Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Right click menu closes immediately, can't drag files, etc.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Lastm4nstanding

Lastm4nstanding

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 23 April 2014 - 03:02 AM

When I right click something the menu will pop up for a millisecond and then shut.
Won't let me drag my files or icons.
Keeps using the ESC key function when I'm running programs.
Closes task manager when I open it.
 
I've already gotten a lot of the bugs cleared off, thanks to Noknojon's help, but it's still doing these things.
What should I do now?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by Getsuneko at 2:50:57 on 2014-04-23
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1790.597 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uProxyOverride = <-loopback>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [DAEMON Tools Ultra Agent] "c:\program files\daemon tools ultra\DTAgent.exe" -autorun
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{362C541A-72DF-4EAE-A303-2EFBC6C6A809} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7B29A952-8B71-46F0-BE5B-9F9EDCD1CF5A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7B29A952-8B71-46F0-BE5B-9F9EDCD1CF5A}\E45445745414258383 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\getsuneko\appdata\roaming\mozilla\firefox\profiles\ityjp7q4.default\
FF - prefs.js: browser.startup.homepage - Facebook.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 wStLibG;wStLibG;c:\windows\system32\drivers\wStLibG.sys [2014-3-28 52928]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-20 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-20 857912]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2014-2-12 753880]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2014-4-6 24704]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-20 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-20 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-20 51416]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BRCM;Broadcom USB to Serial Service;c:\windows\system32\drivers\bcmvcp.sys [2014-3-22 87176]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2014-3-13 29472]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-13 108032]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-26 40736]
S3 massfilter_brcm;HandSet Mass Storage Filter Driver Brcm;c:\windows\system32\drivers\massfilter_brcm.sys [2014-3-22 17672]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-6 29728]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-3-22 13464]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
.
=============== Created Last 30 ================
.
2014-04-22 22:56:33 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9e3fcf0-016e-478e-a05d-373d39e879c5}\mpengine.dll
2014-04-22 19:42:26 -------- d-----w- c:\program files\ESET
2014-04-22 04:27:06 -------- d-----w- C:\AdwCleaner
2014-04-21 21:27:25 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-21 17:30:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-21 08:42:00 -------- d-s---w- C:\ComboFix
2014-04-21 08:20:04 -------- d-----w- c:\program files\CCleaner
2014-04-21 03:03:31 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-21 03:02:59 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-21 03:02:59 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-21 03:02:59 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-21 03:02:59 -------- d-----w- c:\programdata\Malwarebytes
2014-04-21 03:02:59 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-21 00:56:58 -------- d-----w- c:\users\getsuneko\appdata\local\ElevatedDiagnostics
2014-04-21 00:27:04 -------- d-----w- C:\3bdc784e0bd96f193efa2922
2014-04-20 23:05:19 -------- d-----w- C:\820571d967ced77e607058
2014-04-20 23:02:03 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-04-20 23:02:03 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2d5e9553-01bb-43a4-9b44-40257dea34d1}\gapaengine.dll
2014-04-20 22:57:11 -------- d-----w- c:\program files\Microsoft Security Client
2014-04-20 20:59:43 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{093fdae4-b87f-4dac-b72f-45cdceaa300a}\mpengine.dll
2014-04-16 03:48:35 -------- d-sh--w- c:\users\getsuneko\appdata\local\EmieUserList
2014-04-16 03:48:35 -------- d-sh--w- c:\users\getsuneko\appdata\local\EmieSiteList
2014-04-16 01:18:15 -------- d-----w- c:\users\getsuneko\appdata\local\Apps
2014-04-13 21:24:52 -------- d-----w- c:\users\getsuneko\appdata\local\Apple
2014-04-13 17:36:05 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-04-13 17:36:05 257536 ----a-w- c:\program files\internet explorer\IEShims.dll
2014-04-13 17:36:02 235216 ----a-w- c:\program files\internet explorer\sqmapi.dll
2014-04-10 07:15:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-08 18:10:50 15360 ----a-r- c:\users\getsuneko\appdata\roaming\microsoft\installer\{dd8408e9-9421-484f-979d-db6361e3e828}\IconDD8408E910.exe
2014-04-08 18:10:50 11264 ----a-r- c:\users\getsuneko\appdata\roaming\microsoft\installer\{dd8408e9-9421-484f-979d-db6361e3e828}\IconDD8408E96.exe
2014-04-08 18:08:45 -------- d-----w- C:\DirectX9
2014-04-07 01:26:36 -------- d-----w- c:\users\getsuneko\appdata\local\My Games
2014-04-06 22:14:52 -------- d-----w- c:\programdata\Oracle
2014-04-06 22:14:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-06 21:22:10 -------- d-----w- c:\program files\Warhammer 40.000 Dawn of War - DARK CRUSADE
2014-04-06 19:09:06 -------- d-----w- c:\users\getsuneko\appdata\local\Disc_Soft_Ltd
2014-04-06 18:36:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2014-04-06 18:19:32 297400 ----a-w- c:\users\getsuneko\appdata\local\nsf9CCE.tmp
2014-04-06 18:05:46 1171856 ----a-w- c:\users\getsuneko\appdata\local\nsfF52A.tmp
2014-04-06 18:04:06 -------- d-----w- c:\program files\THQ
2014-04-06 18:01:06 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2014-04-06 18:00:56 -------- d-----w- c:\users\getsuneko\appdata\roaming\DAEMON Tools Ultra
2014-04-06 18:00:51 -------- d-----w- c:\program files\DAEMON Tools Ultra
2014-04-06 17:59:57 -------- d-----w- c:\programdata\DAEMON Tools Ultra
2014-04-06 06:13:13 -------- d-----w- c:\users\getsuneko\appdata\roaming\Wargaming.net
2014-04-06 04:31:32 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-04-05 22:02:59 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2014-04-05 22:01:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2014-04-05 21:58:38 -------- d--h--w- c:\windows\msdownld.tmp
2014-04-05 21:58:36 -------- d-----w- c:\windows\system32\directx
2014-04-05 21:58:24 -------- d-----w- C:\Games
2014-04-03 07:28:18 -------- d-----w- c:\users\getsuneko\appdata\local\SKIDROW
2014-04-02 19:01:35 640288 ----a-w- c:\windows\system32\nvvsvc.exe
2014-04-02 19:01:35 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-04-02 19:01:34 4192544 ----a-w- c:\windows\system32\nvcpl.dll
2014-04-02 19:01:34 3045664 ----a-w- c:\windows\system32\nvsvc.dll
2014-04-02 19:01:34 223008 ----a-w- c:\windows\system32\nvmctray.dll
2014-04-02 19:00:47 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-02 19:00:00 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-04-02 18:57:21 -------- d-----w- c:\program files\NVIDIA Corporation
2014-04-02 18:51:47 -------- d-----w- c:\users\getsuneko\appdata\local\Razer_Inc
2014-04-02 18:49:03 -------- d-----w- c:\users\getsuneko\appdata\local\Razer
2014-04-02 18:48:24 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-04-02 18:48:24 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-04-02 18:48:24 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-04-02 18:48:24 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-04-02 04:55:50 -------- d-----w- c:\users\getsuneko\appdata\roaming\LolClient
2014-04-02 02:05:05 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2014-04-02 02:05:05 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2014-04-02 02:05:04 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2014-04-02 02:05:03 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2014-04-02 02:05:02 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2014-04-02 02:02:47 -------- d-----w- C:\Riot Games
2014-04-02 01:40:44 -------- d-----w- c:\program files\Pando Networks
2014-04-02 01:34:04 -------- d-----w- c:\users\getsuneko\appdata\roaming\Riot Games
2014-03-31 21:54:53 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-31 21:54:52 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-30 07:28:20 69632 ----a-w- c:\windows\system32\smss.exe
2014-03-30 07:28:20 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-03-30 07:28:20 619520 ----a-w- c:\windows\system32\tdh.dll
