It is currently Sat Apr 29, 2017 8:35 am


Computer acting up

All versions of Windows 7, 2008 and Vista including 32 bit and 64 bit

Moderator: icecube

Computer acting up

Postby 2246 » Mon Aug 06, 2012 9:08 pm

Not really sure what's been causing it lately as I maintain the computer fairly well and keep it up to date and delete unnecessary files and stay away from viruses pretty consistently. Ever since my brother has come back from school and using the other profile it's been acting strange using 100% of the cpu fairly regularly[especially with chrome on] and some days it acts like total dogshit and sometimes I boot it up and it's pretty much fine but still slower than what I'm used to. I've had to fix the computer several times before but since it's been on 7 I've been sailing fairly well. However, I did recently get webroot complete for free, and unlike trend micro, it actually did discover a couple viruses and did the scan about 4 times before it was all removed. Webroot is a little new to me so... I do not really know how to find exactly what the viruses were but I bet there's a way if need be.

And for some reason I cannot post a hijackthis log or dxdiag? I can't attach? Not sure how I should post those without slopping it on the topic here...

*edit* some more details, was a bit flustered with the not allowed extensions but overall the computer has been acting up before this 100% thing. While playing some games[battlefield 3 and such] which usually work fine, the computer has been rebooting with no blue screen or error of any kind. Just shuts off and starts up again. My CyberPower backup battery has also shutdown or gone down to backup a few times for unknown reasons. Seems something is being overused or overheating or I dunno. Thanks for any support guys!
2246
Newbie
Newbie
 
Posts: 5
Joined: Mon Jul 30, 2012 9:25 pm
Location: United States
Operating System: Windows 7 64bit

Thanks given:3
Thanks received:0
Top

Re: Computer acting up

Postby Gecko » Tue Aug 07, 2012 12:04 pm

2246,

It sounds like your system is still infected with malware.

Please download combofix to your desktop.

Double click combofix.exe and follow the prompts.

If combofix will not start or is ended before the "Blue window" please rename combofix.exe to cbf.exe and try again.

If cbf.exe will not start or is ended, you will have to run cbf.exe from safe mode.
Reboot in to Safe mode:
Restart Windows after you see the BIOS screen and before Windows starts to load.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
Use the Arrow key to ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.

Who said thanks: 2246 (Tue Aug 07, 2012 9:27 pm)
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Computer acting up

Postby 2246 » Tue Aug 07, 2012 9:26 pm

Definitely seems to be running a bit better after combofix. That musta been malware huh? I thought I was safe. Of course I remember I'm not the only one on it. Anyways....

