Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive Disk Space C Is Decreasing!


  • This topic is locked This topic is locked
40 replies to this topic

#1 clefty123

clefty123

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 26 May 2014 - 03:54 AM

I've recently noticed my hard drive C disk space keeps getting smaller and smaller even when I am not doing anything.

 

I don't know what to do.  The space keeps shrinking and shrinking.  I am down to 7.5 GB of free space.

 

I am on an Asus laptop Asus Notebook K52F/K62F Series.  Windows Home 7 Premium.

 

Someone please help me.  I don't know what to do.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.45.2
Run by Derek at 4:44:19 on 2014-05-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3885.1792 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\uTMStudioFrame.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Sony\Vegas Pro 11.0\ErrorReportLauncher.exe
C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
C:\Program Files\Sony\Vegas Pro 11.0\x86\FileIOSurrogate.exe
C:\Program Files\Sony\Vegas Pro 11.0\x86\sfvstserver.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://asus.msn.com
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 8.8.8.8,8.8.4.4
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1A093C94-B78E-4D21-B382-47BA1F9DEE50} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4E567C17-0E5A-438C-BA41-91196AB24BD9} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{A774C79A-46C3-4AF6-9271-6C073C0D2EEC} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DE6540EF-3716-45A0-A4C6-75A17EE1CA54} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E939FF03-DD43-4A75-A36C-75F4327690D0} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E939FF03-DD43-4A75-A36C-75F4327690D0} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: alu.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: alu.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
x64-IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lq153n9h.default-1401008092432\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-9-26 15928]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-3-5 44744]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-9-26 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-6-24 166984]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-6-24 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-4-28 124760]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-26 2314240]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-4-5 189952]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-26 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-10 25816]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-5-31 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-19 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-19 857912]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-26 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-19 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-19 63192]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-23 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\Digital Theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-22 01:42:42    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DF0FB70-FE4A-4A82-AC4B-C5A99CF42C03}\offreg.dll
2014-05-22 01:33:16    --------    d-----w-    C:\Windows\ERUNT
2014-05-22 01:23:40    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-22 01:23:05    --------    d-----w-    C:\AdwCleaner
2014-05-20 21:02:35    --------    d-----w-    C:\Program Files\CCleaner
2014-05-20 06:03:35    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DF0FB70-FE4A-4A82-AC4B-C5A99CF42C03}\mpengine.dll
2014-05-20 02:54:53    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-20 02:54:10    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-20 02:54:10    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-20 02:54:07    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 18:56:46    965232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-09 18:56:46    1266800    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-05-09 18:56:46    10594416    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-09 18:56:30    189496    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
2014-05-09 18:56:30    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-05-09 18:56:30    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-05-09 18:56:30    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-05-09 18:56:30    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-05-09 18:56:30    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-05-09 18:56:30    106088    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-09 18:56:26    46704    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-08 06:09:00    --------    d-----w-    C:\MFT 211177
.
==================== Find3M  ====================
.
2014-04-03 13:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-31 13:35:08    270496    ----a-w-    C:\Windows\System32\MpSigStub.exe
2009-04-08 17:31:56    106496    ----a-w-    C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20    155648    ----a-w-    C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH:  4:46:06.54 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 29 May 2014 - 10:58 AM

Hello bmetay,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Edited by TheShooter93, 29 May 2014 - 11:01 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 30 May 2014 - 04:04 PM

Hello bmetay,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

 

I appreciate your help.

 

First is the FRST document and then is the Addition document:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Derek (administrator) on DEREK-PC on 30-05-2014 16:59:29
Running from C:\Users\Derek\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dleacoms.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\uTMStudioFrame.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 11.0\ErrorReportLauncher.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 11.0\x86\FileIOSurrogate.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 11.0\x86\sfvstserver.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2903688 2010-06-24] (ESET)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-09-26] ()
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-08-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2755677096-3906864890-1869976462-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2011-09-01] (Siber Systems)
HKU\S-1-5-21-2755677096-3906864890-1869976462-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [741240 2012-03-06] (BitTorrent, Inc.)
IFEO\alu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://xfinity.comcast.net/?cid=insDate08312012
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1A093C94-B78E-4D21-B382-47BA1F9DEE50}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E567C17-0E5A-438C-BA41-91196AB24BD9}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A774C79A-46C3-4AF6-9271-6C073C0D2EEC}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DE6540EF-3716-45A0-A4C6-75A17EE1CA54}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E939FF03-DD43-4A75-A36C-75F4327690D0}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lq153n9h.default-1401008092432
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010-11-23]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-09-25]
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]
CHR Extension: (Google Drive) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]
CHR Extension: (Social Privacy) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn [2013-11-09]
CHR Extension: (Google Wallet) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]

