flymedic Posted July 13, 2013 ID:702213 Share Posted July 13, 2013 I believe my three kids playing with my computer has gotten me a bug. My hard drive is now saying it is full or virtually full, depending on the day. Help Please. I have copied the DDS report below. Scott DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by Keatts at 21:10:28 on 2013-07-12Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7886.6002 [GMT -5:00].AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ASRock\XFast LAN\cfosspeed.exeC:\Windows\System32\rundll32.exeC:\Program Files\ASRock\XFast LAN\spd.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\DnsBasic\dnsbasic.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\DnsBasic\dnsbasic.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\XFastUSB\XFastUsb.exeC:\Program Files (x86)\PasswordBox\pbbtnService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEc:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - <orphaned>BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: DDownyLaoweApp: {8251C5D4-71A4-8644-2B18-B3BAB548C191} - C:\ProgramData\DDownyLaoweApp\51ccdf839bd54.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dllTB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dlluRun: [ASRockXTU] <no file>mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /rmRun: [updReg] C:\Windows\UpdReg.EXEmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimizemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0TCP: NameServer = 192.168.1.1TCP: Interfaces\{DD8027BE-3365-4BB4-A230-8C2B98C0321B} : DHCPNameServer = 192.168.1.1AppInit_DLLs= c:\progra~2\saveas\sprote~1.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exex64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-3-2 31016]R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-2 647736]R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-2 28216]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-2 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-3-2 17192]R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-3-2 16648]R2 DnsBasic Service;DnsBasic Service;C:\Program Files (x86)\DnsBasic\dnsbasic.exe [2013-6-10 22528]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-2 14904]R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 701512]R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-3-1 67584]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-2 59392]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-2 84608]R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-2 342528]R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-2 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-2 788760]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-1 25928]R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-3-2 32344]R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-3-2 34752]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-6-16 32320]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-1 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-1 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-1 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-1 1255736].=============== Created Last 30 ================.2013-07-13 02:02:17 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30F15BF1-22A3-4B97-B74E-9D2422B7C807}\mpengine.dll2013-07-13 02:00:40 -------- d-----w- C:\Windows\System32\MRT2013-07-12 17:22:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2013-07-12 17:22:34 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2013-07-12 17:22:25 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2013-07-12 17:22:17 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2013-07-12 08:30:48 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-11 11:22:08 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-11 11:21:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-11 11:21:57 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-07-08 17:49:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-07-08 17:49:44 -------- d-----w- C:\Program Files\iTunes2013-07-08 17:49:44 -------- d-----w- C:\Program Files\iPod2013-07-08 17:49:44 -------- d-----w- C:\Program Files (x86)\iTunes2013-06-29 01:05:41 -------- d-----w- C:\ProgramData\Blizzard Entertainment2013-06-29 01:05:41 -------- d-----w- C:\Program Files (x86)\World of Warcraft2013-06-29 01:05:41 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2013-06-29 01:04:29 -------- d-----w- C:\ProgramData\Battle.net2013-06-28 00:55:45 -------- d-----w- C:\ProgramData\StarApp2013-06-28 00:55:16 -------- d-----w- C:\ProgramData\BetterSoft2013-06-28 00:54:53 -------- d-----w- C:\Program Files (x86)\SaveAs2013-06-28 00:54:48 -------- d-----w- C:\ProgramData\DDownyLaoweApp2013-06-28 00:54:24 -------- d-----w- C:\ProgramData\InstallMate2013-06-24 02:21:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-20 22:05:07 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3E77F10-34D2-4893-8524-2BEF18B4207C}\gapaengine.dll2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-06-16 14:18:29 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS.==================== Find3M ====================.2013-07-13 02:02:59 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp2013-07-13 02:02:59 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys2013-06-24 02:21:48 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-24 02:21:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-06-12 21:51:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-12 21:51:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll.============= FINISH: 21:10:34.37 =============== DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 3/2/2013 12:07:27 AMSystem Uptime: 7/12/2013 9:02:46 PM (0 hours ago).Motherboard: ASRock | | Z77 Extreme6Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 60 GiB total, 0.79 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 298 GiB total, 156.146 GiB free.X: is FIXED (NTFS) - 119 GiB total, 106.041 GiB free..==== Disabled Device Manager Items =============.Class GUID: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}Description: Programming SupportDevice ID: ROOT\PROGRAMMING_SUPPORT\0001Manufacturer: Mad CatzName: Programmable Root EnumeratorPNP Device ID: ROOT\PROGRAMMING_SUPPORT\0001Service: SaiNtBus.==== System Restore Points ===================..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader XI (11.0.03)Apple Application SupportApple Mobile Device SupportApple Software UpdateAsmedia ASM106x SATA Host Controller DriverASRock App Charger v1.0.5ASRock eXtreme Tuner v0.1.250ASRock InstantBoot v1.29ASRock SmartConnect v1.0.6ASRock XFast RAM v2.0.9BonjourBroadcom NetLink ControllerCanon MP495 series MP DriversCore Temp 1.0 RC4CyberLink MediaEspressoDDownyLaoweAppDnsBasic 1.0 build 111Etron USB3.0 Host ControllerFile Type AssistantFree File Viewer 2012Google ChromeGoogle EarthGoogle Update HelperInfoAtoms [uninstall]Intel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Smart Connect Technology 2.0 x64Intel® USB 3.0 eXtensible Host Controller DriveriTunesJava 7 Update 25Java Auto UpdaterMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Flight Simulator XMicrosoft Flight Simulator X Service Pack 1Microsoft Flight Simulator X Service Pack 2Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft VC9 runtime librariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKOptimizerProPasswordBoxPDFCreatorPirate101Realtek High Definition Audio DriverSaveAs 1.74Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)THX TruStudioTOPCAT 2.72 Beta 4 - Take-Off and Landing Performance Calculation ToolUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)VAT-SpyWizard101World of WarcraftXFast LAN v6.61XFastUSBZuma Deluxe 1.0.==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2013 Root Admin ID:702238 Share Posted July 13, 2013 Hello flymedic,Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 03Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 04Please download AdwCleaner by Xplode to your desktop.Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. If prompted by the User Account Control click Yes to allow it to run. Under Actions click on the Delete button. Click OK on all prompts. You will be prompted to restart your computer. A text file will open after the restart. Please post the entire contents of that logfile to your next reply. You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.STEP 05Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
flymedic Posted July 14, 2013 Author ID:702629 Share Posted July 14, 2013 Attached are the logs requested. Thank you Scottmbar-log-2013-07-14 (08-12-00).txtsystem-log.txteset.txtadwcleaner.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 15, 2013 Root Admin ID:702834 Share Posted July 15, 2013 Please run the ESET scan again but this time please set it to FIX what it finds. Then run the following Next, download Security Check from here or here.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Thanks Link to post Share on other sites More sharing options...
flymedic Posted July 16, 2013 Author ID:703547 Share Posted July 16, 2013 Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` VAT-Spy Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Reader XI Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 44% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703694 Share Posted July 16, 2013 Are you running an SSD hard drive? If not you may want to look at re-enabling automatic disk defragmentation. If you are running an SSD then you can ignore it. How is the computer running otherwise? Are there still any signs of an infection? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 23, 2013 Root Admin ID:706183 Share Posted July 23, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts