Jump to content

COM Surrogate hogging CPU


JKru
 Share

Recommended Posts

I have been having a problem with COM surrogates using all my CPU.  I ran several anti-virus programs, beginning with Malwarebytes, which detected nothing malicious.  AVG returns a trojan Name;"Description";"Result";"Status";"Priority"

C:\Windows\explorer.exe (4168);"Trojan horse Generic35.ALDZ";"Secured";"Healed";"High" every time, and Kaspersky finds no threats, but is constantly blocking "malicious URL"s - several thousand yesterday alone.  I believe whatever Kaspersky keeps blocking or denying is due to a virus, and also the cause of my CPU issue.  Since installing Kaspersky, my CPU is remaining normal, but I'm concerned the underlying issue is still at large.

 

Here are the 2 reports requested in the instructions for starting a new thread.

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Jamie at 10:34:37 on 2014-02-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.1365 [GMT -6:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\My Dell\imstrayicon.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\rundll32.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\taskeng.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\windows\splwow64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
uRun: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{F345E04A-8D21-47EE-AAFC-B61B10B81936} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{F345E04A-8D21-47EE-AAFC-B61B10B81936}\2656373686D26696 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F345E04A-8D21-47EE-AAFC-B61B10B81936}\3516D63757E676027416C61687970235029494F553332383 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{F345E04A-8D21-47EE-AAFC-B61B10B81936}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F345E04A-8D21-47EE-AAFC-B61B10B81936}\D677C616E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2014-2-10 84536]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-9-3 55856]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2014-2-10 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-11-11 178448]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-3 89600]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-3 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-10 701512]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-3 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-3 2655768]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2010-11-4 58128]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2010-10-19 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-9-3 176096]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-3 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-3-24 25496]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-10-15 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-3-24 34200]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-1-12 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-9-3 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-1-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-1-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-9-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-12 16:32:28 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96F34536-295A-4C62-9D0E-E935FA97EC3D}\offreg.dll
2014-02-12 16:28:01 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-12 16:27:55 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96F34536-295A-4C62-9D0E-E935FA97EC3D}\mpengine.dll
2014-02-12 16:27:50 -------- d-----w- C:\86c86e0d665495c790e8c15356b461
2014-02-10 08:16:14 64856 ----a-w- C:\windows\System32\klfphc.dll
2014-02-10 08:13:22 66616 ----a-w- C:\windows\System32\drivers\CSVirtualDiskDrv.sys
2014-02-10 08:13:17 84536 ----a-w- C:\windows\System32\drivers\CSCrySec.sys
2014-02-10 08:11:53 -------- d-----w- C:\windows\ELAMBKUP
2014-02-10 08:11:46 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2014-02-10 08:11:41 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-02-10 08:11:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-02-10 08:07:19 90208 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-02-10 01:23:19 -------- d-----w- C:\Users\Jamie\AppData\Roaming\AVG2014
2014-02-10 01:21:52 -------- d-----w- C:\Users\Jamie\AppData\Roaming\TuneUp Software
2014-02-10 01:17:57 -------- d--h--w- C:\$AVG
2014-02-10 01:17:57 -------- d-----w- C:\ProgramData\AVG2014
2014-02-10 01:15:49 -------- d-----w- C:\Program Files (x86)\AVG
2014-02-10 01:08:30 -------- d--h--w- C:\ProgramData\Common Files
2014-02-10 01:08:23 -------- d-----w- C:\Users\Jamie\AppData\Local\MFAData
2014-02-10 01:08:23 -------- d-----w- C:\Users\Jamie\AppData\Local\Avg2014
2014-02-10 01:08:23 -------- d-----w- C:\ProgramData\MFAData
2014-01-16 21:55:55 -------- d-----w- C:\Users\Jamie\AppData\Local\Blizzard Entertainment
2014-01-16 21:54:53 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-01-16 21:43:22 -------- d-----w- C:\ProgramData\Battle.net
2014-01-15 02:19:15 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2014-01-15 02:19:15 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-01-15 02:19:15 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2014-01-15 02:19:15 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2014-01-15 02:19:15 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-15 02:19:15 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2014-01-15 02:19:15 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2014-01-15 02:19:14 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2014-01-15 02:19:14 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2014-01-14 22:11:47 -------- d-----w- C:\Users\Jamie\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2014-01-16 15:59:44 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\windows\System32\jscript9.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-15 01:22:21 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-14 22:50:50 1806848 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.