==================== Services (Whitelisted) =================

R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2010-06-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2010-06-24] (ESET)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-07-04] (tzuk)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [166984 2010-06-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-28] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-28] (ESET)
R3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-12-17] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [139880 2010-07-04] (tzuk)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-05-31] (TuneUp Software)
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 16:59 - 2014-05-30 16:59 - 00016944 _____ () C:\Users\Derek\Desktop\FRST.txt
2014-05-30 16:59 - 2014-05-30 16:59 - 00000000 ____D () C:\FRST
2014-05-30 16:55 - 2014-05-30 16:55 - 02066944 _____ (Farbar) C:\Users\Derek\Desktop\FRST64.exe
2014-05-26 04:46 - 2014-05-30 16:58 - 00018739 _____ () C:\Users\Derek\Desktop\dds.txt
2014-05-26 04:46 - 2014-05-30 16:58 - 00005556 _____ () C:\Users\Derek\Desktop\attach.txt
2014-05-26 04:41 - 2014-05-26 04:41 - 00688992 ____R (Swearware) C:\Users\Derek\Desktop\dds.com
2014-05-25 04:54 - 2014-05-25 04:54 - 00000000 ____D () C:\Users\Derek\Desktop\Old Firefox Data
2014-05-22 16:52 - 2014-05-22 16:52 - 00448512 _____ (OldTimer Tools) C:\Users\Derek\Desktop\TFC.exe
2014-05-22 13:17 - 2014-05-22 13:17 - 00002389 _____ () C:\Users\Derek\Desktop\RKreport[0]_S_05222014_131754.txt
2014-05-22 13:14 - 2014-05-22 13:18 - 00000000 ____D () C:\Users\Derek\Desktop\RK_Quarantine
2014-05-22 13:14 - 2014-05-22 13:14 - 03972608 _____ () C:\Users\Derek\Desktop\RogueKiller.exe
2014-05-22 00:01 - 2014-05-22 00:01 - 02347384 _____ (ESET) C:\Users\Derek\Desktop\esetsmartinstaller_enu.exe
2014-05-21 21:42 - 2014-05-21 21:42 - 00002010 _____ () C:\Users\Derek\Desktop\JRT.txt
2014-05-21 21:33 - 2014-05-21 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-21 21:32 - 2014-05-21 21:32 - 01016261 _____ (Thisisu) C:\Users\Derek\Desktop\JRT.exe
2014-05-21 21:27 - 2014-05-21 21:27 - 00000314 _____ () C:\Windows\PFRO.log
2014-05-21 21:23 - 2014-05-21 21:25 - 00000000 ____D () C:\AdwCleaner
2014-05-21 21:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-21 21:21 - 2014-05-21 21:22 - 01326389 _____ () C:\Users\Derek\Desktop\AdwCleaner.exe
2014-05-21 21:15 - 2014-05-21 21:16 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Derek\Desktop\tdsskiller.exe
2014-05-21 21:12 - 2014-05-21 21:13 - 00025889 _____ () C:\Users\Derek\Desktop\Result.txt
2014-05-21 21:10 - 2014-05-21 21:10 - 00982016 _____ (Farbar) C:\Users\Derek\Desktop\MiniToolBox.exe
2014-05-20 23:13 - 2014-05-29 22:52 - 00001344 _____ () C:\Windows\setupact.log
2014-05-20 23:13 - 2014-05-20 23:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 17:02 - 2014-05-20 17:02 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-20 17:02 - 2014-05-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-20 17:02 - 2014-05-20 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-20 17:01 - 2014-05-20 17:02 - 04745984 _____ (Piriform Ltd) C:\Users\Derek\Downloads\ccsetup413.exe
2014-05-19 22:54 - 2014-05-20 02:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 22:54 - 2014-05-20 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 22:54 - 2014-05-20 01:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 22:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 22:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 14:56 - 2014-05-20 01:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 02:09 - 2014-05-08 02:09 - 00000000 ____D () C:\MFT 211177

