Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Overnight loss of around 10GB - virus?


  • This topic is locked This topic is locked
10 replies to this topic

#1 mintea

mintea

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 15 May 2015 - 04:08 PM

Yesterday I was on youtube and got a message urging me to close chrome down because of too much memory use. I did, then reopened chrome, and got the same message. I closed it down again and my computer was running slower. I clicked a video in one of my folders to play and it played fine. I closed the video down and all the thumbnails were blank and my computer was very slow. (I don't know if these were blank before or after clicking the video.) I opened task manager and dllhost.exe with description com surrogate was using up a lot of memory. I checked my main drive's free space (C drive) and it was on around 1GB - before this it was on around 10GB. I then closed everything down and then was no longer able to open anything. After searching (on my phone) I found that there is a virus which calls itself dllhost.exe which does this. I have since been assured by a member of this forum that I was not infected with this and there was nothing wrong with my dllhost.exe files.

After I had this problem I went into safe mode and freed up a lot of space. Last night I had what I remember to be around 32GB free space on this drive and did nothing to take up so much space, but when I booted my computer today this drive had only around 24GB free space. Other than this overnight loss of space I have had no other problems or cause to think I may have a virus.

I then joined this forum and posted in the "Am I infected? What do I do?" subforum. A member had me check my drive using WinDirStat and found what was eating up so much memory was Steam.

However, this did not explain the overnight loss. The member recommended posting in this subforum with these logs to check whether this was caused by a virus or not.

It seems to be that I just had low memory and my computer tried to do something which took more than I had available, which messed it up until I booted it up again, but I don't know about the overnight loss of free space. Can this happen without it being caused by a virus? Please help me find whether my computer is infected or not, thank you:)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02

