\EaseUS
2014-01-20 15:07 . 2013-12-19 02:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 08:10 . 2014-02-09 03:56    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\vlc
2014-01-15 08:09 . 2014-01-15 08:09    --------    d-----w-    c:\program files\VideoLAN
2014-01-15 00:48 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 00:48 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 00:48 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 00:48 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 00:48 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 00:48 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 00:48 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 00:48 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-15 00:48 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-14 18:59 . 2013-12-01 13:10    218200    ----a-w-    c:\windows\SysWow64\unrar.dll
2014-01-12 21:18 . 2014-01-12 21:18    --------    d-----w-    c:\users\Yovanny\AppData\Roaming\LibreOffice
2014-01-12 21:14 . 2014-01-12 21:15    --------    d-----w-    c:\program files (x86)\LibreOffice 4
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 10:34 . 2012-11-27 18:50    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 10:34 . 2012-11-27 18:50    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-21 02:53 . 2013-11-27 09:27    1048152    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-01-21 02:53 . 2013-11-27 09:27    1179576    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-01-16 14:59 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-15 01:25 . 2012-11-26 22:25    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-05 18:08 . 2014-01-05 18:08    99384    ----a-w-    c:\users\Yovanny\AppData\Roaming\inst.exe
2014-01-05 18:08 . 2014-01-05 18:08    82816    ----a-w-    c:\users\Yovanny\AppData\Roaming\pcouffin.sys
2013-12-19 20:33 . 2014-01-08 08:09    9700224    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2013-12-19 20:33 . 2014-01-08 08:09    9657464    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-12-19 20:33 . 2014-01-08 08:09    882464    ----a-w-    c:\windows\system32\NvIFR64.dll
2013-12-19 20:33 . 2014-01-08 08:09    879392    ----a-w-    c:\windows\system32\NvFBC64.dll
2013-12-19 20:33 . 2014-01-08 08:09    852768    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2013-12-19 20:33 . 2014-01-08 08:09    847648    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2013-12-19 20:33 . 2014-01-08 08:09    479520    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2013-12-19 20:33 . 2014-01-08 08:09    405280    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2013-12-19 20:33 . 2014-01-08 08:09    357152    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2013-12-19 20:33 . 2014-01-08 08:09    317472    ----a-w-    c:\windows\system32\nvoglshim64.dll
2013-12-19 20:33 . 2014-01-08 08:09    314656    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2013-12-19 20:33 . 2014-01-08 08:09    3132704    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-12-19 20:33 . 2014-01-08 08:09    3125024    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-12-19 20:33 . 2014-01-08 08:09    30372640    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-12-19 20:33 . 2014-01-08 08:09    2947872    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2013-12-19 20:33 . 2014-01-08 08:09    2747680    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2013-12-19 20:33 . 2014-01-08 08:09    266984    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2013-12-19 20:33 . 2014-01-08 08:09    25257248    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-12-19 20:33 . 2014-01-08 08:09    22960416    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-12-19 20:33 . 2014-01-08 08:09    1884448    ----a-w-    c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 08:09    18222008    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-12-19 20:33 . 2014-01-08 08:09    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2013-12-19 20:33 . 2014-01-08 08:09    168616    ----a-w-    c:\windows\system32\nvinitx.dll
2013-12-19 20:33 . 2014-01-08 08:09    15877216    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-12-19 20:33 . 2014-01-08 08:09    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433221.dll
2013-12-19 20:33 . 2014-01-08 08:09    141336    ----a-w-    c:\windows\SysWow64\nvinit.dll
2013-12-19 20:33 . 2014-01-08 08:09    12645664    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-12-19 20:33 . 2014-01-08 08:09    1242400    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2013-12-19 20:33 . 2014-01-08 08:09    11605752    ----a-w-    c:\windows\system32\nvcuda.dll
2013-12-19 20:33 . 2014-01-08 08:09    11554264    ----a-w-    c:\windows\system32\nvopencl.dll
2013-12-19 20:33 . 2013-11-27 09:14    2698272    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-12-19 20:33 . 2012-11-16 08:58    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-12-19 20:33 . 2012-11-16 08:58    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-12-19 20:33 . 2012-11-16 08:57    3071656    ----a-w-    c:\windows\system32\nvapi64.dll
2013-12-19 20:33 . 2012-11-16 08:57    18310112    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-12-19 20:33 . 2012-11-16 08:57    15230352    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-12-19 20:33 . 2012-11-16 08:57    1436528    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-12-19 18:53 . 2012-11-16 08:58    6671648    ----a-w-    c:\windows\system32\nvcpl.dll
