TechSpot

KAV had 1 gb of files ready for me this morning to send to themselves

By TrunkMonkey
May 6, 2013
  1. Kaspersky 2013 was sitting on my desktop this a.m. with a list of a bunch of files (nearly 1 gb) which it wanted to upload to itself. No virus detections that I could tell. I forget why but I ended up restarting and haven't seen a similar message or screen on KAV. It was a screen I'd never seen and they hadn't asked for uploads in the past, so I was suspicious.

    The first attempt at Chrome accessing this site today gave a message "TOO MANY REDIRECTS..."

    So here I am and would like to have an expert opinion on my system. Thank you in advance!

    =========================================================================


    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.06.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    SuperUser :: TOWEROFPOWER10 [administrator]

    Protection: Disabled

    5/6/2013 11:33:57 AM
    mbam-log-2013-05-06 (11-33-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP

    | PUM | P2P
    Scan options disabled:
    Objects scanned: 262307
    Time elapsed: 4 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ===============================================================================================================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476
    Run by SuperUser at 11:43:50 on 2013-05-06
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.4400 [GMT -5:00]
    .
    AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    mStart Page = about:blank
    uWinlogon: Shell = expstart.exe
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab

    \Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab

    \Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit

    \SetPointSmooth.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab

    \Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    uRun: [Google Update] "C:\Users\SuperUser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application

    \nusb3mon.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    uPolicies-Explorer: NoDevMgrUpdate = dword:0
    uPolicies-Explorer: NoDFSTab = dword:0
    uPolicies-Explorer: NoEncryptOnMove = dword:0
    uPolicies-Explorer: NoRunasInstallPrompt = dword:0
    uPolicies-Explorer: NoResolveTrack = dword:1
    uPolicies-Explorer: NoStartMenuSubFolders = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-Explorer: NoDevMgrUpdate = dword:0
    mPolicies-Explorer: NoDFSTab = dword:0
    mPolicies-Explorer: NoEncryptOnMove = dword:0
    mPolicies-Explorer: NoRunasInstallPrompt = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:0
    mPolicies-Explorer: NoStartMenuSubFolders = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-Explorer: DisableLocalMachineRun = dword:0
    mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
    mPolicies-Explorer: DisableCurrentUserRun = dword:0
    mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoFile = dword:0
    mPolicies-Explorer: HideClock = dword:0
    mPolicies-Explorer: NoDevMgrUpdate = dword:0
    mPolicies-Explorer: NoDFSTab = dword:0
    mPolicies-Explorer: NoEncryptOnMove = dword:0
    mPolicies-Explorer: NoRunasInstallPrompt = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:0
    mPolicies-Explorer: NoStartMenuSubFolders = dword:0
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files

    (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files

    (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
    DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///E:/components/hidinputmonitorx.ocx
    DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file:///E:/components/A9.ocx
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

    hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1364798090813
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{DB0188C6-2FCE-4AEC-A10C-929B4E888F85} : DHCPNameServer = 192.168.1.1
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    SecurityProviders: SecurityProviders = schannel.dll,
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application

    \26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install

    --chrome
    x64-mStart Page = about:blank
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab

    \Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky

    Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP

    \SetPointSmooth.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab

    \Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files

    (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files

    (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\SuperUser\AppData\Roaming\Mozilla\Firefox\Profiles\4b79stp1.default-1364774119876\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\SuperUser\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-04-24 05:21; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky

    Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
    FF - ExtSQL: 2013-04-24 05:21; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-

    Virus 2013\FFExt\url_advisor@kaspersky.com
    FF - ExtSQL: 2013-04-24 05:21; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky

    Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 55056]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28

    361984]
    R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2013-2-6 57952]
    R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9

    57472]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService

    \1.00.05\AsSysCtrlService.exe [2013-2-2 109056]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

    [2012-8-17 356376]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-18

    418376]
    R2 PhenomMsrTweaker;PhenomMsrTweaker service;C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe

    [2010-6-3 188416]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2

    -14 96768]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2013-3-24 28928]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-18 25928]
    R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-3-4 74992]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-4 58536]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-

    5-5 1301504]
    R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2013-2-3 13312]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys [2010-6-3 14544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET

    \Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

    \Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-18 701512]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-4-4 35840]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys

    [2013-5-3 103064]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark

    SystemInfo\FMSISvc.exe [2013-2-2 137488]
    S3 G311N6;NETGEAR GA311 Gigabit Driver;C:\Windows\System32\drivers\G311N6.sys [2013-1-21 347680]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22

    180224]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys

    [2013-1-24 19456]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-14 838216]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-3

    203672]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-24 57856]
    S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2013-2-6 137096]
    S4 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S4 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-21

    1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2013-05-05 10:01:19980480----a-w-C:\Windows\System32\VIAPropPageExt.dll
    2013-05-05 10:01:191301504----a-w-C:\Windows\System32\drivers\viahduaa.sys
    2013-05-05 03:42:50296448----a-w-C:\Windows\SysWow64\mfds.dll
    2013-05-05 03:38:15381440----a-w-C:\Windows\System32\mfds.dll
    2013-05-05 01:38:57--------d-----w-C:\SymCache
    2013-05-05 01:21:34--------d-----w-C:\Shutdown_Trace
    2013-05-04 23:06:59--------d-----w-C:\Program Files\Microsoft Windows Performance Toolkit
    2013-05-04 15:35:27--------d-----w-C:\Users\SuperUser\AppData\Local\AMD
    2013-05-04 15:35:06--------d-----w-C:\Users\SuperUser\AppData\Local\ATI
    2013-05-04 15:34:060----a-w-C:\Windows\ativpsrm.bin
    2013-05-04 15:30:08--------d-----w-C:\ProgramData\AMD
    2013-05-04 15:29:18--------d-----w-C:\Program Files (x86)\ATI Technologies
    2013-05-04 15:23:2558536----a-w-C:\Windows\System32\drivers\usbfilter.sys
    2013-05-04 15:22:27--------d-----w-C:\Program Files\ATI
    2013-05-04 15:21:47--------d-----w-C:\Program Files\ATI Technologies
    2013-05-04 15:21:11--------d-----w-C:\AMD
    2013-05-04 12:36:10--------d-----w-C:\RaidTool
    2013-05-04 12:36:06--------d-----w-C:\Windows\RaidTool
    2013-05-04 12:35:16753664----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\iKernel.dll
    2013-05-04 12:35:1669714----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\ctor.dll
    2013-05-04 12:35:1663488----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\ISBEW64.exe
    2013-05-04 12:35:165632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\DotNetInstaller.exe
    2013-05-04 12:35:16274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\iscript.dll
    2013-05-04 12:35:16184320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\iuser.dll
    2013-05-04 12:35:15331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\setup.dll
    2013-05-04 12:35:15200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional

    \RunTime\11\00\Intel32\iGdi.dll
    2013-05-04 11:23:40315904----a-w-C:\Windows\SysWow64\Difx69fe.rra
    2013-05-04 11:10:56--------d-----w-C:\Users\SuperUser\AppData\Local\ElevatedDiagnostics
    2013-05-04 01:27:331154----a-w-C:\Windows\MultiLanguage.tmp
    2013-05-03 20:03:33203672----a-w-C:\Windows\System32\drivers\ssudmdm.sys
    2013-05-03 20:03:32103064----a-w-C:\Windows\System32\drivers\ssudbus.sys
    2013-05-03 20:01:24821824----a-w-C:\Windows\SysWow64\dgderapi.dll
    2013-04-29 18:31:3526520----a-w-C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
    2013-04-29 18:31:35263064----a-w-C:\Program Files (x86)\Mozilla Firefox\components

