Jump to content

Windows 7 Ultimate high load when idle


Recommended Posts

Hello everyone that is willing to help :D

Last couple of days a problem has occurred: when playing games on Windows 7 64bit (NBA, FIFA..) I have used PS2 joysticks with a convertor for gaming for over a year and they played perfectly smooth, and recently out of nowhere, no updates or nothing, game stutters have appeared until I press a button on a wireless keyboard (generic Logitech keyboard and mouse combo)... I came to this conclusion by accident, and after the key press game runs smooth again for a while, and the stutter returns... Same thing happenes even if I just leave my PC and screensaver goes on..

So far I have tried rebooting the PC and unplugging and plugging back in again both the keyboard and PS2 joystick converter from the USB slots with no results, disabling screensaver and disabling idle AV scanning and still nothing!.

Anyone has any ideas what could cause this problem, and how to figure out the soultion?

Cheers for any kind of help you guys! :D

 

dds.txt

attach.txt

Link to post
Share on other sites

DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.45.2
Run by Gosa at 20:16:01 on 2014-01-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8174.6210 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\SVP\SVPMgr.exe
C:\Users\Gosa\AppData\Roaming\PotPlayerMini\winlogs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Waterfox\waterfox.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [sVPMgr] C:\Program Files (x86)\SVP\SVPMgr.exe
uRun: [Keyboard Inf.] C:\Users\Gosa\AppData\Roaming\PotPlayerMini\winlogs.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\19a2c847-77c2-4547-bce2-da8e76d2a624.exe /check
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{DE13BDCA-9A5A-4216-9064-C77EDA7FD9A4} : DHCPNameServer = 89.216.1.40 89.216.1.50
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-3-27 30000]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-5-12 54064]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-5-24 172888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-5-31 218880]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-11 701512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-5-25 27992]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-11 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-23 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-4 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-15 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-3-15 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-15 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-15 1255736]
.
=============== Created Last 30 ================
.
2014-01-11 15:06:23    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-11 15:06:22    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-11 13:56:32    --------    d-----w-    C:\Users\Gosa\AppData\Roaming\Logishrd
2014-01-11 12:08:12    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2014-01-11 12:07:55    --------    d-----w-    C:\Intel
2014-01-10 15:45:16    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43D773D2-76E6-411D-9A4F-C9B3B2756A40}\mpengine.dll
2014-01-03 21:43:02    --------    d-----w-    C:\Program Files (x86)\Haali
2014-01-03 21:42:34    --------    d-----w-    C:\ProgramData\SVP 3.1
2014-01-03 21:15:40    47616    ----a-w-    C:\Windows\SysWow64\ff_acm.acm
2014-01-03 17:35:44    --------    d-----w-    C:\Program Files (x86)\Stick It To The Man!
2013-12-30 20:07:33    --------    d-----w-    C:\Users\Gosa\AppData\Local\Myst V End of Ages
2013-12-24 19:32:27    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-12-24 19:32:27    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-12-24 19:31:53    85336    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-12-24 19:24:54    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2013-12-24 17:27:01    --------    d-----w-    C:\ProgramData\HitmanPro
2013-12-24 16:50:40    --------    d-----w-    C:\Users\Gosa\AppData\Local\Secunia PSI
2013-12-21 12:10:52    --------    d-----w-    C:\ProgramData\Stardock
2013-12-17 18:48:32    --------    d-----w-    C:\Users\Gosa\AppData\Local\FANiSO
2013-12-15 15:22:43    --------    d-----w-    C:\DriveKey
2013-12-14 22:51:30    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-14 22:51:30    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-14 22:51:29    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-14 22:51:29    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
==================== Find3M  ====================
.
2013-12-10 16:47:01    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 16:47:01    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-05 18:12:25    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-12-05 18:12:25    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-12-05 18:12:25    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-12-05 18:12:25    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-11-19 02:33:38    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-25 06:19:22    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-25 06:17:57    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-24 17:45:32    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-24 17:42:20    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 20:16:31.05 ===============
 

ATTACH log:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2013 11:38:52 PM
System Uptime: 1/11/2014 7:46:48 PM (1 hours ago)
.
Motherboard: MSI |  | H61M-P22 (MS-7680)
Processor: Intel® Core i3-2100 CPU @ 3.10GHz | SOCKET 0 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 124.327 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP126: 1/11/2014 4:17:05 PM - Installed USB Dual Vibration Joystick
RP127: 1/11/2014 4:20:29 PM - Removed USB Dual Vibration Joystick
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
7stacks 1.5 beta 2
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Assassins Creed IV Black Flag
AviSynth 2.5
Broken Sword 5
Castle Crashers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CS-Source.v80
ffdshow v1.3.4515 [2013-06-12]
Foxit Reader
Haali Media Splitter
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Mortal Kombat Komplete Edition
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
NBA 2K14
NVIDIA PhysX
OpenAL
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Sherlock Holmes The Awakened - Remastered Edition
SmoothVideo Project version 3.1.5
Stick It To The Man!
Ubisoft Game Launcher
Uplay
VirtualCloneDrive
Waterfox 24.0 (x64 en-US)
.
==== Event Viewer Messages From Past Week ========
.
1/8/2014 8:39:49 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/8/2014 7:06:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/6/2014 6:06:57 PM, Error: Service Control Manager [7031]  - The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/6/2014 10:33:35 AM, Error: Service Control Manager [7031]  - The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Sorry for the delay but the site is quite busy lately.

 

Please run the following and post back the log.

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Cheers Advanced!! I've manually disabled Kaspersky before the scan as instructed.

Here is the Log:

 

ComboFix:

 

ComboFix 14-01-16.03 - Gosa 01/20/2014  22:20:28.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8174.6086 [GMT 1:00]
Running from: c:\users\Gosa\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-20 to 2014-01-20  )))))))))))))))))))))))))))))))
.
.
2014-01-20 21:24 . 2014-01-20 21:24    --------    d-----w-    c:\users\Gosa\AppData\Local\temp
2014-01-20 21:24 . 2014-01-20 21:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-20 18:53 . 2013-12-18 20:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 18:29 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5F40925-8F7E-44EF-AC87-8BE5F70E2581}\mpengine.dll
2014-01-16 21:23 . 2014-01-16 21:37    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-01-16 21:23 . 2014-01-16 21:37    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2014-01-15 20:40 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 15:59 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 15:59 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 15:59 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 15:59 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 15:59 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 15:59 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 15:59 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 15:59 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-13 17:48 . 2014-01-13 18:01    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-13 17:48 . 2014-01-13 17:48    117464    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-13 17:44 . 2014-01-13 17:46    --------    d-----w-    c:\program files\Malwarebytes Anti-Exploit
2014-01-13 17:44 . 2013-07-16 02:41    743248    ----a-w-    c:\windows\SysWow64\msvcp100d.dll
2014-01-13 17:44 . 2013-07-16 02:41    1858896    ----a-w-    c:\windows\system32\msvcr100d.dll
2014-01-13 17:44 . 2013-07-16 02:41    1498960    ----a-w-    c:\windows\SysWow64\msvcr100d.dll
2014-01-13 17:44 . 2013-07-16 02:41    1014096    ----a-w-    c:\windows\system32\msvcp100d.dll
2014-01-11 13:56 . 2014-01-11 13:56    --------    d-----w-    c:\users\Gosa\AppData\Roaming\Logitech
2014-01-11 13:56 . 2014-01-11 13:56    --------    d-----w-    c:\users\Gosa\AppData\Roaming\Logishrd
2014-01-11 12:08 . 2014-01-11 12:08    --------    d-----w-    c:\program files (x86)\Intel
2014-01-11 12:08 . 2013-08-05 10:50    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
2014-01-11 12:07 . 2014-01-11 12:07    --------    d-----w-    C:\Intel
2014-01-03 21:43 . 2014-01-03 21:43    --------    d-----w-    c:\users\Gosa\AppData\Roaming\Media Player Classic
2014-01-03 21:43 . 2014-01-03 21:43    --------    d-----w-    c:\program files (x86)\Haali
2014-01-03 21:42 . 2014-01-03 21:43    --------    d-----w-    c:\programdata\SVP 3.1
2014-01-03 21:15 . 2013-06-12 21:00    47616    ----a-w-    c:\windows\SysWow64\ff_acm.acm
2013-12-30 20:07 . 2013-12-30 21:23    --------    d-----w-    c:\users\Gosa\AppData\Local\Myst V End of Ages
2013-12-24 19:32 . 2013-12-24 19:32    --------    d-----w-    c:\program files\Windows Sidebar
2013-12-24 19:32 . 2014-01-20 21:09    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-12-24 19:32 . 2013-12-24 19:32    --------    d-----w-    c:\program files (x86)\Windows Sidebar
2013-12-24 19:32 . 2013-12-24 19:32    --------    d-----w-    c:\program files (x86)\Kaspersky Lab
2013-12-24 19:31 . 2012-05-29 14:55    85336    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-12-24 19:31 . 2012-05-29 14:55    640344    ----a-w-    c:\windows\system32\drivers\klif.sys
2013-12-24 19:24 . 2013-12-24 19:24    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2013-12-24 17:27 . 2013-12-24 17:34    --------    d-----w-    c:\programdata\HitmanPro
2013-12-24 16:50 . 2013-12-24 16:50    --------    d-----w-    c:\users\Gosa\AppData\Local\Secunia PSI
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 20:40 . 2013-07-04 21:37    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-12-10 16:47 . 2013-07-05 13:06    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 16:47 . 2013-07-05 13:06    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-05 18:12 . 2013-12-05 18:12    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-12-05 18:12 . 2013-12-05 18:12    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-12-05 18:12 . 2013-12-05 18:12    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-12-05 18:12 . 2013-12-05 18:12    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-11-23 18:26 . 2013-12-14 22:51    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-14 22:51    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-10 19:59    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 19:59    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-14 22:51    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-14 22:51    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-25 06:19 . 2013-12-11 02:01    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-11 02:01    2241536    ----a-w-    c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-11 02:01    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-11 02:01    19271168    ----a-w-    c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-11 02:01    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-11 02:01    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-11 02:01    3959808    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-11 02:01    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-10-25 06:17 . 2013-12-11 02:01    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-10-25 06:17 . 2013-12-11 02:01    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-10-25 06:17 . 2013-12-11 02:01    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-10-25 06:17 . 2013-12-11 02:01    2648576    ----a-w-    c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-11 02:01    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-10-25 06:17 . 2013-12-11 02:01    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-11 02:01    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-11 02:01    2877952    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-10-25 04:43 . 2013-12-11 02:01    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-10-25 04:43 . 2013-12-11 02:01    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-10-25 04:07 . 2013-12-11 02:02    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-25 03:41 . 2013-12-11 02:01    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-10-24 17:45 . 2013-10-24 17:45    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-24 17:45 . 2013-10-24 17:45    312744    ----a-w-    c:\windows\system32\javaws.exe
2013-10-24 17:45 . 2013-10-24 17:45    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-10-24 17:45 . 2013-10-24 17:45    189352    ----a-w-    c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPMgr"="c:\program files (x86)\SVP\SVPMgr.exe" [2013-07-15 942080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-05 16:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-55313982.sys
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1293378057-3215414277-1257973524-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2B5F58D-B1C6-217E-D5EC-CA5346EF9CA5}*]
"abceejjnfehaicmpmbkbhiglgclpckgmob"=hex:6a,61,66,6e,6b,69,64,64,70,6c,6f,6e,
   61,6f,65,69,61,68,6d,67,00,00
"bbieccnkbhfaojapapcdmnfbaiomnjfllmeh"=hex:6a,61,66,6e,6b,69,64,64,70,6c,6f,6e,
   61,6f,65,69,61,68,6d,67,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-20  22:25:51
ComboFix-quarantined-files.txt  2014-01-20 21:25
.
Pre-Run: 158,729,039,872 bytes free
Post-Run: 158,613,725,184 bytes free
.
- - End Of File - - 365966DC82D8C32EB34A5AD6F23027C2
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Unfortunately, SVP is not causing a problem. I see from your post above that there was a leakage problem with one of the versions, but I have the latest one and it is not giving me any troubles.

 

Are there any more scans that you could recommend me to run?

 

Cheers Advanced!

Link to post
Share on other sites

  • Root Admin

No problem, just wanted to try that before we moved on is all as it looked promising based on what you reported.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Gosa :: GOSA-PC [administrator]

1/21/2014 5:44:32 PM
mbar-log-2014-01-21 (17-44-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 221612
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Gosa on Tue 01/21/2014 at 17:59:37.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/21/2014 at 18:04:07.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner

 

# AdwCleaner v3.017 - Report created 21/01/2014 at 18:11:18
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gosa - GOSA-PC
# Running from : C:\Users\Gosa\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v

[ File : C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [743 octets] - [21/01/2014 18:08:06]
AdwCleaner[s0].txt - [665 octets] - [21/01/2014 18:11:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [724 octets] ##########
 

MBAM

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Gosa :: GOSA-PC [administrator]

Protection: Disabled

1/21/2014 6:19:11 PM
mbam-log-2014-01-21 (18-19-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207852
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

ESET

 

C:\Mark of ninja\bin\steam_api.dll    a variant of Win32/Packed.VMProtect.ABD trojan
C:\Program Files (x86)\Assassins Creed IV Black Flag\steam_api.dll    a variant of Win32/HackTool.Crack.BL application
C:\Program Files (x86)\Assassins Creed IV Black Flag\uplay_r1.dll    Win32/HackTool.Crack.BT application
C:\Program Files (x86)\Mortal Kombat Komplete Edition\DiscContentPC\steam_api.dll    Win32/HackTool.Crack.BQ application
 

FARBAR - FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Gosa (administrator) on GOSA-PC on 21-01-2014 19:02:01
Running from C:\Users\Gosa\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Windows\vsnpstd3.exe
() C:\Program Files (x86)\SVP\SVPMgr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [sVPMgr] - C:\Program Files (x86)\SVP\SVPMgr.exe [942080 2013-07-15] ()
HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x03F9AE7AFF78CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\donottrackplus@abine.com [2014-01-03]
FF Extension: LastPass - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\support@lastpass.com [2013-07-05]
FF Extension: Magic Actions for YouTube™ - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013-07-30]
FF Extension: Referrer Control - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\referrercontrol@qixinglu.com.xpi [2013-12-25]
FF Extension: Google Translator for Firefox - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\translator@zoli.bod.xpi [2013-09-11]
FF Extension: Adblock Plus - C:\Users\Gosa\AppData\Roaming\Mozilla\Firefox\Profiles\xzxfr6lf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-05]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基网址顾问 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-12-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 安全键盘 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-12-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: 反广告 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-12-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: 安全支付 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-12-24]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab)
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 19:02 - 2014-01-21 19:02 - 00010690 _____ C:\Users\Gosa\Downloads\FRST.txt
2014-01-21 19:01 - 2014-01-21 19:01 - 00000000 ____D C:\FRST
2014-01-21 19:00 - 2014-01-21 19:00 - 00000422 _____ C:\Users\Gosa\Desktop\eset.txt
2014-01-21 18:49 - 2014-01-21 18:49 - 02077184 _____ (Farbar) C:\Users\Gosa\Downloads\FRST64.exe
2014-01-21 18:23 - 2014-01-21 18:23 - 02347384 _____ (ESET) C:\Users\Gosa\Downloads\esetsmartinstaller_enu.exe
2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-21 18:17 - 2014-01-21 18:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gosa\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 18:17 - 2014-01-21 18:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 18:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 18:15 - 2014-01-21 18:15 - 00000803 _____ C:\Users\Gosa\Desktop\AdwCleaner[s0].txt
2014-01-21 18:09 - 2014-01-21 18:09 - 00000743 _____ C:\Users\Gosa\Desktop\AdwCleaner[R0].txt
2014-01-21 18:07 - 2014-01-21 18:11 - 00000000 ____D C:\AdwCleaner
2014-01-21 18:07 - 2014-01-21 18:07 - 01236282 _____ C:\Users\Gosa\Desktop\AdwCleaner.exe
2014-01-21 18:04 - 2014-01-21 18:11 - 00000838 _____ C:\Users\Gosa\Desktop\JRT.txt
2014-01-21 17:59 - 2014-01-21 17:59 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 17:58 - 2014-01-21 17:58 - 01037068 _____ (Thisisu) C:\Users\Gosa\Downloads\JRT.exe
2014-01-21 17:43 - 2014-01-21 17:43 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Gosa\Downloads\mbar-1.07.0.1008.exe
2014-01-21 17:43 - 2014-01-21 17:43 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 17:43 - 2014-01-21 17:43 - 00000000 ____D C:\Users\Gosa\Desktop\mbar
2014-01-20 22:25 - 2014-01-20 22:25 - 00013267 _____ C:\ComboFix.txt
2014-01-20 22:19 - 2014-01-20 22:25 - 00000000 ____D C:\Qoobox
2014-01-20 22:19 - 2014-01-20 22:24 - 00000000 ____D C:\Windows\erdnt
2014-01-20 22:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-20 22:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-20 22:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-20 22:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-20 22:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-20 22:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-20 22:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-20 22:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 22:18 - 2014-01-20 22:18 - 05167985 ____R (Swearware) C:\Users\Gosa\Desktop\ComboFix.exe
2014-01-20 19:53 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-20 19:53 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-20 19:53 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-20 19:53 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-20 19:52 - 2014-01-20 19:53 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 21:32 - 2014-01-19 22:26 - 00000000 ____D C:\Users\Gosa\Downloads\Life.As.A.House.2001.DVDRip.DivX.AC3
2014-01-19 21:29 - 2014-01-19 21:35 - 00000000 ____D C:\Users\Gosa\Downloads\Midsummer Night's Dream, A (1999)
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Users\Gosa\Downloads\The.Hunger.Games.Catching.Fire.2013.IMAX.EDITION.1080p.BluRay.x264-PublicHD
2014-01-17 16:39 - 2014-01-17 16:39 - 00023388 _____ C:\Users\Gosa\Documents\cc_20140117_163920.reg
2014-01-16 22:34 - 2014-01-16 22:42 - 00000000 ____D C:\Users\Gosa\Downloads\The.Secrets.of.Da.Vinci.The.Forbidden.Manuscript.+Crack
2014-01-16 22:23 - 2014-01-16 22:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 22:23 - 2014-01-16 22:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-15 21:40 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:59 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:59 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 19:17 - 2014-01-14 19:17 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me! - Transgender Dysphoria Blues [2014]
2014-01-14 19:16 - 2014-01-15 18:18 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me!
2014-01-13 22:13 - 2014-01-13 22:19 - 00000000 ____D C:\Users\Gosa\Downloads\Lord.of.War.2005.DVD5.720p.BluRay.x264-REVEiLLE
2014-01-13 18:48 - 2014-01-21 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-13 18:44 - 2014-01-13 18:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-13 18:44 - 2013-07-16 03:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-01-13 18:44 - 2013-07-16 03:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll
2014-01-13 18:44 - 2013-07-16 03:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2014-01-13 18:44 - 2013-07-16 03:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logitech
2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logishrd
2014-01-11 13:08 - 2014-01-11 13:08 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-11 13:08 - 2013-08-05 11:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-01-11 13:07 - 2014-01-11 13:07 - 00000000 ____D C:\Intel
2014-01-09 17:27 - 2014-01-10 17:16 - 00000000 ____D C:\Users\Gosa\Downloads\Captain.Phillips.2013.1080p.BluRay.X264-AMIABLE
2014-01-07 00:08 - 2014-01-07 00:11 - 00000000 ____D C:\Users\Gosa\Downloads\The.Raid.Redemption.2011.1080p.MKV.AC3.DTS.HQ.Eng.NL.Subs
2014-01-06 12:40 - 2014-01-06 21:08 - 2746389422 _____ C:\Users\Gosa\Downloads\the.spectacular.now.2013-sparks.mkv
2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Media Player Classic
2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Program Files (x86)\Haali
2014-01-03 22:42 - 2014-01-03 22:43 - 00000000 ____D C:\ProgramData\SVP 3.1
2014-01-03 22:15 - 2013-06-12 22:00 - 00047616 _____ C:\Windows\SysWOW64\ff_acm.acm
2013-12-30 21:07 - 2013-12-30 22:23 - 00000000 ____D C:\Users\Gosa\AppData\Local\Myst V End of Ages
2013-12-30 21:00 - 2013-12-30 23:26 - 00000000 _____ C:\Windows\vpd.properties
2013-12-24 20:32 - 2014-01-21 18:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-24 20:31 - 2012-05-29 15:55 - 00640344 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-12-24 20:31 - 2012-05-29 15:55 - 00085336 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2013-12-24 18:27 - 2013-12-24 18:34 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-24 17:58 - 2014-01-21 18:12 - 00422758 _____ C:\Windows\PFRO.log
2013-12-24 17:50 - 2013-12-24 17:50 - 00000000 ____D C:\Users\Gosa\AppData\Local\Secunia PSI

==================== One Month Modified Files and Folders =======

2014-01-21 19:02 - 2014-01-21 19:02 - 00010690 _____ C:\Users\Gosa\Downloads\FRST.txt
2014-01-21 19:01 - 2014-01-21 19:01 - 00000000 ____D C:\FRST
2014-01-21 19:00 - 2014-01-21 19:00 - 00000422 _____ C:\Users\Gosa\Desktop\eset.txt
2014-01-21 18:49 - 2014-01-21 18:49 - 02077184 _____ (Farbar) C:\Users\Gosa\Downloads\FRST64.exe
2014-01-21 18:23 - 2014-01-21 18:23 - 02347384 _____ (ESET) C:\Users\Gosa\Downloads\esetsmartinstaller_enu.exe
2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-21 18:20 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 18:20 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 18:18 - 2009-07-14 06:13 - 00752568 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 18:17 - 2014-01-21 18:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gosa\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 18:17 - 2014-01-21 18:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 18:17 - 2013-07-05 07:32 - 01458097 _____ C:\Windows\WindowsUpdate.log
2014-01-21 18:15 - 2014-01-21 18:15 - 00000803 _____ C:\Users\Gosa\Desktop\AdwCleaner[s0].txt
2014-01-21 18:13 - 2013-12-24 20:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-21 18:12 - 2013-12-24 17:58 - 00422758 _____ C:\Windows\PFRO.log
2014-01-21 18:12 - 2013-12-11 03:20 - 00005354 _____ C:\Windows\setupact.log
2014-01-21 18:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 18:11 - 2014-01-21 18:07 - 00000000 ____D C:\AdwCleaner
2014-01-21 18:11 - 2014-01-21 18:04 - 00000838 _____ C:\Users\Gosa\Desktop\JRT.txt
2014-01-21 18:10 - 2013-07-17 21:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 18:09 - 2014-01-21 18:09 - 00000743 _____ C:\Users\Gosa\Desktop\AdwCleaner[R0].txt
2014-01-21 18:07 - 2014-01-21 18:07 - 01236282 _____ C:\Users\Gosa\Desktop\AdwCleaner.exe
2014-01-21 17:59 - 2014-01-21 17:59 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 17:58 - 2014-01-21 17:58 - 01037068 _____ (Thisisu) C:\Users\Gosa\Downloads\JRT.exe
2014-01-21 17:58 - 2014-01-13 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 17:43 - 2014-01-21 17:43 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Gosa\Downloads\mbar-1.07.0.1008.exe
2014-01-21 17:43 - 2014-01-21 17:43 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 17:43 - 2014-01-21 17:43 - 00000000 ____D C:\Users\Gosa\Desktop\mbar
2014-01-20 22:25 - 2014-01-20 22:25 - 00013267 _____ C:\ComboFix.txt
2014-01-20 22:25 - 2014-01-20 22:19 - 00000000 ____D C:\Qoobox
2014-01-20 22:25 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-20 22:24 - 2014-01-20 22:19 - 00000000 ____D C:\Windows\erdnt
2014-01-20 22:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-20 22:18 - 2014-01-20 22:18 - 05167985 ____R (Swearware) C:\Users\Gosa\Desktop\ComboFix.exe
2014-01-20 22:17 - 2013-07-04 23:09 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\uTorrent
2014-01-20 19:53 - 2014-01-20 19:52 - 00005146 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 19:53 - 2013-10-24 18:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-20 19:53 - 2013-09-26 18:01 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 22:26 - 2014-01-19 21:32 - 00000000 ____D C:\Users\Gosa\Downloads\Life.As.A.House.2001.DVDRip.DivX.AC3
2014-01-19 22:13 - 2013-07-11 20:01 - 00000000 ____D C:\Program Files (x86)\CS-Source
2014-01-19 21:35 - 2014-01-19 21:29 - 00000000 ____D C:\Users\Gosa\Downloads\Midsummer Night's Dream, A (1999)
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Users\Gosa\Downloads\The.Hunger.Games.Catching.Fire.2013.IMAX.EDITION.1080p.BluRay.x264-PublicHD
2014-01-17 16:39 - 2014-01-17 16:39 - 00023388 _____ C:\Users\Gosa\Documents\cc_20140117_163920.reg
2014-01-16 22:42 - 2014-01-16 22:34 - 00000000 ____D C:\Users\Gosa\Downloads\The.Secrets.of.Da.Vinci.The.Forbidden.Manuscript.+Crack
2014-01-16 22:37 - 2014-01-16 22:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 22:37 - 2014-01-16 22:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-16 16:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-16 16:51 - 2009-07-14 05:45 - 00267240 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 21:42 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 21:40 - 2013-07-04 22:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:18 - 2014-01-14 19:16 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me!
2014-01-14 19:17 - 2014-01-14 19:17 - 00000000 ____D C:\Users\Gosa\Downloads\Against Me! - Transgender Dysphoria Blues [2014]
2014-01-13 22:19 - 2014-01-13 22:13 - 00000000 ____D C:\Users\Gosa\Downloads\Lord.of.War.2005.DVD5.720p.BluRay.x264-REVEiLLE
2014-01-13 18:46 - 2014-01-13 18:44 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-11 16:20 - 2013-07-04 22:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logitech
2014-01-11 14:56 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Logishrd
2014-01-11 13:08 - 2014-01-11 13:08 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-11 13:07 - 2014-01-11 13:07 - 00000000 ____D C:\Intel
2014-01-10 17:16 - 2014-01-09 17:27 - 00000000 ____D C:\Users\Gosa\Downloads\Captain.Phillips.2013.1080p.BluRay.X264-AMIABLE
2014-01-07 00:11 - 2014-01-07 00:08 - 00000000 ____D C:\Users\Gosa\Downloads\The.Raid.Redemption.2011.1080p.MKV.AC3.DTS.HQ.Eng.NL.Subs
2014-01-06 21:08 - 2014-01-06 12:40 - 2746389422 _____ C:\Users\Gosa\Downloads\the.spectacular.now.2013-sparks.mkv
2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Media Player Classic
2014-01-03 22:43 - 2014-01-03 22:43 - 00000000 ____D C:\Program Files (x86)\Haali
2014-01-03 22:43 - 2014-01-03 22:42 - 00000000 ____D C:\ProgramData\SVP 3.1
2014-01-03 22:43 - 2013-07-04 23:31 - 00000000 ____D C:\Program Files (x86)\SVP
2014-01-03 22:15 - 2013-07-04 23:33 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-12-30 23:26 - 2013-12-30 21:00 - 00000000 _____ C:\Windows\vpd.properties
2013-12-30 23:26 - 2013-08-04 10:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-30 22:23 - 2013-12-30 21:07 - 00000000 ____D C:\Users\Gosa\AppData\Local\Myst V End of Ages
2013-12-30 21:06 - 2013-12-17 17:54 - 00001163 _____ C:\Windows\DirectX.log
2013-12-30 21:06 - 2013-11-15 21:51 - 00000000 ____D C:\Users\Gosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 16:22 - 2013-12-09 17:44 - 00000010 _____ C:\Windows\popcinfo.dat
2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-12-24 20:32 - 2013-12-24 20:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-24 20:26 - 2013-07-04 22:51 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-24 18:34 - 2013-12-24 18:27 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-24 18:14 - 2013-07-05 17:38 - 00000000 ____D C:\Program Files\Waterfox
2013-12-24 17:50 - 2013-12-24 17:50 - 00000000 ____D C:\Users\Gosa\AppData\Local\Secunia PSI
2013-12-23 21:42 - 2013-07-07 13:48 - 00000000 ____D C:\Users\Gosa\AppData\Local\SKIDROW

Some content of TEMP:
====================
C:\Users\Gosa\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-20 20:22

==================== End Of Log ============================

 

FARBAR - ADDITION

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by Gosa at 2014-01-21 19:02:30
Running from C:\Users\Gosa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

7stacks 1.5 beta 2 (x32 Version: 1.4.24 - Alastria Software)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Assassins Creed IV Black Flag (x32 Version: 1 - )
AviSynth 2.5 (x32 Version:  - )
Broken Sword 5 (x32 Version:  - Release Date: 4 Dec 2013)
Castle Crashers (x32 Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CS-Source.v80 (x32 Version: v.80 - Valve Corporation)
ffdshow v1.3.4515 [2013-06-12] (x32 Version: 1.3.4515.0 - )
Foxit Reader (x32 Version: 6.0.5.618 - Foxit Corporation)
Haali Media Splitter (x32 Version:  - )
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mortal Kombat Komplete Edition (x32 Version:  - Warner Bros)
Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla)
NBA 2K14 (x32 Version: 1.0.0 - 2K Sports)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
Realtek Ethernet Controller Driver (x32 Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Sherlock Holmes The Awakened - Remastered Edition (x32 Version:  - )
SmoothVideo Project version 3.1.5 (x32 Version: 3.1.5 - SVP)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Uplay (x32 Version: 4.0 - Ubisoft)
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
Waterfox 24.0 (x64 en-US) (Version: 24.0 - Mozilla)

==================== Restore Points  =========================

15-01-2014 20:40:17 Windows Update
20-01-2014 18:52:00 Installed Java 7 Update 51
21-01-2014 16:50:50 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7BD934C1-6A18-4910-8C8F-D5B9E5BD8BAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-10 17:47 - 2013-12-10 17:47 - 22332808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll
2012-05-31 18:58 - 2012-05-31 18:58 - 00072632 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
2012-05-31 18:57 - 2012-05-31 18:57 - 01305016 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2014 06:23:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/21/2014 06:14:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/21/2014 06:23:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gosa\Downloads\esetsmartinstaller_enu.exe

Error: (01/21/2014 06:14:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8173.95 MB
Available physical RAM: 5990.91 MB
Total Pagefile: 16346.08 MB
Available Pagefile: 13906.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:193.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 13D08EC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator" then type in the following exactly and press the Enter key and it will create a file on your desktop named MyTasks.txt  - please attach that file to your next reply.

