Jump to content
Dizzee367

Keep getting hacked.

Recommended Posts

Hello all. For a while now, I have been getting e-mail warnings about suspicious sign-in attempts to various accounts of mine. These last few days though, someone has been continuously hacking into my account on a game I play called "League of Legends". Their support has been great in helping me recover my account, but everytime I change the password, somehow this hacker will manage to regain access back into my account and change the e-mail address and password within an hour. This has happened about 4 times now. Earlier today, I realised that my Malwarebytes was out-of-date (by a lot!). I updated it, and ran a QUICK scan, this found about 20 infected files called "PUP.VShareRedir", these have now all been removed. After, I ran a FULL scan and ran a full computer scan with AVG, nothing was found from either but I'm still not entirely sure my PC is clean. Before I recover my League of Legends account (for the 5th time!! :(), I would like help making sure it is safe to do so, and that this hacker will not gain access to my account again as I'm not very good with computers as you can tell!. Any help would be much appreciated.

 

Below are my DDS.txt and Attatch.txt files. Thanks in advance!

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Steven at 23:57:48 on 2013-08-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1790.544 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kinoni\KinoniSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}





TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{643DA03B-A5E2-4530-B240-D6F74FF1A0AC} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{643DA03B-A5E2-4530-B240-D6F74FF1A0AC}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{643DA03B-A5E2-4530-B240-D6F74FF1A0AC}\3486960737 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{643DA03B-A5E2-4530-B240-D6F74FF1A0AC}\4514C4B44514C4B4D2834463130354 : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\jiilojfl.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-2-7 482384]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-10 41704]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-7 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\KinoniSvc.exe [2011-12-17 304128]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104]
R3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2011-12-17 23040]
R3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2011-12-17 2782848]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-9 215040]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-1-29 1089056]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-3 11856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-7 222208]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-18 14544]
.
=============== Created Last 30 ================
.
2013-08-11 18:21:59    48640    ----a-w-    C:\Windows\SysWow64\mshtmler.dll
2013-08-11 18:13:40    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-11 15:01:55    --------    d-----w-    C:\Users\Steven\AppData\Local\Programs
2013-08-11 14:28:57    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-08-11 14:28:57    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-08-11 14:27:57    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-08-11 14:27:57    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-08-11 14:27:57    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-08-11 14:27:21    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2013-08-11 14:27:21    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2013-08-11 14:27:21    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2013-08-11 14:27:21    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2013-08-11 14:27:08    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-08-11 14:26:51    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-08-11 14:26:49    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-08-11 14:26:49    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-08-11 14:26:48    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-08-11 14:26:01    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-08-11 14:26:00    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-08-11 14:26:00    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-08-11 14:25:59    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-08-11 14:25:59    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-08-11 14:25:59    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-08-11 14:25:58    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-08-11 14:25:54    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-08-11 14:25:54    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-08-11 14:20:39    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-11 14:20:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-08-11 14:20:36    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-08-11 13:31:19    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-08-11 13:31:17    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-08-11 02:46:45    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-11 02:34:04    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-08-11 02:34:03    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-08-10 19:55:48    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-08-10 19:55:47    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-08-10 19:55:47    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-08-10 19:55:47    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-08-10 18:03:04    --------    d-----w-    C:\Windows\System32\SPReview