    \browsercomps.dll
    2013-04-29 16:21:00--------d-----w-C:\Windows\ehome
    2013-04-29 14:55:23--------d-----w-C:\Users\SuperUser\AppData\Roaming\Shark007
    2013-04-29 14:55:23--------d-----w-C:\ProgramData\Shark007
    2013-04-29 14:55:22361472----a-w-C:\Windows\System32\aacacm.acm
    2013-04-29 14:55:223554304----a-w-C:\Windows\System32\x264vfw.dll
    2013-04-29 14:55:222231296----a-w-C:\Windows\System32\ac3filter.acm
    2013-04-29 14:55:22206336----a-w-C:\Windows\System32\unrar64.dll
    2013-04-29 14:55:22180736----a-w-C:\Windows\System32\ac3acm.acm
    2013-04-29 14:55:22148992----a-w-C:\Windows\System32\lagarith.dll
    2013-04-29 14:55:211929216----a-w-C:\Windows\System32\VSFilter.dll
    2013-04-29 14:55:21127488----a-w-C:\Windows\System32\ff_vfw.dll
    2013-04-29 14:55:21124909----a-w-C:\Windows\System32\pthreadGC2.dll
    2013-04-29 14:55:21--------d-----w-C:\Program Files\Shark007
    2013-04-29 14:30:411307136----a-w-C:\Windows\System32\msmpeg2adec.dll
    2013-04-24 10:27:50--------d-----w-C:\MATS
    2013-04-24 01:27:191656680----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-04-19 00:07:0090112----a-w-C:\Windows\MAMCityDownload.ocx
    2013-04-19 00:07:00330240----a-w-C:\Windows\MASetupCaller.dll
    2013-04-19 00:07:0030568----a-w-C:\Windows\MusiccityDownload.exe
    2013-04-19 00:06:46172032----a-w-C:\Windows\SysWow64\muzapp.exe
    2013-04-18 08:01:59--------d-----w-C:\Program Files\Microsoft IntelliPoint
    2013-04-18 05:43:53925184----a-w-C:\Windows\expstart.exe
    2013-04-18 05:42:302871808----a-w-C:\Windows\explorer.backup.exe
    2013-04-18 05:11:3325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-04-18 05:11:33--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-17 14:03:15--------d-----w-C:\ProgramData\MediaBrowser
    2013-04-17 09:31:333933696----a-w-C:\Windows\SysWow64\authui.dll
    2013-04-17 08:26:481154----a-w-C:\Windows\SysWow64\MultiLanguage.tmp
    2013-04-17 06:44:003933696----a-w-C:\Windows\SysWow64\authuoldi.dll
    2013-04-15 12:55:17--------d-----w-C:\Users\SuperUser\AppData\Local\NETGEARGenie
    2013-04-15 12:55:0896784----a-w-C:\Windows\SysWow64\packet.dll
    2013-04-15 12:55:08281104----a-w-C:\Windows\SysWow64\wpcap.dll
    2013-04-14 19:29:10--------d-----w-C:\Program Files (x86)\FLAC
    2013-04-14 09:16:33838216----a-w-C:\Windows\System32\drivers\Rt64win7.sys
    2013-04-14 09:16:3378920----a-w-C:\Windows\System32\RtNicProp64.dll
    2013-04-14 09:16:33108104----a-w-C:\Windows\System32\RTNUninst64.dll
    2013-04-14 09:16:29--------d-----w-C:\Program Files (x86)\Realtek
    2013-04-14 02:59:35--------d-----w-C:\ProgramData\Banamalon
    2013-04-13 16:07:39--------d-----w-C:\Program Files\Media Center Network Controller
    2013-04-11 04:21:341573376----a-w-C:\Windows\SysWow64\VSFilter.dll
    2013-04-10 08:05:233153408----a-w-C:\Windows\System32\win32k.sys
    2013-04-10 08:05:05223752----a-w-C:\Windows\System32\drivers\fvevol.sys
    2013-04-10 08:05:005550424----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-04-10 08:04:593913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-10 08:04:586656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-04-10 08:04:5843520----a-w-C:\Windows\System32\csrsrv.dll
    2013-04-10 08:04:583968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-10 08:04:58112640----a-w-C:\Windows\System32\smss.exe
    .