Ran by Brad (administrator) on BRAD-PC on 15-05-2015 21:31:44
Running from C:\Users\Brad\Desktop
Loaded Profiles: Brad & UpdatusUser (Available profiles: Brad & UpdatusUser & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2015-02-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\...\Run: [Spotify Web Helper] => C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-13] (Spotify Ltd)
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\...\Run: [GoogleChromeAutoLaunch_486A54232E7A6A76188CD6D03A70FC2E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\...\MountPoints2: {fafdff40-2b74-11e4-a565-0022158d5ddb} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.scr [322248 2014-03-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-05-15]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-08-05]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-02-15]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-09-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3568957677-143987248-2158607831-1000 -> DefaultScope {C1A1255C-61DD-41BA-AE94-0E2A40FCC1B4} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140730&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3568957677-143987248-2158607831-1000 -> {C1A1255C-61DD-41BA-AE94-0E2A40FCC1B4} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140730&p={SearchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-02-15] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-15]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (WOT) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-15]
CHR Extension: (YouTube) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Adblock Plus) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-12]
CHR Extension: (Google Search) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (Bookmark Manager) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Pin It Button) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-28]
CHR Extension: (Hush - private bookmarking) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2014-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-29]
CHR Extension: (Gmail) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0165561431717685mcinstcleanup; C:\Users\Brad\AppData\Local\Temp\016556~1.EXE [883024 2015-04-06] (McAfee, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-15] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 21:31 - 2015-05-15 21:31 - 00017405 _____ () C:\Users\Brad\Desktop\FRST.txt
2015-05-15 20:35 - 2015-05-15 20:35 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\www.shadowexplorer.com
2015-05-15 20:31 - 2015-05-15 20:31 - 00001885 _____ () C:\Users\Brad\Desktop\ShadowExplorer.lnk
2015-05-15 20:31 - 2015-05-15 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-05-15 20:31 - 2015-05-15 20:31 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-05-15 20:30 - 2015-05-15 20:30 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Brad\Downloads\ShadowExplorer-0.9-setup.exe
2015-05-15 20:21 - 2015-05-15 20:21 - 00000000 ____D () C:\Program Files\McAfee
2015-05-15 19:54 - 2015-05-15 19:54 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Brad\Desktop\ShadowExplorer-0.9-setup.exe
2015-05-15 19:42 - 2015-05-15 19:43 - 00019196 _____ () C:\Users\Brad\Downloads\Result.txt
2015-05-15 18:27 - 2015-05-15 18:27 - 00001031 _____ () C:\Users\UpdatusUser\Desktop\WinDirStat.lnk
2015-05-15 18:27 - 2015-05-15 18:27 - 00001031 _____ () C:\Users\Guest\Desktop\WinDirStat.lnk
2015-05-15 18:27 - 2015-05-15 18:27 - 00001031 _____ () C:\Users\Brad\Desktop\WinDirStat.lnk
2015-05-15 18:27 - 2015-05-15 18:27 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-15 18:27 - 2015-05-15 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-15 18:27 - 2015-05-15 18:27 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-05-15 18:26 - 2015-05-15 18:26 - 00645729 _____ (WDS Team) C:\Users\Brad\Desktop\windirstat1_1_2_setup.exe
2015-05-15 15:51 - 2015-05-15 15:55 - 00000000 ____D () C:\ProgramData\SUPERSetup
2015-05-15 14:47 - 2015-05-15 14:47 - 00007603 _____ () C:\Users\Brad\AppData\Local\Resmon.ResmonCfg
2015-05-15 13:37 - 2015-05-15 13:39 - 00000000 ____D () C:\MGADiagToolOutput
2015-05-15 13:37 - 2015-05-15 13:37 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-05-15 13:02 - 2015-05-15 13:02 - 00028357 _____ () C:\Users\Brad\Downloads\Addition.txt
2015-05-15 13:00 - 2015-05-15 21:31 - 00000000 ____D () C:\FRST
2015-05-15 12:59 - 2015-05-15 12:59 - 02106368 _____ (Farbar) C:\Users\Brad\Desktop\FRST64.exe
2015-05-14 21:49 - 2015-05-14 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-05-14 21:49 - 2015-05-14 21:49 - 00000000 ____D () C:\Program Files\Recuva
2015-05-13 22:06 - 2015-05-13 22:06 - 00003834 _____ () C:\Windows\DPINST.LOG
2015-05-13 22:06 - 2015-05-13 22:06 - 00001535 _____ () C:\Users\Public\Desktop\CASIO FA-124.lnk
2015-05-13 22:06 - 2015-05-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
2015-05-13 16:28 - 2015-05-13 16:28 - 11834618 _____ () C:\Users\Brad\Downloads\d0c54c_5544431.mp4
2015-05-12 01:01 - 2015-05-12 01:01 - 02945534 _____ () C:\Users\Brad\Downloads\a175d8_5542856.mp4
2015-05-12 00:59 - 2015-05-12 00:59 - 03142170 _____ () C:\Users\Brad\Downloads\f72e82_5542350.webm
2015-05-09 00:55 - 2015-05-09 00:55 - 02871915 _____ () C:\Users\Brad\Downloads\5268be_5539476.webm
2015-05-09 00:54 - 2015-05-09 00:55 - 37064297 _____ () C:\Users\Brad\Downloads\6f3587_5539639.webm
2015-05-07 02:20 - 2015-05-07 02:20 - 00260591 _____ () C:\Users\Brad\Downloads\Gt+watching+bbt+gt+thinking+bbt+is+funny+_a7b0a5f8691b43980eae5ae04bb9ab73.webm
2015-05-05 11:37 - 2015-05-05 11:38 - 00000320 _____ () C:\Windows\Tasks\0415avUpdateInfo.job
2015-05-05 11:37 - 2015-05-05 11:37 - 00002438 _____ () C:\Windows\System32\Tasks\0415avUpdateInfo
2015-05-05 11:37 - 2015-05-05 11:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0415av
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 21:31 - 2014-07-30 01:31 - 00000000 ____D () C:\Users\Brad\Desktop\Homework
2015-05-15 21:09 - 2014-07-30 01:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-15 21:07 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-15 21:07 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-15 21:05 - 2014-08-05 17:18 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 20:54 - 2014-12-08 16:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 20:54 - 2014-12-08 16:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 20:45 - 2014-07-30 00:44 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Skype
2015-05-15 20:21 - 2014-07-30 01:04 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-15 20:14 - 2014-12-02 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2015-05-15 20:13 - 2014-07-30 00:37 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-15 15:45 - 2014-07-29 20:59 - 01637321 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 14:32 - 2014-07-29 20:12 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 14:32 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 14:32 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 13:31 - 2014-07-30 01:35 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\vlc
2015-05-15 13:00 - 2014-07-30 01:10 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-15 12:59 - 2014-10-23 17:01 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-15 12:59 - 2014-07-30 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-15 12:59 - 2009-07-14 06:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 12:53 - 2015-01-10 14:11 - 00012330 _____ () C:\Windows\setupact.log
2015-05-15 12:53 - 2014-08-05 19:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-15 12:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 22:10 - 2014-11-29 17:08 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{26212C48-D6A7-4C27-9933-E5812CD8532A}
2015-05-14 22:00 - 2014-10-25 16:54 - 00112320 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-14 21:48 - 2014-07-30 01:14 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\uTorrent
2015-05-14 15:55 - 2014-12-08 16:45 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 15:42 - 2009-07-14 05:45 - 00446680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:49 - 2014-07-29 21:04 - 00112320 _____ () C:\Users\Brad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-10 00:47 - 2014-07-30 15:29 - 00000000 ____D () C:\Users\Brad\AppData\Local\Windows Live
2015-05-07 01:51 - 2014-07-30 15:52 - 00000000 ____D () C:\Users\Brad\Documents\Picures
2015-05-05 20:13 - 2014-08-05 16:11 - 00000000 ____D () C:\Users\Brad\Documents\My Kindle Content
2015-05-04 11:32 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-01 15:01 - 2015-01-22 14:32 - 00006634 _____ () C:\Windows\PFRO.log
2015-05-01 15:01 - 2014-07-30 01:04 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-30 11:35 - 2014-07-30 00:44 - 00000000 ____D () C:\ProgramData\Skype
2015-04-28 00:22 - 2014-07-29 21:00 - 00000000 ____D () C:\Users\Brad
2015-04-26 06:29 - 2014-08-06 04:43 - 00029696 _____ () C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2014-08-06 04:43 - 2015-04-26 06:29 - 0029696 _____ () C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-15 14:47 - 2015-05-15 14:47 - 0007603 _____ () C:\Users\Brad\AppData\Local\Resmon.ResmonCfg
2014-07-30 03:12 - 2014-07-30 03:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Brad\AppData\Local\Temp\0165561431717685mcinst.exe
C:\Users\Brad\AppData\Local\Temp\lowproc.exe
C:\Users\Brad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Brad\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-15 15:17
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 mintea