TASKLIST >%USERPROFILE%\Desktop\MyTasks.txt

Thanks

Link to post
Share on other sites

MyTasks

 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0      1,192 K
smss.exe                       372 Services                   0      1,196 K
csrss.exe                      576 Services                   0      4,920 K
wininit.exe                    648 Services                   0      4,660 K
csrss.exe                      668 Console                    1     27,052 K
services.exe                   704 Services                   0     12,700 K
lsass.exe                      720 Services                   0     10,696 K
lsm.exe                        732 Services                   0      4,560 K
winlogon.exe                   776 Console                    1      8,012 K
svchost.exe                    900 Services                   0      9,912 K
svchost.exe                    980 Services                   0      7,988 K
atiesrxx.exe                   352 Services                   0      4,316 K
svchost.exe                    556 Services                   0     22,004 K
svchost.exe                    840 Services                   0    229,736 K
svchost.exe                   1028 Services                   0     20,472 K
svchost.exe                   1068 Services                   0     34,824 K
audiodg.exe                   1152 Services                   0     24,644 K
svchost.exe                   1200 Services                   0      7,056 K
svchost.exe                   1324 Services                   0     16,536 K
atieclxx.exe                  1368 Console                    1      7,872 K
spoolsv.exe                   1524 Services                   0     11,164 K
svchost.exe                   1564 Services                   0     12,112 K
avp.exe                       1644 Services                   0     61,504 K
svchost.exe                   1772 Services                   0      6,400 K
svchost.exe                   1832 Services                   0     18,988 K
taskhost.exe                  1960 Console                    1     13,504 K
dwm.exe                       2172 Console                    1      6,716 K
explorer.exe                  2200 Console                    1     54,124 K
vsnpstd3.exe                  2304 Console                    1      6,108 K
SVPMgr.exe                    2328 Console                    1     30,996 K
svchost.exe                   2772 Services                   0      5,528 K
VCDDaemon.exe                 2884 Console                    1      5,320 K
jusched.exe                   2896 Console                    1      4,680 K
avp.exe                       2280 Console                    1      5,640 K
MOM.exe                       2476 Console                    1      4,580 K
svchost.exe                   1628 Services                   0      8,928 K
CCC.exe                       3432 Console                    1     24,840 K
waterfox.exe                  2728 Console                    1    606,068 K
plugin-container.exe          2120 Console                    1     91,496 K
explorer.exe                  4540 Console                    1     36,332 K
thunderbird.exe               4560 Console                    1     96,496 K
cmd.exe                       4720 Console                    1      3,024 K
conhost.exe                   4708 Console                    1      6,072 K
tasklist.exe                  3748 Console                    1      5,692 K
WmiPrvSE.exe                  2688 Services                   0      6,376 K
 

Link to post
Share on other sites

  • Root Admin

Please download Microsoft Process Explorer
Then extract the files to their own folder and right click on the file procexp.exe and choose "Run as administrator" and let it run for a few minutes.

Then click on the File, Save-As and save the text file to your desktop or someplace you can find it and attach that file back on your next reply.

This tool should be able to tell you exactly what is using what for CPU/Memory/Disk I/O, etc.

There is a similar tool located here: System Explorer but for now please use the one from Microsoft.

 

Link to post
Share on other sites

As I've described in my first post, it has something to do when I don't touch the mouse or keyboard and for example I'm playing a game with a joystick for few minutes, pc starts stuttering and fans become wild and noisy (I know that they are supposed to do that, but this behaviour started few weeks ago, until then everything worked like a butter). So when that happenes I either move my mouse, or touch any key on the keyboard, and everything returns to normal, even during the game! It is like PC wakes up when I do that. Funny thing is that when I play a movie it doesn't happen, maybe because codecs are preventing the PC from being idle so the movie will  run smoothly, I don't know, just guessing..

Link to post
Share on other sites

  • Root Admin

Well it does not appear to be malware related so I would suggest the following maintenance to see if it helps or not.
 
Run a Full disk check.  Click on START and type in CMD.EXE and when it shows on the menu right click over it and select "Run as administrator" then type in the following exactly.
 
CHKDSK C: /R
 
Then it will say the drive cannot be locked and ask if you want to run it on restart.  Press the Y key and then the Enter key and reboot the computer to let it run.
It should take at least 10 minutes to run but can take hours to run.  When done and it restarts run the program below.
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera

 

 

Then check your drive fragmentation and defrag if needed.

 

 

Link to post
Share on other sites

  • Root Admin

This information is a bit old but also may or may not help you some. If nothing else it should provide you with more information on how your computer works. I'll go ahead and close your topic here but first I'll give you the cleanup canned message, then below that the Slow Computer message which is a bit old.

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

It will also reset your System Restore by flushing out previous restore points and create a new restore point.

It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:

Please download "Understanding, Identifying and Upgrading the RAM in your PC".

For more suggestions and performance tips read:

"Restore Your Computer's Performance with Windows XP"

"XP Performance Tweaks"

"Performance Boost for XP"

For Vista Users:

Vista Features Explained: Performance

Vista Features Explained: SuperFetch

SuperFetch & ReadyBoost

Tips to boost Vista performance

Windows Vista Performance Tuning

Top 12 Tweaks To Improve Vista Looks and Performance

When you are all done be sure to Create a new Restore Point to enable your computer to "roll-back" to a clean working state keeping all the changes you just made. Then use Disk Cleanup to "remove all but the latest Restore Point".

Vista Users can refer to these links:

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.