ComboFix 12-08-05.02 - Abraham Justice 08/06/2012 15:19:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5250 [GMT -7:00]
Running from: c:\users\Abraham Justice\Downloads\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
c:\users\Abraham Justice\Documents\~WRL0005.tmp
c:\users\Abraham Justice\Documents\~WRL0200.tmp
c:\users\Abraham Justice\Documents\~WRL0246.tmp
c:\users\Abraham Justice\Documents\~WRL0480.tmp
c:\users\Abraham Justice\Documents\~WRL0656.tmp
c:\users\Abraham Justice\Documents\~WRL0988.tmp
c:\users\Abraham Justice\Documents\~WRL1232.tmp
c:\users\Abraham Justice\Documents\~WRL1464.tmp
c:\users\Abraham Justice\Documents\~WRL1544.tmp
c:\users\Abraham Justice\Documents\~WRL1672.tmp
c:\users\Abraham Justice\Documents\~WRL1697.tmp
c:\users\Abraham Justice\Documents\~WRL1861.tmp
c:\users\Abraham Justice\Documents\~WRL2529.tmp
c:\users\Abraham Justice\Documents\~WRL2631.tmp
c:\users\Abraham Justice\Documents\~WRL2847.tmp
c:\users\Abraham Justice\Documents\~WRL3173.tmp
c:\users\Abraham Justice\Documents\~WRL3703.tmp
c:\users\Abraham Justice\Documents\~WRL3732.tmp
c:\users\Abraham Justice\Documents\~WRL3737.tmp
c:\users\Abraham Justice\Documents\~WRL3912.tmp
c:\users\Brothers\AppData\Roaming\Start
c:\users\Brothers\AppData\Roaming\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
c:\users\Brothers\videos\nPlayWMV.exe
c:\users\Brothers\WINDOWS
c:\users\Public\invokesi.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Mcx1-BROTHERS-PC\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Guest I guess\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Brothers\AppData\Local\temp
2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\users\Abraham Justice\AppData\Local\PassMark
2012-08-06 19:43 . 2012-08-06 19:43 388096 ----a-r- c:\users\Abraham Justice\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 07:32 . 2012-08-06 07:32 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-06 07:29 . 2012-08-06 07:29 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-06 00:53 . 2012-08-06 00:54 -------- d-----w- c:\users\Abraham Justice\.explorer.cache
2012-08-06 00:53 . 2012-08-06 00:53 -------- d-----w- c:\users\Abraham Justice\.explorer.local
2012-07-30 20:21 . 2012-07-30 20:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\users\Abraham Justice\AppData\Local\lptmp1889480913
2012-07-30 19:31 . 2012-07-30 19:31 148664 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-07-30 19:31 . 2012-07-30 19:31 101808 ----a-w- c:\windows\system32\WRusr.dll
2012-07-30 19:31 . 2012-07-30 19:31 113168 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\program files\Webroot
2012-07-30 19:31 . 2012-08-06 20:26 -------- d-----w- c:\programdata\WRData
2012-07-30 16:46 . 2009-12-06 02:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\programdata\IObit
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\program files (x86)\IObit
2012-07-29 04:44 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 04:43 . 2012-07-29 04:43 -------- d-----w- c:\programdata\AVAST Software
2012-07-29 04:43 . 2012-07-29 04:43 -------- d-----w- c:\program files\AVAST Software
2012-07-23 18:18 . 2012-07-23 18:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-23 18:18 . 2012-07-23 18:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-21 20:44 . 2012-07-21 20:44 -------- d-----w- c:\users\Brothers\AppData\Roaming\Leader Technologies
2012-07-21 20:44 . 2012-07-21 23:16 -------- d-----w- c:\users\Brothers\AppData\Roaming\Epson
2012-07-21 07:26 . 2012-07-21 07:26 -------- d-----w- c:\users\Abraham Justice\AppData\Roaming\Epson
2012-07-21 07:26 . 2012-07-21 07:26 -------- d-----w- c:\users\Abraham Justice\AppData\Roaming\Leader Technologies
2012-07-21 04:23 . 2012-07-21 04:23 -------- d-----w- c:\users\Brothers\AppData\Roaming\Leadertech
2012-07-21 04:22 . 2012-07-21 04:22 -------- d-----w- c:\program files (x86)\LTCM Client
2012-07-21 03:56 . 2012-07-21 03:56 -------- d-----w- c:\program files (x86)\Epson Software
2012-07-21 03:56 . 2011-08-10 07:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-07-21 03:56 . 2009-10-16 07:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-07-21 03:56 . 2009-10-16 07:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-21 03:56 . 2012-07-21 04:22 -------- d-----w- c:\program files (x86)\epson
2012-07-21 03:53 . 2012-07-21 03:53 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-21 03:53 . 2012-07-21 23:16 -------- d-----w- c:\programdata\EPSON
2012-07-21 03:53 . 2009-10-01 01:01 88064 ----a-w- c:\windows\system32\E_IBCBHLA.DLL
2012-07-21 03:53 . 2008-11-12 01:00 118784 ----a-w- c:\windows\system32\E_ILMHLA.DLL
2012-07-16 06:06 . 2012-07-16 06:10 -------- d-----w- c:\users\Brothers\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 08:28 . 2010-11-16 11:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-06 08:28 . 2010-06-08 21:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-06 08:27 . 2010-06-08 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-04 02:40 . 2012-03-29 06:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 02:40 . 2011-05-13 20:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 17:28 . 2010-06-08 21:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-13 10:03 . 2010-06-09 20:47 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-21 01:56 . 2012-05-21 01:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 01:56 . 2012-05-21 01:56 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 00:08 . 2010-06-08 09:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 00:08 . 2010-06-11 17:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-18 00:08 . 2010-06-11 17:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 10:48 . 2012-05-22 19:39 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 19:39 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:39 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:39 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 19:39 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 19:39 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:39 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:39 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 19:39 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:39 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:39 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 19:39 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:39 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-22 19:39 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 19:39 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 19:39 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:39 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-22 19:39 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-03-14 07:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-03-14 07:32 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-23 05:10 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-10-23 05:30 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-23 05:30 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-23 05:30 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-23 05:30 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-10-23 05:33 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-10-23 05:33 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-10-23 05:33 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-02-23 05:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-10-23 05:33 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-10-23 05:33 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-08-02 3414680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2011-06-17 353728]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2012-05-21 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-30 688360]
.
c:\users\Brothers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Abraham Justice\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe [N/A]
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
c:\users\Guest I guess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-07 10207232]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-07 317952]
R3 AODDriver4.0;AODDriver4.0;c:\program files (x86)\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\ABRAHA~1\AppData\Local\Temp\005FC52.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-07 204288]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2010-08-27 1052676]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-04-03 131912]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-13 87040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 834544]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-30 113168]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2010-06-08 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-30 688360]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 02:40]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000Core.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000UA.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005Core.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005UA.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006Core.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006UA.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-04-03 2727936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} - hxxp://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
FF - ProfilePath - c:\users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf3/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ABRAHA~1\AppData\Local\Temp\005FC52.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2922089572-4686520-4244951405-1005\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4a,75,e9,d9,21,ec,b4,71,13,99,22,e1,64,a8,05,da,51,71,2c,c2,64,
86,e4,08,ea,cc,cf,02,12,cc,0a,89,bb,1c,16,0b,1b,74,d4,80,08,29,f6,82,5e,30,\
"rkeysecu"=hex:1f,8d,22,f0,53,77,15,50,d0,6b,35,32,9e,e2,71,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-08-06 15:47:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 22:47
.
Pre-Run: 333,698,621,440 bytes free
Post-Run: 334,008,274,944 bytes free
.
- - End Of File - - 773DB15A98ABDE084A1F13CD7B78E5FB