    ==================== Find3M ====================
    .
    2013-05-01 11:30:09691592----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-01 11:30:0871048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-24 10:21:2355056----a-w-C:\Windows\System32\drivers\kltdi.sys
    2013-04-24 10:21:23178448----a-w-C:\Windows\System32\drivers\kneps.sys
    2013-04-24 10:21:0890208----a-w-C:\Windows\System32\drivers\klflt.sys
    2013-04-19 00:08:144659712----a-w-C:\Windows\SysWow64\Redemption.dll
    2013-04-15 12:55:08369168----a-w-C:\Windows\System32\wpcap.dll
    2013-04-15 12:55:0835344----a-w-C:\Windows\System32\drivers\npf.sys
    2013-04-15 12:55:08106000----a-w-C:\Windows\System32\packet.dll
    2013-04-06 02:26:241679360----a-w-C:\Windows\SysWow64\ac3filter.acm
    2013-03-31 23:32:0482600----a-w-C:\Windows\System32\drivers\amd_sata.sys
    2013-03-31 23:32:0442664----a-w-C:\Windows\System32\drivers\amd_xata.sys
    2013-03-29 02:37:1078432----a-w-C:\Windows\System32\atimpc64.dll
    2013-03-29 02:37:1078432----a-w-C:\Windows\System32\amdpcom64.dll
    2013-03-29 02:37:1071704----a-w-C:\Windows\SysWow64\atimpc32.dll
    2013-03-29 02:37:1071704----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2013-03-29 02:37:06139696----a-w-C:\Windows\System32\atiuxp64.dll
    2013-03-29 02:37:0492304----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2013-03-29 02:37:04118584----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2013-03-29 02:37:04112440----a-w-C:\Windows\System32\atiu9p64.dll
    2013-03-29 02:37:021155264----a-w-C:\Windows\System32\aticfx64.dll
    2013-03-29 02:37:00970912----a-w-C:\Windows\SysWow64\aticfx32.dll
    2013-03-29 02:36:568272136----a-w-C:\Windows\System32\atidxx64.dll
    2013-03-29 02:36:547233336----a-w-C:\Windows\SysWow64\atidxx32.dll
    2013-03-29 02:36:504450264----a-w-C:\Windows\SysWow64\atiumdva.dll
    2013-03-29 02:36:445944264----a-w-C:\Windows\SysWow64\atiumdag.dll
    2013-03-29 02:36:405000320----a-w-C:\Windows\System32\atiumd6a.dll
    2013-03-29 02:36:386985624----a-w-C:\Windows\System32\atiumd64.dll
    2013-03-29 02:35:0211658752----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2013-03-29 02:13:28222720----a-w-C:\Windows\System32\clinfo.exe
    2013-03-29 02:13:14798734----a-w-C:\Windows\SysWow64\amdocl_ld32.exe
    2013-03-29 02:13:141187342----a-w-C:\Windows\System32\amdocl_as64.exe
    2013-03-29 02:13:141061902----a-w-C:\Windows\System32\amdocl_ld64.exe
    2013-03-29 02:13:12995342----a-w-C:\Windows\SysWow64\amdocl_as32.exe
    2013-03-29 02:13:0876288----a-w-C:\Windows\System32\OpenVideo64.dll
    2013-03-29 02:13:0465536----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2013-03-29 02:13:0064000----a-w-C:\Windows\System32\OVDecode64.dll
    2013-03-29 02:12:5656320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2013-03-29 02:12:4829150720----a-w-C:\Windows\System32\amdocl64.dll
    2013-03-29 02:10:5223810560----a-w-C:\Windows\SysWow64\amdocl.dll
    2013-03-29 02:09:0454784----a-w-C:\Windows\System32\OpenCL.dll
    2013-03-29 02:09:0050176----a-w-C:\Windows\SysWow64\OpenCL.dll
    2013-03-29 02:04:4224229376----a-w-C:\Windows\System32\atio6axx.dll
    2013-03-29 02:00:5476800----a-w-C:\Windows\System32\coinst_12.104.dll
    2013-03-29 01:57:54163840----a-w-C:\Windows\System32\atiapfxx.exe
    2013-03-29 01:55:3651200----a-w-C:\Windows\System32\aticalrt64.dll