2014-03-30 07:28:20 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-30 07:28:20 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-03-30 07:28:20 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-30 07:28:20 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-03-30 07:27:50 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2014-03-30 07:27:50 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-03-30 07:27:50 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-03-30 07:27:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-03-30 07:27:49 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-03-30 05:47:54 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-03-30 05:47:54 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-03-30 05:47:53 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-03-30 05:47:53 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-03-30 05:47:53 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-03-30 05:47:53 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-03-30 05:47:53 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-03-30 05:47:48 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-30 05:47:48 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-03-30 05:45:41 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-03-30 05:45:41 1796096 ----a-w- c:\windows\system32\authui.dll
2014-03-30 05:45:41 101720 ----a-w- c:\windows\system32\consent.exe
2014-03-30 05:27:36 -------- d-----w- c:\windows\system32\Wat
2014-03-30 04:35:54 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-30 04:35:54 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-30 04:35:54 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-30 04:01:54 -------- d-----w- c:\windows\system32\MRT
2014-03-30 03:48:26 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-30 03:41:16 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-30 03:17:43 530432 ----a-w- c:\windows\system32\comctl32.dll
2014-03-30 03:17:42 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-03-30 03:17:42 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-03-30 03:17:40 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-30 03:17:38 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2014-03-30 03:17:34 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-03-30 03:16:57 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-03-30 03:16:57 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-03-30 03:16:56 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-03-30 03:16:52 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-03-30 03:16:18 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-30 03:16:17 376832 ----a-w- c:\windows\system32\dpnet.dll
2014-03-30 03:13:39 903168 ----a-w- c:\windows\system32\certutil.exe
2014-03-30 03:13:39 43008 ----a-w- c:\windows\system32\certenc.dll
2014-03-30 03:13:18 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-30 03:13:06 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-03-30 03:13:04 642048 ----a-w- c:\windows\system32\CPFilters.dll
2014-03-30 03:13:04 534528 ----a-w- c:\windows\system32\EncDec.dll
2014-03-30 03:13:03 850944 ----a-w- c:\windows\system32\sbe.dll
2014-03-30 03:13:03 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2014-03-30 03:12:52 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-30 03:12:51 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-30 03:12:49 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-03-30 03:12:49 1328128 ----a-w- c:\windows\system32\quartz.dll
2014-03-30 03:12:39 542208 ----a-w- c:\windows\system32\kerberos.dll
2014-03-30 03:12:34 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-03-30 03:12:33 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-03-30 03:12:33 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-03-30 03:12:33 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-03-30 03:10:55 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-29 22:33:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-03-29 22:33:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-03-29 22:33:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-03-29 22:33:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-28 16:31:59 -------- d-----w- c:\users\getsuneko\appdata\roaming\uTorrent
2014-03-28 07:24:28 -------- d-----w- c:\users\getsuneko\appdata\local\ArcSoft
2014-03-28 05:54:14 52928 ----a-w- c:\windows\system32\drivers\wStLibG.sys
.
==================== Find3M ====================
.
2014-04-13 06:47:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-13 06:47:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-30 03:44:23 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-28 00:18:50 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-14 04:14:48 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2014-03-14 04:14:48 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2014-03-14 04:14:48 2702328 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2014-03-14 04:14:47 3870720 ----a-w- c:\windows\system32\bcmihvsrv.dll
2014-03-14 04:14:47 3559424 ----a-w- c:\windows\system32\bcmihvui.dll
2014-03-11 14:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-01-25 06:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 2:53:05.45 ===============