==================== One Month Modified Files and Folders =======

2014-05-30 16:59 - 2014-05-30 16:59 - 00016944 _____ () C:\Users\Derek\Desktop\FRST.txt
2014-05-30 16:59 - 2014-05-30 16:59 - 00000000 ____D () C:\FRST
2014-05-30 16:59 - 2010-11-21 23:33 - 00000000 ____D () C:\Users\Derek\AppData\Local\Temp
2014-05-30 16:58 - 2014-05-26 04:46 - 00018739 _____ () C:\Users\Derek\Desktop\dds.txt
2014-05-30 16:58 - 2014-05-26 04:46 - 00005556 _____ () C:\Users\Derek\Desktop\attach.txt
2014-05-30 16:56 - 2013-05-24 20:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 16:55 - 2014-05-30 16:55 - 02066944 _____ (Farbar) C:\Users\Derek\Desktop\FRST64.exe
2014-05-30 16:45 - 2009-07-14 01:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 16:22 - 2014-02-28 04:00 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 23:19 - 2014-02-28 04:00 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 22:52 - 2014-05-20 23:13 - 00001344 _____ () C:\Windows\setupact.log
2014-05-29 20:36 - 2010-09-26 03:30 - 01995286 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 04:41 - 2014-05-26 04:41 - 00688992 ____R (Swearware) C:\Users\Derek\Desktop\dds.com
2014-05-25 16:06 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 16:06 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 04:54 - 2014-05-25 04:54 - 00000000 ____D () C:\Users\Derek\Desktop\Old Firefox Data
2014-05-22 16:57 - 2012-03-06 18:19 - 00000000 ____D () C:\Users\Derek\AppData\Roaming\uTorrent
2014-05-22 16:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 16:53 - 2012-08-31 10:32 - 00000000 ___HD () C:\Users\every1 else\AppData\Local\Temp
2014-05-22 16:52 - 2014-05-22 16:52 - 00448512 _____ (OldTimer Tools) C:\Users\Derek\Desktop\TFC.exe
2014-05-22 13:18 - 2014-05-22 13:14 - 00000000 ____D () C:\Users\Derek\Desktop\RK_Quarantine
2014-05-22 13:17 - 2014-05-22 13:17 - 00002389 _____ () C:\Users\Derek\Desktop\RKreport[0]_S_05222014_131754.txt
2014-05-22 13:14 - 2014-05-22 13:14 - 03972608 _____ () C:\Users\Derek\Desktop\RogueKiller.exe
2014-05-22 00:01 - 2014-05-22 00:01 - 02347384 _____ (ESET) C:\Users\Derek\Desktop\esetsmartinstaller_enu.exe
2014-05-21 21:42 - 2014-05-21 21:42 - 00002010 _____ () C:\Users\Derek\Desktop\JRT.txt
2014-05-21 21:33 - 2014-05-21 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-21 21:32 - 2014-05-21 21:32 - 01016261 _____ (Thisisu) C:\Users\Derek\Desktop\JRT.exe
2014-05-21 21:27 - 2014-05-21 21:27 - 00000314 _____ () C:\Windows\PFRO.log
2014-05-21 21:25 - 2014-05-21 21:23 - 00000000 ____D () C:\AdwCleaner
2014-05-21 21:22 - 2014-05-21 21:21 - 01326389 _____ () C:\Users\Derek\Desktop\AdwCleaner.exe
2014-05-21 21:16 - 2014-05-21 21:15 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Derek\Desktop\tdsskiller.exe
2014-05-21 21:13 - 2014-05-21 21:12 - 00025889 _____ () C:\Users\Derek\Desktop\Result.txt
2014-05-21 21:10 - 2014-05-21 21:10 - 00982016 _____ (Farbar) C:\Users\Derek\Desktop\MiniToolBox.exe
2014-05-21 00:55 - 2012-03-09 20:47 - 00000000 ____D () C:\Users\Derek\AppData\Roaming\Media Player Classic
2014-05-20 23:13 - 2014-05-20 23:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 17:20 - 2011-12-31 16:44 - 00000000 ____D () C:\Windows\Minidump
2014-05-20 17:20 - 2009-07-29 02:03 - 00000000 ____D () C:\Windows\Panther
2014-05-20 17:02 - 2014-05-20 17:02 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-20 17:02 - 2014-05-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-20 17:02 - 2014-05-20 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-20 17:02 - 2014-05-20 17:01 - 04745984 _____ (Piriform Ltd) C:\Users\Derek\Downloads\ccsetup413.exe
2014-05-20 04:32 - 2012-03-07 18:47 - 00058800 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-05-20 02:05 - 2010-09-26 04:22 - 00002368 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-05-20 02:05 - 2010-09-26 04:22 - 00001433 _____ () C:\Windows\system32\ServiceFilter.ini
2014-05-20 02:02 - 2014-05-19 22:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 02:02 - 2010-11-21 23:33 - 00000000 ____D () C:\Users\Derek
2014-05-20 02:00 - 2012-02-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-20 01:58 - 2012-08-31 10:32 - 00000000 ____D () C:\Users\every1 else
2014-05-20 01:58 - 2010-09-26 04:20 - 00000000 ____D () C:\ProgramData\P4G
2014-05-20 01:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-20 01:57 - 2014-05-19 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 01:57 - 2014-05-19 22:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 01:57 - 2014-05-09 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-20 01:57 - 2012-04-25 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 01:57 - 2011-10-10 21:56 - 00000000 ___HD () C:\Users\Derek\AppData\Roaming\Malwarebytes
2014-05-20 01:57 - 2011-10-10 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 01:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-12 20:06 - 2014-03-29 17:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-05-08 23:14 - 2014-02-28 04:00 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 23:14 - 2014-02-28 04:00 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 02:09 - 2014-05-08 02:09 - 00000000 ____D () C:\MFT 211177