    2013-03-29 01:55:3446080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2013-03-29 01:55:2844544----a-w-C:\Windows\System32\aticalcl64.dll
    2013-03-29 01:55:2844032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2013-03-29 01:55:1616082944----a-w-C:\Windows\System32\aticaldd64.dll
    2013-03-29 01:51:0413703168----a-w-C:\Windows\SysWow64\aticaldd.dll
    2013-03-29 01:48:2619870720----a-w-C:\Windows\SysWow64\atioglxx.dll
    2013-03-29 01:35:14442368----a-w-C:\Windows\System32\atidemgy.dll
    2013-03-29 01:35:06562688----a-w-C:\Windows\System32\atieclxx.exe
    2013-03-29 01:34:18241152----a-w-C:\Windows\System32\atiesrxx.exe
    2013-03-29 01:33:00120320----a-w-C:\Windows\System32\atitmm64.dll
    2013-03-29 01:32:4626112----a-w-C:\Windows\System32\atimuixx.dll
    2013-03-29 01:32:4259392----a-w-C:\Windows\System32\atiedu64.dll
    2013-03-29 01:32:3643520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2013-03-29 01:10:30636416----a-w-C:\Windows\System32\atiadlxx.dll
    2013-03-29 01:10:20430080----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2013-03-29 01:10:0817920----a-w-C:\Windows\System32\atig6pxx.dll
    2013-03-29 01:10:0414848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2013-03-29 01:10:0414848----a-w-C:\Windows\System32\atiglpxx.dll
    2013-03-29 01:10:0044032----a-w-C:\Windows\System32\atig6txx.dll
    2013-03-29 01:09:5234816----a-w-C:\Windows\SysWow64\atigktxx.dll
    2013-03-29 01:09:44581120----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2013-03-29 01:07:5253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2013-03-24 10:28:07861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-24 10:28:07782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-03-17 15:21:303649536----a-w-C:\Windows\SysWow64\x264vfw.dll
    2013-03-12 06:10:56282744------w-C:\Windows\System32\MpSigStub.exe
    2013-03-10 22:59:2818960----a-w-C:\Windows\System32\drivers\LNonPnP.sys
    2013-03-08 17:29:3916896----a-w-C:\Windows\AsTaskSched.dll
    2013-03-04 16:35:4074992----a-w-C:\Windows\System32\drivers\RAMDiskVE.sys
    2013-02-22 06:27:492312704----a-w-C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:511392128----a-w-C:\Windows\System32\wininet.dll
    2013-02-22 06:19:371494528----a-w-C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48173056----a-w-C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23599040----a-w-C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:412382848----a-w-C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:001800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:001129472----a-w-C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:501427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:462382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-02-15 01:06:48123704----a-w-C:\Windows\System32\drivers\jraid.sys
    2013-02-14 11:41:1096768----a-w-C:\Windows\System32\drivers\AtihdW76.sys
    2013-02-14 11:40:58110080----a-w-C:\Windows\System32\DelayAPO.dll
    2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
    2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
    2013-02-12 03:09:37534528----a-w-C:\Windows\System32\VIASysFx.dll
    2013-02-12 03:09:3676288----a-w-C:\Windows\System32\ViaMicArrayPropPageExt.dll
    2013-02-12 03:09:36193024----a-w-C:\Windows\System32\ViaMicArrayAPO.dll
    .
    ============= FINISH: 11:44:27.15 ===============