2013-08-10 17:58:58    --------    d-----w-    C:\Windows\System32\EventProviders
2013-08-10 17:46:12    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-08-10 17:46:12    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-08-10 17:46:11    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-08-10 17:46:11    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-08-10 17:45:11    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-08-10 17:45:11    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-08-10 17:45:10    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-08-10 17:45:10    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-08-10 17:45:08    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-08-10 17:45:07    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-08-10 17:45:07    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-08-10 17:41:22    --------    d-----w-    C:\Users\Steven\AppData\Local\Microsoft Help
2013-08-10 17:11:13    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-08-10 17:11:12    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-08-10 17:09:59    327168    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-08-10 17:08:59    317952    ----a-w-    C:\Windows\System32\dhcpcore.dll
2013-08-10 17:07:58    561152    ----a-w-    C:\Program Files (x86)\Common Files\System\msadc\msadce.dll
2013-08-10 17:06:59    98816    ----a-w-    C:\Windows\SysWow64\Robocopy.exe
2013-08-10 17:05:59    663040    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-08-10 17:04:50    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-08-10 17:04:50    2560    ----a-w-    C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2013-08-10 17:04:44    6144    ----a-w-    C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2013-08-10 17:04:44    4608    ----a-w-    C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2013-08-10 17:04:26    189952    ----a-w-    C:\Windows\SysWow64\sqmapi.dll
2013-08-10 17:04:23    189952    ----a-w-    C:\Windows\SysWow64\wdscore.dll
2013-08-10 17:04:22    209920    ----a-w-    C:\Windows\SysWow64\PkgMgr.exe
2013-08-10 17:03:35    323072    ----a-w-    C:\Windows\SysWow64\drvstore.dll
2013-08-10 17:03:34    257024    ----a-w-    C:\Windows\SysWow64\dpx.dll
2013-08-10 17:03:26    189952    ----a-w-    C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2013-08-10 17:03:25    606208    ----a-w-    C:\Windows\SysWow64\wbem\fastprox.dll
2013-08-10 17:03:25    363008    ----a-w-    C:\Windows\SysWow64\wbemcomn.dll
2013-08-10 16:59:19    244736    ----a-w-    C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-08-10 16:59:17    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2013-08-10 16:59:17    524288    ----a-w-    C:\Windows\System32\wmicmiplugin.dll
2013-08-10 16:59:17    1225216    ----a-w-    C:\Windows\System32\wbem\wbemcore.dll
2013-08-10 16:58:55    933376    ----a-w-    C:\Windows\System32\SmiEngine.dll
2013-08-10 16:58:55    244736    ----a-w-    C:\Windows\System32\sqmapi.dll
2013-08-10 16:58:37    199168    ----a-w-    C:\Windows\System32\PkgMgr.exe
2013-08-10 16:57:32    422912    ----a-w-    C:\Windows\System32\drvstore.dll
2013-08-10 16:57:29    399872    ----a-w-    C:\Windows\System32\dpx.dll
2013-08-10 16:49:19    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-10 16:49:17    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-10 16:49:17    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-10 16:49:16    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-10 16:49:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-10 16:49:08    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-10 16:48:46    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-10 16:48:46    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-10 16:48:22    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-08-10 16:48:22    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-08-10 16:48:18    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-08-10 16:48:18    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-08-10 16:48:18    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-08-10 16:48:18    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-08-10 16:47:30    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2013-08-10 16:47:29    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2013-08-10 16:47:29    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2013-08-10 16:47:28    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-08-10 16:47:06    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-08-10 16:47:03    220160    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-10 16:47:03    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-10 16:37:16    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-08-10 16:28:17    376688    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-08-10 16:28:16    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-08-10 16:28:10    800768    ----a-w-    C:\Windows\System32\usp10.dll
2013-08-10 16:28:10    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2013-08-10 16:28:04    715776    ----a-w-    C:\Windows\System32\kerberos.dll
2013-08-10 16:28:04    542208    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2013-08-10 16:28:00    59392    ----a-w-    C:\Windows\System32\browcli.dll
2013-08-10 16:28:00    136704    ----a-w-    C:\Windows\System32\browser.dll
2013-08-10 16:27:59    41984    ----a-w-    C:\Windows\SysWow64\browcli.dll