2013-12-19 18:53 . 2012-11-16 08:58    3490080    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-12-19 18:53 . 2012-11-16 08:58    922912    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-12-19 18:53 . 2012-11-16 08:58    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-12-19 18:53 . 2012-11-16 08:58    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2013-12-19 17:20 . 2013-12-19 17:20    590112    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-12-19 05:01 . 2012-11-16 08:58    3539040    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-12-18 22:16 . 2013-12-18 22:16    154896    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys
2013-12-18 22:16 . 2013-12-18 22:16    140560    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys
2013-12-18 22:13 . 2013-12-18 22:13    204048    ----a-w-    c:\windows\system32\VBoxNetFltNobj.dll
2013-11-29 22:42 . 2013-11-29 22:42    113936    ----a-w-    c:\windows\system32\drivers\VBoxUSB.sys
2013-11-28 13:38 . 2014-01-08 08:09    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-11-28 13:38 . 2014-01-08 08:09    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-11-26 11:54 . 2013-12-10 21:54    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-10 21:54    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-10 21:54    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-10 21:54    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-10 21:54    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-10 21:54    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-10 21:54    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-10 21:54    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-10 21:54    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-10 21:54    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-10 21:54    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-10 21:54    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-10 21:54    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-10 21:54    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-10 21:54    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-10 21:54    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-10 21:54    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-10 21:54    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-10 21:54    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-10 21:54    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-10 21:54    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-10 21:54    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-10 21:54    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-10 21:54    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-24 23:53 . 2013-11-24 23:21    381440    ----a-w-    c:\windows\system32\drivers\sptd.sys
2013-11-23 18:26 . 2013-12-10 21:51    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 21:51    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 08:36 . 2014-01-08 08:09    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-11-14 11:55 . 2013-11-27 09:14    1510176    ----a-w-    c:\windows\system32\nvhdagenco64.dll
2013-11-14 11:55 . 2013-11-27 09:14    1884448    ----a-w-    c:\windows\system32\nvdispco6433182.dll
2013-11-14 11:55 . 2013-11-27 09:14    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433182.dll
2013-11-13 10:51 . 2013-11-13 10:51    42184    ----a-w-    c:\windows\system32\drivers\taphss6.sys
2013-11-13 03:54 . 2013-11-13 03:54    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-13 03:54 . 2013-11-13 03:54    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-13 03:53 . 2013-11-13 03:53    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-13 03:53 . 2013-11-13 03:53    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-13 03:53 . 2013-11-13 03:53    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-13 03:53 . 2013-11-13 03:53    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-13 03:53 . 2013-11-13 03:53    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-13 03:53 . 2013-11-13 03:53    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-13 03:53 . 2013-11-13 03:53    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-13 03:53 . 2013-11-13 03:53    942592    ----a-w-    c:\windows\system32\jsIntl.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Yovanny\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2014-02-06 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-12-02 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys;c:\windows\SYSNATIVE\Drivers\ActionReplayDS_x64.sys [x]
R3 cpuz135;cpuz135;c:\users\Yovanny\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Yovanny\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69083962
*Deregistered* - 69083962
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 13:52    1211720    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 10:34]
.
2014-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09 14:37]
.
2014-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-05 7204568]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\a57yvq5i.default-1391112276605\
FF - prefs.js: browser.startup.homepage - www.google.com/firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-09  13:04:20
ComboFix-quarantined-files.txt  2014-02-09 18:04
.
Pre-Run: 983,647,461,376 bytes free
Post-Run: 983,486,951,424 bytes free
.
- - End Of File - - 2B35B5A65B55D78E504253B8EED84035
 



