Involuntary Downloading of Hidden Files

[PeregrineKodiak]

Hello,

 

There are gigabytes of space disappearing from my C drive everyday. I can't find where this information is being stored, and there are no pop-ups to clue me in.

 

Also, on my D drive, new folders with long incoherent names are appearing every day. I can't delete them, and I'm afraid to open them.

 

I've been getting lots of automatic Windows updates, which make my computer restart, but when it tries to restart, it always gets hung up trying to update one file.

 

The last thing is that the computer seems to be turning itself on at 3 am to download - even though its closed (its a laptop).

 

These problems are making my computer so slow, and constantly running hard, and hot, with the fan always blowing. I ran Malwarebytes and it found a Real Player item, which it supposedly removed, but even so, nothing is improved at all.

 

Can you help me?

 

Thank you!

[Maniac]

Hello PeregrineKodiak! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[PeregrineKodiak]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 1.6.0_18
Run by Free Bird at 8:45:48 on 2013-08-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2255 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\AllChars\AllChars.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\DELL\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "C:\Users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HLBackupScheduler] C:\Program Files\Verizon Cloud\V CAST Backup Scheduler.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\FREEBI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\FREEBI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AllChars.lnk - C:\Program Files (x86)\AllChars\AllChars.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Save the YouTube video as MP3 - C:\Users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30229B51-6BC5-4D5A-81BB-C7FC8F69C826} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{858B84A8-F1E7-49BB-93AC-C690F586E259} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{858B84A8-F1E7-49BB-93AC-C690F586E259}\2656C6B696E6E2432663 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{858B84A8-F1E7-49BB-93AC-C690F586E259}\7586F6C65664F6F64637D41627B65647 : DHCPNameServer = 172.16.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"



x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.boutell.com/newfaq/browser/homepage.html
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; C:\Users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-3 55280]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-3-17 517632]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-3 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-16 220672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2013-5-6 29696]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2013-5-6 36864]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgvzandnetndis64.sys [2013-7-6 94208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-21 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-08-17 22:22:42    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-15 16:14:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-15 16:14:00    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-14 22:20:56    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58:01    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 01:58:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 01:58:01    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 01:58:01    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 01:58:01    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 01:58:01    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-14 01:58:01    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 01:58:00    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-08 05:46:37    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46:21    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46:02    42776    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-08-05 15:54:53    --------    d-----w-    C:\ProgramData\Verizon
2013-08-05 15:54:52    --------    d-----w-    C:\Users\Free Bird\AppData\Local\Backup Assistant Plus
2013-08-05 15:54:30    57344    ----a-w-    C:\Windows\SysWow64\ff_vfw.dll
2013-08-05 15:54:29    60273    ----a-w-    C:\Windows\SysWow64\pthreadGC2.dll
2013-08-05 15:54:27    --------    d-----w-    C:\Program Files (x86)\ffdshow
2013-08-05 15:48:41    --------    d-----w-    C:\LGMobileUpgrade
2013-08-05 15:47:44    --------    d-----w-    C:\Program Files (x86)\LG Electronics
2013-08-05 15:45:27    5474304    ----a-w-    C:\Users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.11.1.msi
2013-08-05 15:45:23    98304    ----a-w-    C:\Users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45:23    24576    ----a-w-    C:\Users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45:18    1347584    ----a-w-    C:\Users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-08-05 15:44:56    98304    ----a-r-    C:\Users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\F\LGUTchkdl.dll
2013-08-05 15:44:56    24576    ----a-r-    C:\Users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\F\LGEUSBAutorun.dll
2013-07-25 02:28:11    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-25 02:27:52    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-25 02:27:26    42776    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-25 02:27:16    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-23 21:12:40    --------    d-----w-    C:\Users\Free Bird\AppData\Local\PowerDVD DX
.
==================== Find3M  ====================
.
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 16:13:00    94208    ----a-w-    C:\Windows\System32\drivers\lgvzandnetndis64.sys
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-25 08:03:34    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-12 16:20:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 16:20:23    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH:  8:46:29.91 ===============
 