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2936.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-22 19:20

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Derek at 2014-05-30 17:00:12
Running from C:\Users\Derek\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.2 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AOL Messaging Toolbar (HKCU\...\AOL Messaging Toolbar) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Extreme (HKLM-x32\...\{E7A1B94F-A981-49B2-868F-DFEA471AB17D}) (Version: 2.0.45.11 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
ESET NOD32 Antivirus (HKLM\...\{B00AAE66-9DE1-43EF-9E99-C485A5D28BC4}) (Version: 4.2.58.3 - ESET, spol. s r.o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.33.5071 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hauppauge HDPVR Scheduler (HKLM-x32\...\Hauppauge HDPVR Scheduler) (Version:  - Hauppauge Computer Works)
Hauppauge WinTV IR Blaster (HKLM-x32\...\Hauppauge WinTV IR Blaster) (Version: 7.4.29102 - Hauppauge Computer Works, Inc.)
Hauppauge WinTV Scheduler (HKLM-x32\...\Hauppauge WinTV Scheduler) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Keynote Connector (HKLM-x32\...\KeynoteConnector) (Version:  - )
K-Lite Codec Pack 8.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RoboForm 7-2-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-2-8 - Siber Systems)
Sandboxie 3.46 (64-bit) (HKLM\...\Sandboxie) (Version:  - )
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4500.46 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4500.46 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 10.0.4500.46 - TuneUp Software) Hidden
Ulead GIF Animator 5 ESD (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Vegas Pro 11.0 (64-bit) (HKLM\...\{F97742F0-03A7-11E1-868F-F04DA23A5C58}) (Version: 11.0.425 - Sony)
VideoAvatar (HKLM-x32\...\VideoAvatar_is1) (Version:  - GeoVid)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.18 - ASUS)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.1.0.20120222 - Xilisoft)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-04-05 20:44 - 00001347 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.xilisoft.com
127.0.0.1 www.xilisoft.net
127.0.0.1 xilisoft.com
127.0.0.1 xilisoft.net
127.0.0.1 cms.olym.xilisoft.net
127.0.0.1 online.xilisoft.com
127.0.0.1 online.xilisoft.net
127.0.0.1 service2.xilisoft.net
127.0.0.1 www.xilimobile.com
127.0.0.1 xilimobile.com
127.0.0.1 crm.xilisoft.com
127.0.0.1 onlinevideoconverter.xilisoft.com
127.0.0.1 m1.xilisoft.com
127.0.0.1 m2.xilisoft.com
127.0.0.1 m3.xilisoft.com
127.0.0.1 m4.xilisoft.com
127.0.0.1 m5.xilisoft.com
127.0.0.1 m6.xilisoft.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0065178A-05AA-4717-BC20-D704D514ACE3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2011-09-01] (Siber Systems)
Task: {0ADC5E08-0FD0-49F4-A574-E7E11B43CD09} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Task: {14D1E2B2-00D4-4B62-8C3B-0AB10BD90D6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {1D3FD673-B8BC-4A7A-8B2E-404573550F03} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {215CF559-5235-4B54-B609-BE20A6A0A566} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2755677096-3906864890-1869976462-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {255D9709-D2C1-4BE9-B721-07C15F7E1B5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {26A7D5AC-3F31-4AAD-AF26-A8D4E49A778E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {2DD48781-74D6-4047-800D-1AAF1E7869F9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {3837094D-6425-4559-B023-90ACC85A72D7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {3B7D87E6-DB28-45A8-BC0D-1100BAAE1DFE} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {3DAD93E2-94DF-4A4D-8117-507F444C8FAC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {4BFF285A-8A81-4F45-A8F6-31ACBEB9A38C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)
Task: {57512E97-8E66-4ADA-BEA9-A83590B1782E} - \Software Updater Ui No Task File <==== ATTENTION
Task: {5A74B1D5-03B8-4250-A7AD-BBE373CBC1D4} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL d:\366a17c0669ac0fc65a43b9c77bb7f\MouseKeyboardCenter\Setup64\Files\1033\Eng.rtf
Task: {5ABF004C-E43C-4A9D-91BE-246C32AAEE20} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {7AB9360D-A73D-4E13-99D0-9EF0A097BC0C} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMJMKMJJHMKMLJJJPMCNPMMJKMOJCNLMKJKJPMCNGMMMKMMJCNKJGMIMIMMMLMGMKJMMHMGMMMJNJICMIMCNNMCNHMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMLLKJNIKJEJJNKJCMJNNICMJNDJCMKJBJ"