#8 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:09:01 PM

Posted 09 February 2014 - 01:49 PM

Note: After running Combofix, I had to restart the computer since some programs in the task pane were closed and User Account Control wasn't working properly. When the PC restarted, I noticed that Internet Explorer no longer works how it used to and Mozilla Firefox asked me if I wanted to make it the default web browser. Also, I see that on the root of the C drive there are folders which were previously hidden are now visible; even if i set the values to default in the "view" tab in Folder Options. There is also a "Recycle.Bin" folder visible on the root of my external harddrive. I don't know if other programs were affected by combofix but hopefully we can resolve this issue.


Edited by theoriginal, 09 February 2014 - 01:56 PM.


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:01 PM

Posted 09 February 2014 - 05:50 PM

When the PC restarted, I noticed that Internet Explorer no longer works how it used to and Mozilla Firefox asked me if I wanted to make it the default web browser. Also, I see that on the root of the C drive there are folders which were previously hidden are now visible;

ComboFix will, as part of its routine, set some parts of your system back to default.  What you are seeing with Internet Explorer and Firefox is just a result of that as well as the hidden folders now being visible.  That will be fixed later.  :)  

 

I am looking at something in your logs....are you in the San Fran area by chance?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:09:01 PM

Posted 09 February 2014 - 05:55 PM

Nope, I live in New York. Also, I am glad to know that the Combofix issue can be resolved :)



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:01 PM

Posted 09 February 2014 - 06:25 PM

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • ------------
     
    Post the new log and let me know how your system is running now.  :)

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #12 theoriginal

    theoriginal
    • Topic Starter

    • Members
    • 82 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:New York, NY
    • Local time:09:01 PM

    Posted 09 February 2014 - 06:46 PM

    # AdwCleaner v3.018 - Report created 09/02/2014 at 18:30:37
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Yovanny - YOVANNY-PC
    # Running from : C:\Users\Yovanny\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v27.0 (en-US)

    [ File : C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\a57yvq5i.default-1391112276605\prefs.js ]


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Users\Yovanny\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [2208 octets] - [02/02/2014 03:00:02]
    AdwCleaner[R1].txt - [1314 octets] - [08/02/2014 23:10:49]
    AdwCleaner[R2].txt - [1374 octets] - [09/02/2014 18:27:55]
    AdwCleaner[S0].txt - [2259 octets] - [02/02/2014 03:03:49]
    AdwCleaner[S1].txt - [1301 octets] - [09/02/2014 18:30:37]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1361 octets] ##########
     



    #13 theoriginal

    theoriginal
    • Topic Starter

    • Members
    • 82 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:New York, NY
    • Local time:09:01 PM

    Posted 09 February 2014 - 06:58 PM

    I have noticed that after the system restarted, the memory usage started at 1.93 GB. It then increased to 2.47 and fluctated a bit to 3.10 GB. After a few minutes, the memory usage decreased substantially and when back down to 1.93. It has decreased a little bit since then as well :) Another thing to note is that the process indicator light isn't blinking like crazy as before. The process indicator light going crazy was what worried me the most. The light right now is back to normal like it used to be (like when I first got the computer).

     

    I have 3 questions:

     

    1. Is it normal, however, for svchost to start out with low memory usage, increase, and then decrease a lot?

     

    2. Do you know the kind of malware that I aquired which caused this problem?

     

    3. Do processes always increase slightly in memory usage as time passes?


    Edited by theoriginal, 09 February 2014 - 07:02 PM.


    #14 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:09:01 PM

    Posted 10 February 2014 - 07:35 AM

    Good to hear your system is running better now.   :)  
     

    Is it normal, however, for svchost to start out with low memory usage, increase, and then decrease a lot?