[PeregrineKodiak]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/6/2010 10:29:25 PM
System Uptime: 8/20/2013 6:58:52 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 08CNC9
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | U2E1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 4.044 GiB free.
D: is FIXED (NTFS) - 230 GiB total, 111.102 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Deskjet 3050A J611 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: Deskjet 3050A J611 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID:
Description: Photosmart Plus B210 series
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer:
Name: Photosmart Plus B210 series
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
==== System Restore Points ===================
.
RP694: 8/19/2013 10:02:14 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.7)
Adobe Widget Browser
Advanced Audio FX Engine
AllChars 4.0.321
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2013
ATT-RC Self Support Tool
Audacity 1.3.12 (Unicode)
Avery Template
Banctec Service Agreement
Bing Bar
BlackBerry Desktop Software 5.0
BlackBerry Desktop Software 6.0
BlackBerry® Media Sync
Bonjour
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Complete Care Business Service Agreement
Complete Care Consumer Service Agreement
Consumer In-Home Service Agreement
Copy
Cozi
Dell Communications (Support Software)
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DJ_AIO_03_F4200_Software_Min
Doxillion Document Converter
Express Burn Disc Burning Software
F4200
Facebook Video Calling 1.2.0.287
ffdshow [rev 2527] [2008-12-19]
Free M4a to MP3 Converter 7.1
Free YouTube to MP3 Converter Studio 7.3
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
GPL Ghostscript
HP Customer Participation Program 13.0
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java 6 Update 16 (64-bit)
Java 6 Update 18
Junk Mail filter update
LG VZW United Drivers
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MixPad Audio Mixer
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Network64
OpenOffice.org 3.2
PowerDVD DX
PS_AIO_06_B209a-m_SW_Min
QualXServ Service Agreement
Quickset64
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Burn
Scan
Scribus 1.4.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
SoulSeek 157 NS 13e
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualDJ Home FREE
VirtualDJ PRO Full
WavePad Sound Editor
WebReg
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zipeg
.
==== Event Viewer Messages From Past Week ========
.
8/20/2013 8:09:18 AM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
8/20/2013 8:09:18 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
8/20/2013 8:09:18 AM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
8/16/2013 9:57:04 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  Not enough storage is available to complete this operation.
8/16/2013 9:42:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628).
8/16/2013 9:06:07 AM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-CodeIntegrity/Operational.
8/15/2013 3:00:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628).
8/14/2013 5:11:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 for x64-based Systems (KB2862966).
8/14/2013 5:10:38 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-CodeIntegrity/Operational.
8/14/2013 5:09:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2862772).
8/14/2013 5:09:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 for x64-based Systems (KB2863058).
8/14/2013 5:09:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642).
8/14/2013 3:02:42 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/14/2013 3:02:42 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

[PeregrineKodiak]

...I was reading the directions you linked to me... am I supposed to start a new topic, or is this the topic we're working from?

 

Thank you!

[Maniac]

This is your topic.

Step 1

Please uninstall this application: SoulSeek 157 NS 13e

Step 2

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

• Download on the desktop RogueKiller
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
• RogueKiller log

[PeregrineKodiak]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Free Bird :: FREEBIRD-PC [administrator]

8/20/2013 9:53:51 AM
mbam-log-2013-08-20 (09-53-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296514
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[PeregrineKodiak]

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Free Bird [Admin rights]
Mode : Scan -- Date : 08/20/2013 10:13:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\RunOnce : Del60401013 (cmd.exe /Q /D /c del "C:\Users\FREEBI~1\AppData\Local\Temp\0.del" [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2374328083-628559870-3858990220-1000\[...]\RunOnce : Del60401013 (cmd.exe /Q /D /c del "C:\Users\FREEBI~1\AppData\Local\Temp\0.del" [x][x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del60401013 (cmd.exe /Q /D /c del "C:\Users\FREEBI~1\AppData\Local\Temp\0.del" [x][x]) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] TopArcadeHits.job : C:\Users\Free Bird\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND
[V1][sUSP PATH] DSite.job : C:\Users\FREEBI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][sUSP PATH] DSite : C:\Users\FREEBI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][sUSP PATH] TopArcadeHits : C:\Users\Free Bird\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++
--- User ---
[MBR] 4fe7362a5c7f0e7e03d10d95c23fa0f4
[bSP] 8fb5f825e3fff5a0332dbf7838ed38cf : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 10000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20686848 | Size: 60000 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143566848 | Size: 235143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08202013_101334.txt >>



 

[PeregrineKodiak]

When I was downloading Rogue Killer - I accidentally clicked the wrong download button and downloaded "Open It" - now, even though I didn't select this, I have AVG as my homescreen and search bar. I'd rather have Google like I did before. How can I change that back? Sorry to create more issues...

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 3

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 4

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• ESET Online Scanner log

[PeregrineKodiak]

Re: "Shut down protection software" -

 

As far as I know, I don't have protection software. I would like some, but I'm not sure which is the best program - and the most affordable.

[Maniac]

We will talk about that at the end of the cleaning process.

[PeregrineKodiak]

OK - also, I didn't let Rogue Killer clean the items it found. Was I supposed to? I still have the program open. Thank you.

[Maniac]

No, do not fix anything, just close it.

[PeregrineKodiak]

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\dsite.job
Successfully deleted: [File] C:\Windows\Tasks\toparcadehits.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\Users\Free Bird\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Free Bird\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files (x86)\openit"
Successfully deleted: [Folder] "C:\Users\Free Bird\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"



~~~ FireFox

Successfully deleted: [File] C:\Users\Free Bird\AppData\Roaming\mozilla\firefox\profiles\eciapt2f.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\Free Bird\AppData\Roaming\mozilla\firefox\profiles\eciapt2f.default\prefs.js


Emptied folder: C:\Users\Free Bird\AppData\Roaming\mozilla\firefox\profiles\eciapt2f.default\minidumps [80 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 10:32:37.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[PeregrineKodiak]

# AdwCleaner v3.000 - Report created 20/08/2013 at 10:38:52
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Free Bird - FREEBIRD-PC
# Running from : C:\Users\Free Bird\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\ProgramData\InstallMate
Folder Found C:\Users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660



-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Free Bird\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3145 octets] - [20/08/2013 10:38:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3205 octets] ##########
 

[PeregrineKodiak]

"Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean"

 

In the AdwCleaner Program, I should hit "clean" before I reboot, yes? And let it clear off all of the items it found?

[Maniac]

Read more carefully my instructions:

Double click on AdwCleaner.exe to run the tool.

Click on Delete.

[PeregrineKodiak]

# AdwCleaner v3.000 - Report created 20/08/2013 at 10:53:42
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Free Bird - FREEBIRD-PC
# Running from : C:\Users\Free Bird\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Free Bird\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [3289 octets] - [20/08/2013 10:38:52]
AdwCleaner[R1].txt - [3349 octets] - [20/08/2013 10:53:11]
AdwCleaner[s0].txt - [3226 octets] - [20/08/2013 10:53:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3286 octets] ##########
 

[PeregrineKodiak]

C:\Users\Free Bird\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\Free Bird\Downloads\m4a-to-mp3-converter.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Free Bird\Downloads\youtube-to-mp3-converter.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Windows\Installer\10b98abc.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
D:\Admin\ProgramLoaderThingees\U_0087_01_P.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
D:\Admin\ProgramLoaderThingees\youtube-to-mp3-converter.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
 

[Maniac]

How are things now?

[PeregrineKodiak]

Things are good. Fast. The fan has stopped and the computer's nice and cool.

 

I still have a bunch of weird files on my D drive with names like "5eecb1aa3cd50677ffb8ff13d50976" and "ffe970c4486db73ff501c652e539e5b8" that I can't delete because I "have no access" to them. They're locked.

 

I think I still have something like this on my C drive too, because there seem to be several gigabytes unaccounted for - somewhere in my C drive. It seems like, somewhere, a bunch of information is vaulted in my computer, just for the sake of taking up space. Is that possible? I know I freed up 8 gigs on my C drive on Saturday - and by Monday, there were only 4 left. Now there are 5, but still, where did those other 3 go?

 

Thank you!

[PeregrineKodiak]

Here we go - at 3am, my laptop, which was closed, turned itself on and created a new folder in my D drive. The name of this folder is "018ac5748e3a0dfe1dab". So it's still doing this strange thing. What could it be? Also, another half a gigabyte has disappeared from my C drive. Bummer.

[Maniac]

What is the content of one of these folders? Is the same as the others?

[PeregrineKodiak]

I can't open or delete these folders. They are locked. When I click on them, it says "You don't currently have access to this folder. Click OK for permanent access to this folder." These folders have been appearing every night at 3 am for a week, though I notice three other that have dates prior months. I think there are other folders hidden throughout my computer because I'm losing space.