2013-08-10 16:27:55    956928    ----a-w-    C:\Windows\System32\localspl.dll
2013-08-10 16:27:55    39424    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-08-10 16:27:51    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-10 16:27:47    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-10 16:27:46    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-10 16:27:44    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-08-10 16:27:44    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-10 16:27:43    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-08-10 16:27:37    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-08-10 16:27:37    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2013-08-10 16:27:36    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-08-10 16:26:28    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-08-10 16:26:27    67072    ----a-w-    C:\Windows\splwow64.exe
2013-08-10 16:26:12    95744    ----a-w-    C:\Windows\System32\synceng.dll
2013-08-10 16:26:12    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2013-08-09 23:24:51    --------    d-----w-    C:\Users\Steven\AppData\Local\{4FBCB8F4-4CE4-40CC-B947-97C6D36196FE}
2013-07-17 18:07:02    --------    d-----w-    C:\Users\Steven\AppData\Local\{E00759D8-E592-4121-8A74-D69D0B1BD8E4}
.
==================== Find3M  ====================
.
2013-08-11 18:21:59    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-11 18:20:53    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-11 18:20:52    173568    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-08-11 18:20:46    13824    ----a-w-    C:\Windows\System32\mshta.exe
2013-08-11 18:20:44    51200    ----a-w-    C:\Windows\System32\imgutil.dll
2013-08-11 18:20:40    135680    ----a-w-    C:\Windows\System32\IEAdvpack.dll
2013-08-11 18:20:37    92160    ----a-w-    C:\Windows\System32\SetIEInstalledDate.exe
2013-08-11 18:20:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-11 18:20:34    48640    ----a-w-    C:\Windows\System32\mshtmler.dll
2013-08-11 18:20:33    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-11 18:20:26    77312    ----a-w-    C:\Windows\System32\tdc.ocx
2013-08-11 12:46:30    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-11 12:46:30    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-11 02:46:28    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-08-11 02:46:28    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-08-10 23:38:30    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-08-10 23:38:30    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
.
============= FINISH:  0:01:01.59 ===============
 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/03/2010 21:24:55
System Uptime: 11/08/2013 22:14:15 (2 hours ago)
.
Motherboard: TOSHIBA |  | NBWAE
Processor: AMD Sempron SI-42 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 10.171 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 109.379 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 10/08/2013 19:02:03 - Windows 7 Service Pack 1
RP221: 11/08/2013 03:31:39 - Installed Java 7 Update 25 (64-bit)
RP222: 11/08/2013 03:36:12 - Removed Java 7 Update 25 (64-bit)
RP223: 11/08/2013 03:37:21 - Installed Java 7 Update 25 (64-bit)
RP224: 11/08/2013 03:41:06 - Removed Java 7 Update 21
RP225: 11/08/2013 03:42:41 - Removed Java 6 Update 29
RP226: 11/08/2013 03:44:18 - Removed Java 7 Update 25 (64-bit)
RP227: 11/08/2013 03:46:09 - Installed Java 7 Update 25
RP228: 11/08/2013 18:04:05 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2013
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Command & Conquer Windows 95 Edition Stand Alone v1.06b r2
D3DX10
Discworld (WBB Edition)
DiskAid 3.11
DivX Setup
Download Updater (AOL LLC)
Driving Test Success - All Tests 2012 Edition
Driving Test Success - All Tests 2012 Edition (Update 2)
eBay
Eusing Free Registry Cleaner
Free Video Dub version 2.0.3.1228
Freez FLV to AVI/MPEG/WMV Converter
Game Booster 3
Google Earth Plug-in
Google Update Helper
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
KinoniDrivers 2.4
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.0.80 (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-GB)
MSVC80_x64_v2
MSVC80_x86_v2
MSVCRT
MSVCRT_amd64
PlayReady PC Runtime amd64
PokerStars
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Launcher
Skype™ 6.0
Steam
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRORMCLauncher
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-GB)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
VideoPad Video Editor
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
11/08/2013 22:23:06, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2846071).
11/08/2013 22:15:56, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
11/08/2013 22:15:56, Error: atikmdag [43029]  - Display is not active
11/08/2013 22:13:37, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
11/08/2013 22:13:01, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
11/08/2013 22:06:53, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/08/2013 22:06:23, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
11/08/2013 01:09:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2748349).
11/08/2013 01:09:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2756920).
11/08/2013 01:09:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2742598).
11/08/2013 01:09:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2736418).
11/08/2013 01:09:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2729451).
11/08/2013 01:09:26, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2789644).