Task: {806D9240-95C8-4AFE-992C-0A90AF73C9AF} - \Software Updater No Task File <==== ATTENTION
Task: {8B77C403-078D-4BCF-AB91-317AB1BF6967} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {8F00DDB1-39AA-49AC-B8AD-1BB0ADADB086} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {909A10B4-7AE7-4A32-B74D-62859979D18D} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {9B000396-F0E8-4011-8A47-7FDE44655244} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {A3DFE3CE-01CE-4DAB-81D8-FC0BAD8AB82C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: {A5E41453-A1F9-4BDC-B61D-62F5673528D8} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {B666369A-B084-4DF8-8550-E41BB483DA51} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {C9840774-DEB7-4ECC-8348-6704A4C471DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.)
Task: {CD6AF976-359D-4A33-A034-61EA03AFE923} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {E10CEE41-0A9A-4CE6-914A-44BF9F851F14} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2755677096-3906864890-1869976462-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E73A126B-BBAF-4DB0-9F74-572FAED1FC79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.)
Task: {E8A479EC-449D-474E-93B6-CC2C4407CE19} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {F372EF94-9D06-4934-A4B8-ACBCD0C21850} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {FE4FBF5E-AE1F-4567-BD94-DCAFC32B0B2B} - System32\Tasks\Google Updater and Installer => C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-12 14:35 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2010-03-15 21:48 - 2010-03-15 21:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-09-26 03:57 - 2010-09-26 03:57 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-09-26 03:57 - 2010-09-26 03:57 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-09-01 18:52 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-11 13:27 - 2010-01-11 13:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-05 21:22 - 2010-05-05 21:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-15 21:48 - 2010-03-15 21:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-08-11 22:46 - 2010-08-11 22:46 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-10-31 11:27 - 2011-10-31 11:27 - 00057688 _____ () C:\Program Files\Sony\Vegas Pro 11.0\FileIOProxyStubx64.dll
2011-10-31 11:28 - 2011-10-31 11:28 - 10542936 _____ () C:\Program Files\Sony\Vegas Pro 11.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Win64\Vfx1.ofx
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 20:08 - 2007-06-01 20:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2008-01-08 18:50 - 2008-01-08 18:50 - 00349147 _____ () C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
2008-03-18 20:21 - 2008-03-18 20:21 - 00512000 _____ () C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
2008-03-18 20:21 - 2008-03-18 20:21 - 00094208 _____ () C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
2012-03-07 17:24 - 2012-02-15 09:10 - 01131769 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
2012-03-07 17:24 - 2012-02-15 09:10 - 06422839 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
2012-03-07 17:24 - 2012-02-15 09:10 - 00207635 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
2012-03-07 17:24 - 2012-02-15 09:10 - 00172032 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2012-03-07 17:24 - 2012-02-15 14:00 - 03350528 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-22 22:15 - 2006-11-08 14:58 - 00449280 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\MVCodec\fpxlib.dll
2012-03-22 22:16 - 2007-06-06 17:54 - 00027392 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\MagicDll\MagPanelCallBackCtrl.dll
2012-03-22 22:16 - 2011-01-06 10:02 - 00027200 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\TriDVideoHelper.dll
2010-07-01 14:21 - 2010-07-01 14:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2011-10-31 11:27 - 2011-10-31 11:27 - 00046424 _____ () C:\Program Files\Sony\Vegas Pro 11.0\x86\FileIOProxyStubx86.dll
2011-08-29 15:49 - 2011-08-29 15:49 - 00749636 _____ () C:\Program Files\Sony\Vegas Pro 11.0\FileIO Plug-Ins\rm9plug\tools\encsession.dll
2014-05-20 01:38 - 2014-05-09 14:56 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-24 20:10 - 2013-05-24 20:10 - 16033160 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2014 11:46:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8424