Appreciate any assistance gecko!
2246
Newbie
Newbie
 
Posts: 5
Joined: Mon Jul 30, 2012 9:25 pm
Location: United States
Operating System: Windows 7 64bit

Thanks given:3
Thanks received:0
Top

Re: Computer acting up

Postby Gecko » Wed Aug 08, 2012 2:16 pm

2246,

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
File::
c:\users\ABRAHA~1\AppData\Local\Temp\005FC52.tmp

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"=-

Now drag then drop the CFScript file onto ComboFix.exe
Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

Who said thanks: 2246 (Thu Aug 09, 2012 9:44 am)
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Computer acting up

Postby VaporNation » Wed Aug 08, 2012 10:53 pm

sounds like a virus or malware to me
Vapor Nation
VaporNation
Geek in Training
Geek in Training
 
Posts: 16
Joined: Tue Aug 07, 2012 10:04 pm

Thanks given:0
Thanks received:0
Top

Re: Computer acting up

Postby 2246 » Thu Aug 09, 2012 9:45 am

ComboFix 12-08-08.03 - Abraham Justice 08/09/2012 0:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6329 [GMT -7:00]
Running from: c:\users\Abraham Justice\Downloads\ComboFix.exe
Command switches used :: c:\users\Abraham Justice\Downloads\CFScript.txt
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\ABRAHA~1\AppData\Local\Temp\005FC52.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 08:17 . 2012-08-09 08:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-09 08:17 . 2012-08-09 08:17 -------- d-----w- c:\users\Mcx1-BROTHERS-PC\AppData\Local\temp
2012-08-09 08:17 . 2012-08-09 08:17 -------- d-----w- c:\users\Guest I guess\AppData\Local\temp
2012-08-09 08:17 . 2012-08-09 08:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 08:17 . 2012-08-09 08:17 -------- d-----w- c:\users\Brothers\AppData\Local\temp
2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\users\Abraham Justice\AppData\Local\PassMark
2012-08-06 19:43 . 2012-08-06 19:43 388096 ----a-r- c:\users\Abraham Justice\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 07:32 . 2012-08-06 07:32 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-06 07:29 . 2012-08-06 07:29 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-06 00:53 . 2012-08-06 00:54 -------- d-----w- c:\users\Abraham Justice\.explorer.cache
2012-08-06 00:53 . 2012-08-06 00:53 -------- d-----w- c:\users\Abraham Justice\.explorer.local
2012-07-30 20:21 . 2012-07-30 20:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\users\Abraham Justice\AppData\Local\lptmp1889480913
2012-07-30 19:31 . 2012-07-30 19:31 148664 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-07-30 19:31 . 2012-07-30 19:31 101808 ----a-w- c:\windows\system32\WRusr.dll
2012-07-30 19:31 . 2012-07-30 19:31 113168 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\program files\Webroot
2012-07-30 19:31 . 2012-08-09 06:24 -------- d-----w- c:\programdata\WRData
2012-07-30 16:46 . 2009-12-06 02:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\programdata\IObit
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\program files (x86)\IObit
2012-07-29 04:44 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 04:43 . 2012-07-29 04:43 -------- d-----w- c:\programdata\AVAST Software
2012-07-29 04:43 . 2012-07-29 04:43 -------- d-----w- c:\program files\AVAST Software
2012-07-23 18:18 . 2012-07-23 18:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-23 18:18 . 2012-07-23 18:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-21 20:44 . 2012-07-21 20:44 -------- d-----w- c:\users\Brothers\AppData\Roaming\Leader Technologies
2012-07-21 20:44 . 2012-07-21 23:16 -------- d-----w- c:\users\Brothers\AppData\Roaming\Epson
2012-07-21 07:26 . 2012-07-21 07:26 -------- d-----w- c:\users\Abraham Justice\AppData\Roaming\Epson
2012-07-21 07:26 . 2012-07-21 07:26 -------- d-----w- c:\users\Abraham Justice\AppData\Roaming\Leader Technologies
2012-07-21 04:23 . 2012-07-21 04:23 -------- d-----w- c:\users\Brothers\AppData\Roaming\Leadertech
2012-07-21 04:22 . 2012-07-21 04:22 -------- d-----w- c:\program files (x86)\LTCM Client
2012-07-21 03:56 . 2012-07-21 03:56 -------- d-----w- c:\program files (x86)\Epson Software
2012-07-21 03:56 . 2011-08-10 07:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-07-21 03:56 . 2009-10-16 07:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-07-21 03:56 . 2009-10-16 07:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-21 03:56 . 2012-07-21 04:22 -------- d-----w- c:\program files (x86)\epson
2012-07-21 03:53 . 2012-07-21 03:53 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-21 03:53 . 2012-07-21 23:16 -------- d-----w- c:\programdata\EPSON
2012-07-21 03:53 . 2009-10-01 01:01 88064 ----a-w- c:\windows\system32\E_IBCBHLA.DLL
2012-07-21 03:53 . 2008-11-12 01:00 118784 ----a-w- c:\windows\system32\E_ILMHLA.DLL
2012-07-16 06:06 . 2012-07-16 06:10 -------- d-----w- c:\users\Brothers\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 06:57 . 2010-11-16 11:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-09 06:57 . 2010-06-08 21:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-09 06:57 . 2010-06-08 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-04 02:40 . 2012-03-29 06:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 02:40 . 2011-05-13 20:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 17:28 . 2010-06-08 21:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-13 10:03 . 2010-06-09 20:47 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-21 01:56 . 2012-05-21 01:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 01:56 . 2012-05-21 01:56 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 00:08 . 2010-06-08 09:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 00:08 . 2010-06-11 17:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-18 00:08 . 2010-06-11 17:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 10:48 . 2012-05-22 19:39 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 19:39 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:39 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:39 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 19:39 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 19:39 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:39 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:39 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 19:39 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:39 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:39 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 19:39 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:39 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-22 19:39 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 19:39 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 19:39 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:39 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-22 19:39 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-03-14 07:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-03-14 07:32 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-23 05:10 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-10-23 05:30 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-23 05:30 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-23 05:30 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-23 05:30 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-10-23 05:33 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-10-23 05:33 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-10-23 05:33 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-02-23 05:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-10-23 05:33 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-10-23 05:33 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_22.33.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 01:33 . 2012-08-09 08:21 99944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-09 08:21 38482 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-08 18:26 . 2012-08-09 08:21 29654 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2922089572-4686520-4244951405-1005_UserData.bin
- 2010-06-08 21:26 . 2012-07-27 04:23 21838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2922089572-4686520-4244951405-1000_UserData.bin
+ 2010-06-08 21:26 . 2012-08-08 06:36 21838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2922089572-4686520-4244951405-1000_UserData.bin
+ 2010-06-09 11:06 . 2012-08-06 22:50 2010 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-06 22:32 . 2012-08-06 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 08:18 . 2012-08-09 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 22:32 . 2012-08-06 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-09 08:18 . 2012-08-09 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-09 20:24 . 2012-08-09 00:57 682244 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-08-09 08:18 384592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 22:31 384592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-08 21:23 . 2012-08-08 07:55 3435966 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1000-8192.dat
- 2010-06-08 12:18 . 2012-08-06 22:31 10180208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1005-8192.dat
+ 2010-06-08 12:18 . 2012-08-09 08:18 10180208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-08-08 3414680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2011-06-17 353728]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2012-05-21 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-30 688360]
.
c:\users\Brothers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Abraham Justice\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe [N/A]
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
c:\users\Guest I guess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-07 10207232]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-07 317952]
R3 AODDriver4.0;AODDriver4.0;c:\program files (x86)\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005; [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-07 204288]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2010-08-27 1052676]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-04-03 131912]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-13 87040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 834544]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-30 113168]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2010-06-08 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-30 688360]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 02:40]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000Core.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000UA.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005Core.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005UA.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006Core.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006UA.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-04-03 2727936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} - hxxp://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
FF - ProfilePath - c:\users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf3/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: keyword.enabled - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2922089572-4686520-4244951405-1005\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4a,75,e9,d9,21,ec,b4,71,13,99,22,e1,64,a8,05,da,51,71,2c,c2,64,
86,e4,08,ea,cc,cf,02,12,cc,0a,89,bb,1c,16,0b,1b,74,d4,80,08,29,f6,82,5e,30,\
"rkeysecu"=hex:1f,8d,22,f0,53,77,15,50,d0,6b,35,32,9e,e2,71,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-08-09 01:34:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 08:34
ComboFix2.txt 2012-08-06 22:48
.
Pre-Run: 334,054,088,704 bytes free
Post-Run: 334,257,397,760 bytes free
.
- - End Of File - - 04536A0C5891D2AFCFD862E5DD54CC42