mintea
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 15 May 2015 - 10:27 PM

Update - dllhost.exe showed up again in the task manager while I was in a folder with many video files. The memory use started rising and wouldn't stop even with everything closed down. I shut down the computer then turned it back on and tried testing it. I was able to into some folders with video files in and each time dllhost.exe would show up, memory use would rise a bit, then fall and the dllhost.exe would disappear from the task manager. I don't know why but then one folder made this rise greatly so I restarted. I figured out that dllhost.exe was only showing up when thumbnails were loading, so I have now disabled thumbnails to stop this happening.

I still don't know whether this is a virus or not or whether it's some other problem with my computer.

 

I changed things around in my computer and deleted some more stuff so now my C drive is on 38.6GB free. Just posting this in case I lose more by tomorrow.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 20 May 2015 - 04:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576308 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 mintea

mintea
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 May 2015 - 06:58 PM

I do not have my windows cd/dvd available.

Since posting this I have been looking at how my free space on this drive changed each day and began noting it down at some point, too. The largest variation from one day to the next since this strange 10GB loss has been a loss of 0.5GB. I did download some stuff during the day so I don't know how much that would explain this loss but I'm pretty sure it wasn't 0.5GB worth. Is it normal for free space to change like this?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Brad (administrator) on BRAD-PC on 24-05-2015 00:37:33
Running from C:\Users\Brad\Desktop
Loaded Profiles: Brad & UpdatusUser (Available Profiles: Brad & UpdatusUser & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2015-02-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\...\Run: [Spotify Web Helper] => C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-13] (Spotify Ltd)
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\...\MountPoints2: {fafdff40-2b74-11e4-a565-0022158d5ddb} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.scr [322248 2014-03-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-08-05]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-02-15]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-09-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3568957677-143987248-2158607831-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3568957677-143987248-2158607831-1000 -> DefaultScope {C1A1255C-61DD-41BA-AE94-0E2A40FCC1B4} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140730&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3568957677-143987248-2158607831-1000 -> {C1A1255C-61DD-41BA-AE94-0E2A40FCC1B4} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140730&p={SearchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-02-15] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-15]
 