Error: (05/30/2014 11:46:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8424

Error: (05/30/2014 11:46:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 11:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7394

Error: (05/30/2014 11:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7394

Error: (05/30/2014 11:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 11:46:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6318

Error: (05/30/2014 11:46:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6318

Error: (05/30/2014 11:46:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 11:46:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179


System errors:
=============
Error: (05/22/2014 04:59:55 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80070005

Error: (05/22/2014 04:59:55 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80070005

Error: (05/22/2014 04:59:55 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80070005

Error: (05/22/2014 04:59:55 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80070005

Error: (05/22/2014 04:58:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/22/2014 04:57:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/22/2014 04:57:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (05/22/2014 04:57:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (05/22/2014 04:53:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASLDR Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/21/2014 09:53:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (05/30/2014 11:46:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8424

Error: (05/30/2014 11:46:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8424

Error: (05/30/2014 11:46:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 11:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7394

Error: (05/30/2014 11:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7394

Error: (05/30/2014 11:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 11:46:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6318

Error: (05/30/2014 11:46:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6318

Error: (05/30/2014 11:46:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 11:46:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 3884.57 MB
Available physical RAM: 1339.66 MB
Total Pagefile: 7767.32 MB
Available Pagefile: 4129.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:7.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:123.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

==================== End Of Log ============================



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 31 May 2014 - 12:27 PM

Hello clefty123,
 
I have a lot here for you, please take your time with it and ask me if you have any questions.  :)
 
===================================================
 
I don't see anything malicious in your FRST or DDS logs, but I do have a question about 1 folder on your system. Are you familiar with the following: C:\MFT 211177
 
If you are not familiar with it, please run the following FRST Fix:
 
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt

2014-05-08 02:09 - 2014-05-08 02:09 - 00000000 ____D () C:\MFT 211177
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================
 
TreeSize

  • Download TreeSize to your Desktop and install it.
  • Run this program and allow it to fully populate (it needs to scan your computer to determine what files are taking up the most space. This may take some time).
  • Using the arrows to the left of each folder, expand the directories to determine what files/folders are taking up the most space.
  • Please report what you find in your next post, or take a screenshot and attach it to your next post.

===================================================
 
P2P Warning

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

=====================================================================

Registry Cleaners

Your logs indicate you have TuneUp Utilities 2011 installed on your computer. You should never use registry cleaners, optimizers, etc.

While the programs claim to speed up your computer, they can actually wreck havoc on them and even corrupt the operating system so the system cannot boot.

The use of these programs may or may not be related to problems you're experiencing.

=====================================================================

What I'd like to see in your next post:

  • Fixlog.txt
  • Report on TreeSize
  • Confirmation you read about P2P programs and Registry Cleaners

Edited by TheShooter93, 31 May 2014 - 12:27 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 02 June 2014 - 01:10 AM

 

Hello clefty123,
 
I have a lot here for you, please take your time with it and ask me if you have any questions.  :)
 
===================================================
 
I don't see anything malicious in your FRST or DDS logs, but I do have a question about 1 folder on your system. Are you familiar with the following: C:\MFT 211177
 
If you are not familiar with it, please run the following FRST Fix:
 
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2014-05-08 02:09 - 2014-05-08 02:09 - 00000000 ____D () C:\MFT 211177
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================
 
TreeSize

  • Download TreeSize to your Desktop and install it.
  • Run this program and allow it to fully populate (it needs to scan your computer to determine what files are taking up the most space. This may take some time).
  • Using the arrows to the left of each folder, expand the directories to determine what files/folders are taking up the most space.
  • Please report what you find in your next post, or take a screenshot and attach it to your next post.

===================================================
 
P2P Warning

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

=====================================================================

Registry Cleaners

Your logs indicate you have TuneUp Utilities 2011 installed on your computer. You should never use registry cleaners, optimizers, etc.

While the programs claim to speed up your computer, they can actually wreck havoc on them and even corrupt the operating system so the system cannot boot.

The use of these programs may or may not be related to problems you're experiencing.

=====================================================================

What I'd like to see in your next post:

  • Fixlog.txt
  • Report on TreeSize
  • Confirmation you read about P2P programs and Registry Cleaners

 

Here is Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014 01
Ran by Derek at 2014-06-02 01:54:23 Run:1
Running from C:\Users\Derek\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-05-08 02:09 - 2014-05-08 02:09 - 00000000 ____D () C:\MFT 211177
*****************

C:\MFT 211177 => Moved successfully.

==== End of Fixlog ====

 

 

 

 

I have attached a screenshot of the results of the TreeSize program.

 

And I have read what you said about the P2P programs and Registry Cleaners.  Thank you.

Attached Files



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 02 June 2014 - 08:17 AM

Very good. :thumbsup2:

 

While I work on our next steps, please run TreeSize again but this time click the '>' next to Windows and Users. This will help you further see what is taking up space.

 

If you're unsure what things are, feel free to post a screenshot(s) with questions.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 03 June 2014 - 01:18 AM

Very good. :thumbsup2:

 

While I work on our next steps, please run TreeSize again but this time click the '>' next to Windows and Users. This will help you further see what is taking up space.

 

If you're unsure what things are, feel free to post a screenshot(s) with questions.

I don't know what they are, but I attached the screenshots.

Attached Files

  • Attached File  ts1.PNG   91.53KB   1 downloads
  • Attached File  ts2.PNG   94.84KB   1 downloads


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 03 June 2014 - 08:19 AM

Hello clefty123,

 

Please do the following for me.

 

-----

 

Remove Shadow Copies

I have seen this issue (rapidly decreasing harddrive space) before, and it is sometimes caused by numerous Shadow Copies on your system.

Please see this link and scroll down to Option 1 to remove excess Shadow Copies from your system, and hopefully free up some space on your C: drive.
 
Also see this link on how to reduce the amount of available space for Shadow Copies (you must scroll down to that section of the article).
 
Once complete, reboot your system and check the drive space
 
=====================================================================
 
Lastly, are you aware that your system has a C: drive of ~75GB and a D: drive of ~200GB?
 
Did you partition a single drive yourself? Do you have two harddrives installed?
 
=====================================================================

 

If removing shadow copies does not work, please re-run TreeSize.

 

Then expand the AppData folder and expand all the folders within AppData so we can see what exactly is taking up the space.

 

Please include a screenshot of this in your next post.

 

=====================================================================
 
What I would like to see in your next post:   :thumbsup2:

  • Confirmation that Shadow Copies were removed.
  • Aware of multiple drives/partitions?
  • Screenshot of expanded AppData if removing Shadow Copies does not free up adequate space.

Edited by TheShooter93, 03 June 2014 - 02:56 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 04 June 2014 - 02:34 AM

 

Hello clefty123,

 

Please do the following for me.

 

-----

 

Remove Shadow Copies

I have seen this issue (rapidly decreasing harddrive space) before, and it is sometimes caused by numerous Shadow Copies on your system.