Attached Files


Edited by nasdaq, 27 April 2014 - 08:58 AM.
DDS log posted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 AM

Posted 27 April 2014 - 09:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know if the problem persists.

#3 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 30 April 2014 - 01:49 PM

Doing so as of now... Sorry for the delay.



#4 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 30 April 2014 - 02:30 PM

Here you go...

 

# AdwCleaner v3.205 - Report created 30/04/2014 at 14:18:29
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Getsuneko - JIKONORI
# Running from : C:\Users\Getsuneko\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Getsuneko\AppData\Roaming\Mozilla\Firefox\Profiles\ityjp7q4.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Getsuneko\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325593&octid=EB_ORIGINAL_CTID&ISID=M0261C2C1-B81E-4DF6-8D51-61661D487280&SearchSource=58&CUI=&UM=5&UP=SP64E6E02D-4F98-4722-9D21-6441BBBC5A9F&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [4386 octets] - [21/04/2014 23:27:17]
AdwCleaner[R1].txt - [4446 octets] - [22/04/2014 00:02:50]
AdwCleaner[R2].txt - [1077 octets] - [22/04/2014 13:40:54]
AdwCleaner[R3].txt - [1586 octets] - [30/04/2014 13:48:52]
AdwCleaner[S0].txt - [4609 octets] - [22/04/2014 01:04:42]
AdwCleaner[S1].txt - [1140 octets] - [22/04/2014 13:43:38]
AdwCleaner[S2].txt - [1513 octets] - [30/04/2014 14:18:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1573 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Getsuneko (administrator) on JIKONORI on 30-04-2014 14:23:25
Running from C:\Users\Getsuneko\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3195096 2014-02-12] (Disc Soft Ltd)
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\MountPoints2: {18aa4e84-bdb4-11e3-9ae4-c80aa92492f2} - J:\AutoPlay.exe
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\MountPoints2: {18aa4e8e-bdb4-11e3-9ae4-c80aa92492f2} - G:\Suppress_AutoRun.exe
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\MountPoints2: {1d037228-bf40-11e3-a51c-c80aa92492f2} - J:\AutoPlay.exe
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\MountPoints2: {c1a77856-bdb9-11e3-91d1-c80aa92492f2} - H:\AutoPlay.exe
HKU\S-1-5-21-21522877-3717229515-1628299829-1000\...\MountPoints2: {c1a77859-bdb9-11e3-91d1-c80aa92492f2} - I:\Suppress_AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4049D09D623ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Getsuneko\AppData\Roaming\Mozilla\Firefox\Profiles\ityjp7q4.default
FF Homepage: Facebook.com
FF Plugin: @adobe.com/FlashPlaye

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Getsuneko at 2014-04-30 14:26:26
Running from C:\Users\Getsuneko\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.355 - ArcSoft)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.18 - Broadcom Corporation)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 2.2.0.0226 - Disc Soft Ltd)
Dawn of War - Dark Crusade (HKLM\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
Dawn Of War - Winter Assault (HKLM\...\{DD8408E9-9421-484F-979D-DB6361E3E828}) (Version: 1.4 - THQ)
DawnOfWar (HKLM\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ)
DawnOfWar (Version: 1.00.00000 - THQ) Hidden
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Talk Plugin (HKLM\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP Support Solutions Framework (HKLM\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Pascal Handset USB Driver (HKLM\...\{9B00E99F-83A4-40d4-B987-7EB04F722BB7}) (Version:  - ZTE Corporation)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
WinRAR 5.10 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
ZTE V768 Handset USB Driver (HKLM\...\{430A8AE3-8898-4DAB-8C5B-5E8ADA7D571E}_is1) (Version: 3.0.0.02 - ZTE Corporation)

==================== Restore Points  =========================

24-04-2014 00:12:38 Windows Update
27-04-2014 15:31:41 Windows Update
28-04-2014 00:00:30 Windows Backup