Thanks fellas, I feel like I'm getting a little more control over the computer. I'll run it and see if it still restarts by itself. Just did it before this last scan so we will see if they affect each other in anyway
2246
Newbie
Newbie
 
Posts: 5
Joined: Mon Jul 30, 2012 9:25 pm
Location: United States
Operating System: Windows 7 64bit

Thanks given:3
Thanks received:0
Top

Re: Computer acting up

Postby Gecko » Thu Aug 09, 2012 1:17 pm

Glad to hear that it's running better
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Computer acting up

Postby 2246 » Thu Aug 09, 2012 6:42 pm

Almost forgot the hijackthis! I wish there was some reason I could learn how to read these logs cause I feel they are 90% of fixing software issues in computers.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:28 AM, on 8/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKCU\..\Run: [F.lux] "C:\Users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 12944 bytes
2246
Newbie
Newbie
 
Posts: 5
Joined: Mon Jul 30, 2012 9:25 pm
Location: United States
Operating System: Windows 7 64bit

Thanks given:3
Thanks received:0
Top

Re: Computer acting up

Postby Gecko » Fri Aug 10, 2012 2:35 am

Your hijckthis log is clean.

Hijackthis has become outdated as a detection tool, most new malware can hide from it or make it unusable.

Malware Removal has an online University for teaching you how to read these types of logs and how to remove malware.

Who said thanks: 2246 (Tue Aug 14, 2012 8:04 am)
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Computer acting up

Postby 2246 » Tue Aug 14, 2012 8:05 am

Well it's definitely been better though I think at this rate I should reinstall windows. Though maybe I'll just wait for 8. Wow guess I'm a few years out of date, though it's good to see combofix is still reliable. Preciate the help mate I may just look all of that up
2246
Newbie
Newbie
 
Posts: 5
Joined: Mon Jul 30, 2012 9:25 pm
Location: United States
Operating System: Windows 7 64bit

Thanks given:3
Thanks received:0
Top


Return to Windows 7, 2008 and Vista

Who is online

Users browsing this forum: No registered users and 1 guest

cron