 

============= FINISH: 10:36:25.59 ===============

 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 9/8/2011 2:27:44 PM
System Uptime: 2/11/2014 11:21:57 PM (11 hours ago)
.
Motherboard: Dell Inc. |  | 034W60
Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 362.695 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 2/9/2014 6:54:07 PM - Windows Update
RP211: 2/9/2014 7:15:10 PM - Installed AVG 2014
RP212: 2/9/2014 7:16:02 PM - Installed AVG 2014
RP213: 2/9/2014 11:15:05 PM - Windows Modules Installer
RP214: 2/9/2014 11:16:25 PM - Windows Modules Installer
RP215: 2/9/2014 11:50:26 PM - Windows Modules Installer
RP216: 2/11/2014 2:52:37 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.9) MUI
Advanced Audio FX Engine
Age of Empires Online
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
Bing Bar
Bing Rewards Client Installer
Bonjour
Canon MP130
Canon ScanGear Starter
Catan Online World
Consumer In-Home Service Agreement
Coupon Printer for Windows
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell Perks Webslice IE8
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage 
Dell Webcam Central
DirectX 9 Runtime
eBay
Google Chrome
Google+ Auto Backup
GoToAssist 8.0.0.514
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® WiDi
Intel® Wireless Display
Internet Explorer
iTunes
Java Auto Updater
Java 6 Update 24 (64-bit)
Java 6 Update 37
Junk Mail filter update
Kaspersky PURE 3.0
Kies Air Discovery Service
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
PhotoShowExpress
Picasa 3
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sonic CinePlayer Decoder Pack
TrustedID
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/9/2014 7:22:26 PM, Error: Service Control Manager [7024]  - The AVG Firewall service terminated with service-specific error %%-536805289.
2/9/2014 3:28:19 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
2/9/2014 3:21:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
2/8/2014 11:36:08 AM, Error: Microsoft Antimalware [2001]  - 
2/7/2014 4:14:58 AM, Error: Schannel [36874]  - An SSL 2.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/11/2014 12:03:08 PM, Error: Service Control Manager [7022]  - The Intel® Management and Security Application User Notification Service service hung on starting.
2/11/2014 12:00:39 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
2/11/2014 11:55:48 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
2/10/2014 9:23:52 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
2/10/2014 9:23:33 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
2/10/2014 2:14:44 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/10/2014 12:24:52 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EvtEng service.
2/10/2014 12:24:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell DataSafe Online service to connect.
2/10/2014 12:24:47 PM, Error: Service Control Manager [7000]  - The Dell DataSafe Online service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/10/2014 10:10:31 AM, Error: Service Control Manager [7034]  - The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
Link to post
Share on other sites

Hello JKru and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

I notice that you are using more than one antivirus program.

  • AVG 2014
  • Kaspersky PURE 3.0
  • This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them.

    Please uninstall this application too: Coupon Printer for Windows .

    Step 2

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 3

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan button. Wait until is finished.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
    Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Thank you very much for your help! I uninstalled AVG and disabled Kasparsky.  Without Kasparsky running, my CPU usage maxed out immediately, so running the scans you requested took the better part of the morning.  They all seem to have come back clean, as far as I can tell.  The logs you requested are below.  

 

A few notes:

 

- Like I said, without Kaspersky running, my computer is working at a snail's pace.  The notification from Kaspersky says

"c:\windows\syswow64\dllhost.exe (PID:14044):

Downloading object http:/.../6.0〈=en-US, which contains a malicious URL. Denied."

And, like I said, thousands of these daily. The PID is the only thing that changes.  This is still happening right now.

 

- Twice while running nothing other than the scans I got a pop up from internet explorer asking me if I was sure I wanted to leave this page. What page? I wasn't on a page.  Don't worry - I never clicked it.

 

- I was unsure when the scan from step 3 was complete - it just said "Pending. Please uncheck elements you don't want to remove."  There was nothing in the boxes below...   Please let me know if it seems the scan was incomplete.

 

 

Again, thank you for your help.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jamie on Thu 02/13/2014 at 10:47:37.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{00853A84-92FF-4A94-9329-48D344C76587}
Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{190BDD34-5F9D-4558-8E0F-9208807F793C}
Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{6C64C2BD-E3BA-4BE7-AC9B-ED9B31701049}
Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{70C382D1-CB3E-4908-8852-0A58004D2A77}
Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{9094DD0A-8C1D-4D12-B90E-F8EABE2319C7}
Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{C9CB2D65-8008-4F92-9A3C-180319A7C083}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/13/2014 at 11:34:29.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.018 - Report created 13/02/2014 at 13:11:03
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jamie - JAMIE-PC
# Running from : C:\Users\Jamie\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [742 octets] - [13/02/2014 11:47:44]
AdwCleaner[R1].txt - [864 octets] - [13/02/2014 12:39:36]
AdwCleaner[s0].txt - [802 octets] - [13/02/2014 12:11:29]
AdwCleaner[s1].txt - [786 octets] - [13/02/2014 13:11:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [845 octets] ##########
 
 
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.13.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jamie :: JAMIE-PC [administrator]
 
2/13/2014 1:18:35 PM
mbam-log-2014-02-13 (13-18-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323758
Time elapsed: 1 hour(s), 20 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
Link to post
Share on other sites

Looks fine. Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

I'm assuming you are giving me "special supervision and instructions of someone authorized to do so," right?  Is that note for visitors looking for solutions on their own? I just want to be perfectly clear.  I'm always afraid I'll break my computer trying to fix it... 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.