    That could be perfectly normal, especially depending on what program is accessing the svchost.  
    -----------------
     

    Do you know the kind of malware that I aquired which caused this problem?

    Looks more like it was a bunch of junk "messing" with your system rather than full blown malware.  That is not to say that malware wasn't right on the verge of being on your machine either.
    ----------------
     

    Do processes always increase slightly in memory usage as time passes?

    That would really depend on what software is running on the system that you can see and what is running "behind the scenes".  
    ----------------
     
    Let's check for anything else that might be hiding on your system...
     
    GUZVCQN.jpgMalwarebytes
     
    Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
    ----------
     

    ESET Online Scanner
     
    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 theoriginal

    theoriginal
    • Topic Starter

    • Members
    • 82 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:New York, NY
    • Local time:09:01 PM

    Posted 10 February 2014 - 12:50 PM

    ESET Online Scanner Log:

     

    C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe    a variant of Win32/RiskWare.HackAV.JA application
    C:\ProgramData\YTD Video Downloader\ytd_installer.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Users\All Users\YTD Video Downloader\ytd_installer.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Users\Yovanny\Downloads\391-WinRAR.rar    a variant of Win32/Keygen.AI potentially unsafe application
    C:\Users\Yovanny\Downloads\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Users\Yovanny\Downloads\TNod-1.4.2.3-final-setup.rar    a variant of Win32/RiskWare.HackAV.JA application
    C:\Users\Yovanny\Downloads\YTDSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Users\Yovanny\Downloads\Winrar Installation\WinRAR.v3.91.Final.FFF\Keygen\Keygen.exe    a variant of Win32/Keygen.AI potentially unsafe application
    C:\Users\Yovanny\Roms\N64 Roms\Project64_2.0.zip    Win32/Adware.Lollipop.D application
    C:\Users\Yovanny\µTorrent Downloads\Techsmith.Snagit.v11.1.0.Build.248.Incl.11.x.Keygen-MESMESiZE.collected.by-theluckyman.rar    a variant of Win32/Keygen.CZ potentially unsafe application
    C:\Users\Yovanny\µTorrent Downloads\Adobe.Dreamweaver.CS5.v11.0.4909.Multilingual.Incl.Keymaker-CORE\cr-001ke.zip    a variant of Win32/Keygen.BH potentially unsafe application
    E:\Downloads 2014-02-08 21;10;00 (Full)\391-WinRAR.rar    a variant of Win32/Keygen.AI potentially unsafe application
    E:\Downloads 2014-02-08 21;10;00 (Full)\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
    E:\Downloads 2014-02-08 21;10;00 (Full)\TNod-1.4.2.3-final-setup.rar    a variant of Win32/RiskWare.HackAV.JA application
    E:\Downloads 2014-02-08 21;10;00 (Full)\YTDSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    E:\Downloads 2014-02-08 21;10;00 (Full)\Winrar Installation\WinRAR.v3.91.Final.FFF\Keygen\Keygen.exe    a variant of Win32/Keygen.AI potentially unsafe application
    E:\Roms 2014-02-08 21;33;21 (Full)\N64 Roms\Project64_2.0.zip    Win32/Adware.Lollipop.D application
    E:\µTorrent Downloads 2014-02-08 13;01;13 (Full)\Techsmith.Snagit.v11.1.0.Build.248.Incl.11.x.Keygen-MESMESiZE.collected.by-theluckyman.rar    a variant of Win32/Keygen.CZ potentially unsafe application
    E:\µTorrent Downloads 2014-02-08 13;01;13 (Full)\Adobe.Dreamweaver.CS5.v11.0.4909.Multilingual.Incl.Keymaker-CORE\cr-001ke.zip    a variant of Win32/Keygen.BH potentially unsafe application
     

    Attached Files


    Edited by theoriginal, 10 February 2014 - 01:09 PM.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users