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {25F93A09-4652-47DE-9509-834275798D0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {2CFE46A5-DD81-4E99-A107-1F9BDACCB7B1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {78DC03DF-0BB2-4649-8F2E-8C97E2577638} - System32\Tasks\Games\UpdateCheck_S-1-5-21-21522877-3717229515-1628299829-1000
Task: {A0FB4944-7F4D-4D1E-A885-330118E0994E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-21522877-3717229515-1628299829-1001Core => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C77D1B7D-4271-4AFC-AEAD-1B4077080155} - System32\Tasks\SaveDailyDeals\Updater\SaveDailyDeals updater => C:\Program Files\SaveDailyDeals Updater\updater.exe
Task: {F13208EA-3861-4D40-B48B-60806E8830E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-21522877-3717229515-1628299829-1001UA => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21522877-3717229515-1628299829-1001Core.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21522877-3717229515-1628299829-1001UA.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-02 14:01 - 2013-06-21 04:52 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-07-30 16:49 - 2009-07-30 16:49 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2014-04-15 22:56 - 2014-03-15 03:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-28 16:47 - 2014-04-28 16:47 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Coprocessor
Description: Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2014 02:21:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 11:37:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 02:25:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 10:59:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 01:29:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 00:53:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 28.0.0.5186, time stamp: 0x53240e37
Faulting module name: xul.dll, version: 28.0.0.5186, time stamp: 0x53240e04
Exception code: 0xc0000005
Fault offset: 0x00184729
Faulting process id: 0xcb4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/28/2014 10:46:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 02:49:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 08:17:05 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (04/27/2014 10:21:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/30/2014 02:20:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 02:20:06 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2

Error: (04/30/2014 11:36:09 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 11:36:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2

Error: (04/30/2014 11:35:38 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:45:42 AM on ‎4/‎30/‎2014 was unexpected.

Error: (04/30/2014 02:24:01 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 02:24:00 AM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2

Error: (04/30/2014 02:23:37 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:20:00 AM on ‎4/‎30/‎2014 was unexpected.

Error: (04/29/2014 10:57:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/29/2014 10:57:51 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/30/2014 02:21:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 11:37:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 02:25:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 10:59:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 01:29:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 00:53:44 AM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c000000500184729cb401cf635da1698830C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll9edbc350-cf62-11e3-b67f-c80aa92492f2

Error: (04/28/2014 10:46:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 02:49:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 08:17:05 PM) (Source: Windows Backup)(User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)

Error: (04/27/2014 10:21:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1789.97 MB
Available physical RAM: 697.18 MB
Total Pagefile: 3579.94 MB
Available Pagefile: 2331.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:138.01 GB) (Free:63.68 GB) NTFS
Drive d: (Sto2) (Fixed) (Total:10.84 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FF645D77)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Still happening.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 AM

Posted 01 May 2014 - 06:34 AM

I suggest you remove Filefox and reinstall it.
This is the problem.
 

Error: (04/29/2014 00:53:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 28.0.0.5186, time stamp: 0x53240e37
Faulting module name: xul.dll, version: 28.0.0.5186, time stamp: 0x53240e04
Exception code: 0xc0000005
Fault offset: 0x00184729
Faulting process id: 0xcb4
etc...


Remove Firefox using the Add/Remove Programs.
Restart the computer normally
Reinstall the browser.

I suggest you save your bookmarks before remove Firefox.
You can the restore bookmarks from backup or move them to another computer
https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them
<<<>>>

Run the Farbar tool and post a fresh log for my review.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 AM

Posted 07 May 2014 - 09:29 AM

Are you still with me?

#7 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 10 May 2014 - 09:45 PM

Yes, extremely sorry about the delay.

 

I did as you asked, it's still doing the same thing. Not allowing my to drag and drop andthing, closing windows on me, using the esc button feature when I open programs and do other things. Now sometimes when I click on link on the net it won't open them, I have to use the drop down menu key on the keyboard and then it'll let me click something in the browser. Been doing that for a couple weeks now.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 AM

Posted 11 May 2014 - 08:50 AM


Run this tool.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Restart the computer normally when done.
===

If that fails to solve your problem execute this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#9 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 16 May 2014 - 03:39 PM

Running the first action now. Will post how it went after it finishes up.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 AM

Posted 22 May 2014 - 08:08 AM

Are you still with me?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 AM

Posted 28 May 2014 - 07:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users