Chrome: 
=======
CHR Profile: C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (WOT) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-15]
CHR Extension: (YouTube) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Adblock Plus) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-12]
CHR Extension: (Google Search) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (Bookmark Manager) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Pin It Button) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-28]
CHR Extension: (Hush - private bookmarking) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2014-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-29]
CHR Extension: (Gmail) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) []
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-15] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 00:37 - 2015-05-24 00:37 - 00015744 _____ () C:\Users\Brad\Desktop\FRST.txt
2015-05-23 13:23 - 2015-05-23 13:23 - 05234760 _____ () C:\Users\Brad\Downloads\5553972+_50fb53493dc9aee2d8e65fee0bd3c5d2.mp4
2015-05-23 13:23 - 2015-05-23 13:23 - 00770982 _____ () C:\Users\Brad\Downloads\5553972+_4f5c01c15a1c1509555762c48a3a2b55.webm
2015-05-23 11:27 - 2015-05-23 11:27 - 01512863 _____ () C:\Users\Brad\Downloads\5554024+_9fabcbf401564fad11a52a8d3bbd992f.webm
2015-05-22 20:39 - 2015-05-22 20:39 - 01288075 _____ () C:\Users\Brad\Downloads\Behold+_7cdb5517fc30ba21afe5093801e816b1.webm
2015-05-20 19:44 - 2015-05-20 19:44 - 00787570 _____ () C:\Users\Brad\Downloads\Mod 5 Revision - Loop (1).pptx
2015-05-20 17:19 - 2015-05-20 17:19 - 00787570 _____ () C:\Users\Brad\Downloads\Mod 5 Revision - Loop.pptx
2015-05-19 17:57 - 2015-05-19 17:57 - 00412800 _____ () C:\Users\Brad\Downloads\Module 4 Specification.pptx
2015-05-18 23:46 - 2015-05-18 23:46 - 03422180 _____ () C:\Users\Brad\Downloads\There+were+multiple+planes+it+had+to+be+a+cover+_7fd9908927c81dcfad631ceb46970d83.webm
2015-05-18 23:43 - 2015-05-18 23:43 - 09143019 _____ () C:\Users\Brad\Downloads\gord ramsay nice.mp4
2015-05-18 23:43 - 2015-05-18 23:43 - 01716470 _____ () C:\Users\Brad\Downloads\raw.webm
2015-05-18 23:43 - 2015-05-18 23:43 - 01716470 _____ () C:\Users\Brad\Downloads\Obligatory+_f1dd21db8cdbe432d409b63f5b223a5b (1).webm
2015-05-17 20:52 - 2015-05-17 20:53 - 04059972 _____ () C:\Users\Brad\Downloads\potion seller.webm
2015-05-17 20:37 - 2015-05-17 20:40 - 48898446 _____ () C:\Users\Brad\Downloads\39a0fb_5548152.mp4
2015-05-17 20:25 - 2015-05-17 20:25 - 02432940 _____ () C:\Users\Brad\Downloads\We+re+bleeped+_405bbda066442c751e358ac7e01413cd.webm
2015-05-17 20:25 - 2015-05-17 20:25 - 00295223 _____ () C:\Users\Brad\Downloads\doll.webm
2015-05-17 20:06 - 2015-05-17 20:06 - 01975462 _____ () C:\Users\Brad\Downloads\4144185+_3e04610b862f02d31cc1b39fcdea67a6.webm
2015-05-17 02:08 - 2015-05-17 02:09 - 03823471 _____ () C:\Users\Brad\Downloads\d3e288_5547387.mp4
2015-05-17 02:08 - 2015-05-17 02:09 - 01781848 _____ () C:\Users\Brad\Downloads\df1984_5547387.mp4
2015-05-17 02:08 - 2015-05-17 02:08 - 04161275 _____ () C:\Users\Brad\Downloads\ca3a64_5547387.mp4
2015-05-17 02:08 - 2015-05-17 02:08 - 01591878 _____ () C:\Users\Brad\Downloads\16973e_5547387.mp4
2015-05-17 02:04 - 2015-05-17 01:14 - 65441609 _____ () C:\Users\Brad\Downloads\02fb79_5547364.mp4
2015-05-17 02:02 - 2015-05-17 02:02 - 00873131 _____ () C:\Users\Brad\Downloads\flush.webm
2015-05-17 01:57 - 2015-05-17 01:57 - 00333161 _____ () C:\Users\Brad\Downloads\shrek.webm
2015-05-16 21:43 - 2015-05-16 21:45 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-16 21:43 - 2015-05-16 21:45 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-05-16 21:43 - 2015-05-16 21:43 - 00001079 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-05-16 21:43 - 2015-05-16 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-05-16 21:43 - 2015-05-16 21:43 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-16 21:42 - 2015-05-16 21:42 - 04095448 _____ (BrightFort LLC ) C:\Users\Brad\Downloads\spywareblastersetup50.exe
2015-05-16 14:00 - 2015-05-23 11:19 - 00000616 _____ () C:\Windows\setupact.log
2015-05-16 14:00 - 2015-05-16 14:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 04:09 - 2015-05-24 00:37 - 00000000 ____D () C:\Users\Brad\Desktop\New folder
2015-05-15 20:35 - 2015-05-15 20:35 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\www.shadowexplorer.com
2015-05-15 20:31 - 2015-05-15 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-05-15 20:31 - 2015-05-15 20:31 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-05-15 20:21 - 2015-05-15 20:21 - 00000000 ____D () C:\Program Files\McAfee
2015-05-15 19:42 - 2015-05-15 19:43 - 00019196 _____ () C:\Users\Brad\Downloads\Result.txt
2015-05-15 18:27 - 2015-05-15 18:27 - 00001031 _____ () C:\Users\UpdatusUser\Desktop\WinDirStat.lnk
2015-05-15 18:27 - 2015-05-15 18:27 - 00001031 _____ () C:\Users\Guest\Desktop\WinDirStat.lnk