11/08/2013 00:57:52, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
10/08/2013 21:15:34, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/08/2013 21:15:34, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
09/08/2013 12:38:28, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 

 

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Share this post


Link to post
Share on other sites

Hello AdvancedSetup, thank you for the help. All was going fine up until Step 3 with the Malwarebytes Anti-Rootkit scan. Less than a minute after the scan started, I got a big blue screen and my PC suddenly shut-down/restarted. What do I do?

 

Also, I forgot to enable my system to show hidden files. Is this a problem? I will attatch the RogueKiller report anyway and await further instruction. Thanks.

RKreport0_S_08122013_153147.txt

Share this post


Link to post
Share on other sites

Okay, for now go ahead and skip the MBAR and move onto the next steps and post back their logs

 

Thanks

 

Ok, before I do that should I enable my system to show hidden files as I forgot to do that?

Share this post


Link to post
Share on other sites

I notice you have some games that may have come with Pando Media once the games are installed and running you can uninstall that software as it is not needed to play games. It is used for Peer2Peer for installing, updating other computers using your computers resources.

Products like this are not really needed for your computer and can potentially cause harm if using the Registry Cleaning portion of the tool.

TuneUp Utilities 2012

Do I need a Windows Registry Cleaner?

I noticed you have Game Booster 3 installed.

The company behind this product was found to be stealing our database.

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

There are some other items that I probably would not run on my own computer but that does not make them malware or a threat, just a personal preference of my own. If you want to look at stopping or removing some other items please let me know.

How is the computer running now in general?

Share this post


Link to post
Share on other sites

Hello. PC is/has been running fine. I just needed help in making sure my PC is malware-free so I can recover my game account and change all my passwords without this hacker getting back into them, you have provided this help for which I am grateful. All these anti-malware scanners have picked up nothing so do you feel it is safe to do so now? Also, would it be OK for me to uninstall/delete all these new files and programmes that I have downloaded or should I keep them?

 

Pando Media - I believe I have already uninstalled this as I found it slowed my PC down quite a lot.

 

TuneUp Utilities 2012 - My dad downloaded this a while ago to clean up my PC or something, I don't really know what it does and have never used it myself. If you feel it would be best to uninstall it, I shall do so.

 

Game Booster 3 - I have been using this programme when I play games as it seems to help them run better. I had no idea about their history with Malwarebytes until now. After reading those links I will gladly uninstall this. Are there any other "game boosting" programmes that you could recommend?

 

Any other programmes or items that you think should not be on my PC please let me know. Thank you so much for you help, I will try and recover my game account and change all my passwords tomorrow if you think it's safe to do so. If I get hacked again, I shall come back and request more help. Thanks again AdvancedSetup!

Share this post


Link to post
Share on other sites

Ok thanks. Could you also let me know if it's safe to uninstall/remove/delete ERUNT, RogueKiller, JRT, AdwCleaner, ESET and FRST? I will keep them for now in case I get hacked again, but once I see this hacker isn't getting my passwords anymore I would like to remove them if that's OK? I still have my Malwarebytes for scans which will be kept and regularly updated along with AVG.

 

 

Also, before I posted this thread I did a Malwarebytes scan which found and removed about 20 files called "PUP.VShareRedir" as I stated in my original post. What does "PUP.VShareRedir" do, and would it be the reason someone managed to keep getting my passwords?

 

Thanks.

Share this post


Link to post
Share on other sites

Recovered my account earlier today and within an hour I've lost it again. All those scans I've done that have picked up nothing and this guy is still getting my passwords... I don't know what to do.

Share this post


Link to post
Share on other sites

Sorry for double post, I dont know how to edit my previous post but I think I may have worked out how he is getting my passwords. I'll try sort it out myself and if it doesn't work I'll let you know. Thanks.

Share this post


Link to post
Share on other sites

Okay - let me know if you need further assistance otherwise here are some cleanup instructions.

 

 

Please click on START and type in COMBOFIX.EXE  /UNINSTALL

 

That will remove combofix and reset some default settings back to normal.

 

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

 

 

Then read the following when you have time.

 

Best Practices for Safe Computing - Prevention of Malware Infection

 

 

If you have any other questions please let me know.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.