Possible malware infection - unable to install AV software and random event 55 errors etc.

[seb8808]

Hi,

My computer have been acting strangely the last few days. It started yesterday morning when I got dozens of Event 55 errors in the Event Viewer saying "The file system structure on the disk is corrupt and unusable." followed by lots of corrupt files and random software crashes (including Nod32 which completely stopped working). The computer is brand new (barely 2 months old).

I've been unable to install a new AV program without it crashing, so I've been using Windows Defender today.

I've run Malwarebytes but it couldn't find anything.

I was hoping someone on here could go through my log and see if there's anything suspicious.

Thanks!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Sebbe at 20:56:08 on 2012-03-16

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.8109.5183 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

C:\Program Files (x86)\akoTV2\akoTV2.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

c:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [µTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [Thunderbird] C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

uRun: [seriousBit.NetBalancer.Tray] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iTunesHelper] "c:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [APSDaemon] "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

StartupFolder: C:\Users\Sebbe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\akoTV2.lnk - C:\Program Files (x86)\akoTV2\akoTV2.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{12142064-14A3-46CA-9F72-E28ABA6C6BF7} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iTunesHelper] "c:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [APSDaemon] "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sebbe\AppData\Roaming\Mozilla\Firefox\Profiles\apo172gl.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-1-28 10240]

R2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-1-28 114688]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-28 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-1-27 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-1-28 30528]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-03-16 18:25:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-16 17:51:58 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\f-secure

2012-03-16 17:51:49 -------- d-----w- C:\ProgramData\F-Secure

2012-03-15 22:56:40 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-15 22:56:36 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{25D75B8A-B082-4C94-B582-7BC067BA544C}\mpengine.dll

2012-03-15 22:49:25 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-15 22:40:44 98816 ----a-w- C:\Windows\sed.exe

2012-03-15 22:40:44 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-15 22:40:44 256000 ----a-w- C:\Windows\PEV.exe

2012-03-15 22:40:44 208896 ----a-w- C:\Windows\MBR.exe

2012-03-15 22:02:56 -------- d-----w- C:\Windows\pss

2012-03-15 21:08:04 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2012-03-15 21:08:04 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2012-03-15 21:03:01 -------- d-----w- C:\Program Files\iTunes

2012-03-15 21:03:01 -------- d-----w- C:\Program Files\iPod

2012-03-15 20:58:51 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2012-03-15 20:58:51 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2012-03-15 20:47:11 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2012-03-15 20:44:22 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-15 20:44:22 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-15 20:44:20 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-15 20:43:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-03-15 20:28:25 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2012-03-15 20:17:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2012-03-15 18:13:07 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-15 18:13:07 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-03-15 18:13:07 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-03-15 18:13:06 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-15 18:13:06 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-03-15 18:13:06 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-03-15 18:13:06 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-15 18:13:06 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-15 18:13:05 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-03-15 18:13:05 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-03-15 18:11:58 142336 ----a-w- C:\Windows\System32\poqexec.exe

2012-03-15 18:10:47 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-03-15 18:09:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-03-15 18:09:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-03-15 18:08:45 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-03-15 18:08:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-03-15 18:06:04 139264 ----a-w- C:\Windows\System32\cabview.dll

2012-03-15 18:06:04 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2012-03-15 17:54:52 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-03-15 17:54:51 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-03-11 12:46:15 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Mask Pro 4.0

2012-03-11 12:44:13 -------- d-----w- C:\Windows\SysWow64\spool

2012-03-11 12:44:13 -------- d-----w- C:\Program Files\onOne Software

2012-03-11 12:43:42 -------- d-----w- C:\ProgramData\onOne Software

2012-03-10 09:20:55 -------- d-----w- C:\ProgramData\AMD

2012-03-10 09:20:55 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-03-10 09:20:52 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-03-06 18:04:31 -------- d-----w- C:\Program Files (x86)\ReNamer

2012-03-04 21:16:15 -------- d-----w- C:\Program Files\MediaInfo

2012-03-04 17:54:19 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\SUPERAntiSpyware.com

2012-03-04 17:54:03 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-04 17:54:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-04 10:13:21 -------- d-----w- C:\Users\Sebbe\AppData\Local\TechSmith

2012-03-04 10:12:49 411480 ----a-w- C:\Windows\SysWow64\tsccvid.dll

2012-03-04 10:12:48 -------- d-----w- C:\Windows\SysWow64\QuickTime

2012-03-04 10:12:30 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2012-03-03 10:58:37 -------- d-----w- C:\ProgramData\Rosetta Stone