2015-05-15 18:27 - 2015-05-15 18:27 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-15 18:27 - 2015-05-15 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-15 18:27 - 2015-05-15 18:27 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-05-15 15:51 - 2015-05-15 15:55 - 00000000 ____D () C:\ProgramData\SUPERSetup
2015-05-15 14:47 - 2015-05-15 14:47 - 00007603 _____ () C:\Users\Brad\AppData\Local\Resmon.ResmonCfg
2015-05-15 13:37 - 2015-05-15 13:39 - 00000000 ____D () C:\MGADiagToolOutput
2015-05-15 13:37 - 2015-05-15 13:37 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-05-15 13:02 - 2015-05-15 13:02 - 00028357 _____ () C:\Users\Brad\Downloads\Addition.txt
2015-05-15 13:00 - 2015-05-24 00:37 - 00000000 ____D () C:\FRST
2015-05-15 12:59 - 2015-05-24 00:36 - 02108416 _____ (Farbar) C:\Users\Brad\Desktop\FRST64.exe
2015-05-14 21:49 - 2015-05-22 22:35 - 00000000 ____D () C:\Program Files\Recuva
2015-05-14 21:49 - 2015-05-14 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-05-13 22:06 - 2015-05-13 22:06 - 00001535 _____ () C:\Users\Public\Desktop\CASIO FA-124.lnk
2015-05-13 22:06 - 2015-05-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
2015-05-05 11:37 - 2015-05-05 11:38 - 00000320 _____ () C:\Windows\Tasks\0415avUpdateInfo.job
2015-05-05 11:37 - 2015-05-05 11:37 - 00002438 _____ () C:\Windows\System32\Tasks\0415avUpdateInfo
2015-05-05 11:37 - 2015-05-05 11:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0415av
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 00:31 - 2014-07-30 00:44 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Skype
2015-05-24 00:00 - 2014-12-08 16:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 23:23 - 2014-07-30 01:10 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-23 23:00 - 2014-12-08 16:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 23:00 - 2014-08-05 17:18 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 19:56 - 2014-11-29 17:08 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{26212C48-D6A7-4C27-9933-E5812CD8532A}
2015-05-23 18:16 - 2014-07-29 20:59 - 01683135 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 12:16 - 2014-07-30 01:35 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\vlc
2015-05-23 11:25 - 2009-07-14 06:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 11:19 - 2014-08-05 19:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-23 11:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 23:04 - 2014-07-29 21:00 - 00000000 ____D () C:\Users\Brad
2015-05-22 22:38 - 2014-07-30 01:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-22 17:03 - 2014-12-08 16:45 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-19 16:44 - 2014-07-30 15:52 - 00000000 ____D () C:\Users\Brad\Documents\Picures
2015-05-16 02:47 - 2014-07-30 01:14 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\uTorrent
2015-05-16 01:04 - 2014-07-30 01:04 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-16 00:59 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-16 00:59 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-16 00:51 - 2014-08-05 20:20 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-15 22:55 - 2014-12-08 16:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 22:55 - 2014-12-08 16:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 21:46 - 2014-08-07 14:17 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\HandBrake
2015-05-15 21:31 - 2014-07-30 01:31 - 00000000 ____D () C:\Users\Brad\Desktop\Homework
2015-05-15 20:14 - 2014-12-02 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2015-05-15 20:13 - 2014-07-30 00:37 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-15 14:32 - 2014-07-29 20:12 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 14:32 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 14:32 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 12:59 - 2014-10-23 17:01 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-15 12:59 - 2014-07-30 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-14 22:00 - 2014-10-25 16:54 - 00112320 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-14 15:42 - 2009-07-14 05:45 - 00446680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:49 - 2014-07-29 21:04 - 00112320 _____ () C:\Users\Brad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-10 00:47 - 2014-07-30 15:29 - 00000000 ____D () C:\Users\Brad\AppData\Local\Windows Live
2015-05-05 20:13 - 2014-08-05 16:11 - 00000000 ____D () C:\Users\Brad\Documents\My Kindle Content
2015-05-04 11:32 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-30 11:35 - 2014-07-30 00:44 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 06:29 - 2014-08-06 04:43 - 00029696 _____ () C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2014-08-06 04:43 - 2015-04-26 06:29 - 0029696 _____ () C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-15 14:47 - 2015-05-15 14:47 - 0007603 _____ () C:\Users\Brad\AppData\Local\Resmon.ResmonCfg
2014-07-30 03:12 - 2014-07-30 03:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-15 15:17
 