Please see this link and scroll down to Option 1 to remove excess Shadow Copies from your system, and hopefully free up some space on your C: drive.
 
Also see this link on how to reduce the amount of available space for Shadow Copies (you must scroll down to that section of the article).
 
Once complete, reboot your system and check the drive space
 
=====================================================================
 
Lastly, are you aware that your system has a C: drive of ~75GB and a D: drive of ~200GB?
 
Did you partition a single drive yourself? Do you have two harddrives installed?
 
=====================================================================

 

If removing shadow copies does not work, please re-run TreeSize.

 

Then expand the AppData folder and expand all the folders within AppData so we can see what exactly is taking up the space.

 

Please include a screenshot of this in your next post.

 

 

 

 

=====================================================================
 
What I would like to see in your next post:   :thumbsup2:

  • Confirmation that Shadow Copies were removed.
  • Aware of multiple drives/partitions?
  • Screenshot of expanded AppData if removing Shadow Copies does not free up adequate space.

 

I did all the steps on removing the Shadow Copies but it didn't seem to free up any space at all.

 

I did not partition any drives on my computer.  This is the way its been since I purchased the computer.

 

I think this is what you mean by expanding the AppDate folder:

Attached Files

  • Attached File  ts3.PNG   299.8KB   1 downloads

Edited by clefty123, 04 June 2014 - 02:35 AM.


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 04 June 2014 - 02:25 PM

Hello clefty123,

 

Closer to what we want, but I would like to see within the 25,062.7 MB [42 Files] as well. 

 

Please expand that and any other resulting sub-folders and provide a new screenshot.

 

My goal is to see exactly what file(s) are taking up so much room. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 04 June 2014 - 03:30 PM

Hello clefty123,

 

Closer to what we want, but I would like to see within the 25,062.7 MB [42 Files] as well. 

 

Please expand that and any other resulting sub-folders and provide a new screenshot.

 

My goal is to see exactly what file(s) are taking up so much room. :)

Here:

 

It keeps saying This upload failed when trying to upload to the site, so I uploaded it to tinypic:

 

http://i59.tinypic.com/2ewpljo.png


Edited by clefty123, 04 June 2014 - 03:31 PM.


#12 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 04 June 2014 - 04:39 PM

My available hard drive disk space is now in the red with only 6.60 GB of free space. :(

 

edit: I'm down to 4.2 now.  I'm losing space fast. :(

 

edit again: now it says I'm up to 7.54.  I don't know what is going on.


Edited by clefty123, 04 June 2014 - 09:48 PM.


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 05 June 2014 - 02:10 PM

Hello clefty123,

 

According to that TreeSize screenshot, the culprit here is cookies.sqlite-wal.

 

This file is safe to delete, but once you do you will lose all saved cookies. If you unaware of what cookies are, you can read more about them here.

 

As you continue to browse the web, this file will grow in size even after deletion (it will come back once you start browsing the web again).

 

===================================

 

Alternatively, we can take some free space from another partition on your computer and add it to your C: drive.

 

Or, we can do both of these things. Let me know how you would like to proceed.  :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 clefty123

clefty123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 05 June 2014 - 02:27 PM

 

Hello clefty123,

 

According to that TreeSize screenshot, the culprit here is cookies.sqlite-wal.

 

This file is safe to delete, but once you do you will lose all saved cookies. If you unaware of what cookies are, you can read more about them here.

 

As you continue to browse the web, this file will grow in size even after deletion (it will come back once you start browsing the web again).

 

===================================

 

Alternatively, we can take some free space from another partition on your computer and add it to your C: drive.

 

Or, we can do both of these things. Let me know how you would like to proceed.  :)

 

I would like to delete the cookies file.  Please tell me how.

 

Will deleting this file get all the space I lost back?  I lost atleast 15 GB.


Edited by clefty123, 05 June 2014 - 02:33 PM.


#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:22 PM

Posted 05 June 2014 - 03:07 PM

Hello clefty123,

 

I'm currently awaiting instructor approval for my next post, so I will reply with instructions on how to delete the file ASAP. :)

 

----------

 

As for your other question, yes, you should gain the space back.

 

Like I said in the last post as well, your D: drive has over 100GB of free space in it that we can "transfer" over to the C: drive. If you want to do that after deleting the cookies file let me know.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users