2012-03-03 10:57:58 -------- d-----w- C:\Program Files (x86)\RosettaStoneLtdServices

2012-03-03 10:42:34 -------- d-----w- C:\Program Files (x86)\Rosetta Stone

2012-03-03 10:41:24 -------- d-----w- C:\ProgramData\RosettaStoneLtdServices

2012-03-03 10:39:33 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2012-02-26 19:09:16 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Mp3tag

2012-02-26 19:08:56 -------- d-----w- C:\Program Files (x86)\Mp3tag

2012-02-25 09:33:26 -------- d-----w- C:\ProgramData\vsosdk

2012-02-25 09:10:20 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll

2012-02-25 09:10:20 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll

2012-02-25 09:10:20 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll

2012-02-25 09:10:20 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll

2012-02-25 09:10:20 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll

2012-02-25 09:10:20 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll

2012-02-25 09:10:20 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll

2012-02-25 09:10:18 -------- d-----w- C:\Program Files (x86)\VSO

2012-02-23 21:43:24 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\PCF-VLC

2012-02-23 21:35:21 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Participatory Culture Foundation

2012-02-21 19:01:39 -------- d-----w- C:\Program Files (x86)\StreamingStar

2012-02-21 18:57:57 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Hensense.com

2012-02-21 18:49:51 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Wireshark

2012-02-21 18:45:21 -------- d-----w- C:\Program Files (x86)\WinPcap

2012-02-20 19:55:40 -------- d-----w- C:\JokerS32

2012-02-19 21:10:39 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Xi

2012-02-18 10:38:46 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\aignes

2012-02-17 22:36:34 -------- d-----w- C:\Users\Sebbe\AppData\Local\Spotify

2012-02-17 22:36:11 -------- d-----w- C:\Users\Sebbe\AppData\Roaming\Spotify

2012-02-16 17:26:07 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-02-16 17:25:16 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll

2012-02-16 17:25:16 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll

2012-02-16 17:23:47 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-02-16 17:22:51 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-02-16 17:21:41 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-02-16 17:21:41 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2012-02-16 17:21:41 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2012-02-16 17:21:41 288256 ----a-w- C:\Windows\System32\MSNP.ax

2012-02-16 17:21:41 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2012-02-16 17:21:41 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2012-02-16 17:21:40 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2012-02-16 17:21:40 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2012-02-16 17:21:40 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2012-02-16 17:21:40 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2012-02-16 17:18:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2012-02-16 17:17:51 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-02-16 17:17:51 720896 ----a-w- C:\Windows\System32\odbc32.dll

2012-02-16 17:17:51 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2012-02-16 17:17:51 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-02-16 17:17:51 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-02-16 17:17:51 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-02-16 17:17:51 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-02-16 17:17:51 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-02-16 17:17:51 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-02-16 17:17:51 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-02-16 17:17:34 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2012-02-16 17:17:34 236032 ----a-w- C:\Windows\System32\srvsvc.dll

.

==================== Find3M ====================

.

2012-03-16 19:27:42 25640 ----a-w- C:\Windows\gdrv.sys

2012-03-15 22:21:56 30528 ----a-w- C:\Windows\GVTDrv64.sys

2012-03-15 17:15:58 25640 ----a-w- C:\Windows\etdrv.sys

2012-03-07 18:30:36 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-07 18:30:36 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-02-25 08:08:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll

2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll

2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll

2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-02-12 00:13:49 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-02-01 18:20:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-01-31 05:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 05:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-01-28 09:23:39 82816 ----a-w- C:\Users\Sebbe\AppData\Roaming\pcouffin.sys

2012-01-28 09:22:22 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys

2012-01-28 03:16:54 0 ----a-w- C:\Windows\ativpsrm.bin

2012-01-27 22:08:31 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys

2012-01-27 21:57:28 230864 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2012-01-27 21:44:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-27 20:54:18 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-01-27 20:54:18 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-01-27 20:54:18 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-01-27 20:54:18 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-01-20 13:14:30 18816 ----a-w- C:\Windows\System32\roboot64.exe

2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2006-05-03 11:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 12:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 14:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 20:56:24,97 ===============

Attach.txt

DDS.txt

[Maurice Naggar]

Hello seb,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
  
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.
  

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!