==================== End of log ============================

Attached Files



#5 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:20 PM

Posted 29 May 2015 - 06:24 PM

Hi,

 

Your logfiles actually appear to be clean. Dllhost.exe is just a legit Microsoft Windows process. You can find some information here and here.

 

I advise you to ask your question in our Windows 7 subforums.

 

Have you got any questions left for me? If not, I'll close your topic here, so you're able to continue troubleshooting within the Windows 7 subforums. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#6 mintea

mintea
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 29 May 2015 - 07:47 PM

Huh, well, great :D

 

From the link it looks like just updating "KB2670838" might fix this? Or does this mean to go to a version before that update? 

 

(Should these questions be asked in the windows 7 subforum?)

 

Thank you very much :)



#7 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:20 PM

Posted 30 May 2015 - 07:12 AM

Hi,

 

That user (and the replies on it) is suggesting to remove the KB2670838 update and removing Internet Explorer 10 as well. You should consider that when uninstalling a later version of Internet Explorer, your system will be more vulnerable to malware. It's up to you what you do with this information.

 

I would just post in the Windows 7 subforum and wait for a reply there. I'm sure they'll be glad to help you out.

 

Any other questions left for me? :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#8 mintea

mintea
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 30 May 2015 - 07:28 AM

Just where to find the KB2670838 update, but that might be something for the windows 7 subforum?

 

I'm confused, how does uninstalling an internet browser make me more vulnerable to malware? (I use chrome, if that changes anything?)

 

If this should be answered in the subforum you can close the topic if you want and I'll ask these there, too.

Thank you :)



#9 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:20 PM

Posted 30 May 2015 - 08:46 AM

Hi,

 

If you go to Start Menu > Control Panel > Uninstall a program, you can click View installed updates in the left menu. There you can uninstall updates, like the KB-update and the new version of Internet Explorer.

 

Once you uninstall Internet Explorer 10, you get an older version in return (Internet Explorer 8 if I'm right). That contains security leaks that were patched in the period Internet Explorer 10 was released. That's what I mean with 'you'll become more vulnerable to malware'. As you're using Chrome, you can ignore this. It only affects your computers' security if you're using Internet Explorer.

 

You can post any other questions in the Windows 7 subforum. Any questions left for me? (malware (prevention) related?)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#10 mintea

mintea
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 30 May 2015 - 09:13 AM

Okay I'll try that and if problems still occur I'll post in the other subforum.

I have no other questions.

 

Thank you very much for your help :)



#11 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:20 PM

Posted 30 May 2015 - 09:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users