    ===============================================================================================================

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/21/2013 11:08:05 AM
    System Uptime: 5/6/2013 7:57:33 AM (4 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 3511/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1863 GiB total, 1765.03 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 932 GiB total, 551.884 GiB free.
    G: is FIXED (NTFS) - 1 GiB total, 1.432 GiB free.
    X: is FIXED (NTFS) - 1863 GiB total, 1172.54 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCI GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&2B4059EA&0&38A4
    Manufacturer: Realtek
    Name: Realtek PCI GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&2B4059EA&0&38A4
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP380: 5/3/2013 2:03:27 PM - Removed Samsung Kies
    RP381: 5/3/2013 3:00:03 PM - Installed Samsung Kies
    RP383: 5/4/2013 7:35:50 AM - Installed JMicron JMB36X Driver
    RP384: 5/4/2013 5:13:25 PM - Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    RP385: 5/4/2013 5:23:07 PM - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    RP386: 5/4/2013 5:45:04 PM - Configured NETGEAR GA311 Gigabit Adapter
    RP387: 5/4/2013 7:45:01 PM - Removed NETGEAR GA311 Gigabit Adapter
    RP388: 5/4/2013 7:57:01 PM - Windows Update
    RP389: 5/4/2013 8:11:52 PM - Windows Update
    RP390: 5/5/2013 12:08:38 AM - Windows Modules Installer
    RP391: 5/5/2013 3:46:37 AM - ccleaner extended
    RP392: 5/5/2013 3:58:34 AM - Configured Platform
    RP393: 5/5/2013 5:02:19 AM - Installed Platform
    RP394: 5/5/2013 1:46:19 PM - wtf things are strange
    RP395: 5/5/2013 3:01:02 PM - Configured Platform
    RP396: 5/5/2013 4:13:52 PM - Installed Platform
    RP397: 5/5/2013 4:18:10 PM - Installed Platform
    .
    ==== Installed Programs ======================
    .
    3DMark 11
    3DMark Demo
    3DMark Vantage
    4K Video Downloader 2.5
    7-Zip 9.22beta
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Aeon
    AMD Catalyst Install Manager
    AMD Fuel
    AMD OverDrive
    AMD VISION Engine Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CPUID CPU-Z 1.63.0
    CPUID HWMonitor 1.21
    D3DX10
    Defraggler
    Driver Fusion
    Dropbox
    Emote for Windows Media Center Plugin
    eReg
    Euro Truck Simulator 2 Demo
    FLAC 1.2.1b (remove only)
    foobar2000 v1.2.4
    Futuremark SystemInfo
    G-Force
    Geekbench 2.4
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Half-Life 2: Episode Two
    Heaven Benchmark version 4.0
    JMicron JMB36X Driver
    Kaspersky Anti-Virus 2013
    Logitech SetPoint 6.52
    LogonStudio
    Malwarebytes Anti-Malware version 1.75.0.1300
    MediaMonkey 4.0
    Microsoft .NET Framework 4.5
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Windows Performance Toolkit
    Microsoft Windows SDK for Windows 7 (7.1)
    Movie Maker
    Mozilla Firefox 20.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    Music Manager
    MusicBrainz Picard
    NEC Electronics USB 3.0 Host Controller Driver
    Netflix in Windows Media Center
    NVIDIA PhysX
    PC Probe II
    PCMark 7
    PhenomMsrTweaker
    Photo Common
    Photo Gallery
    Platform
    PlayReady PC Runtime amd64
    RaceRoom Racing Experience
    Radeon RAMDisk
    Razer Lycosa
    Realtek Ethernet Controller Driver
    Recuva
    Resident Evil 6 Benchmark Tool
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Samsung_MonSetup
    Security Task Manager 1.8g
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Skifta
    SoftSkies
    Speccy
    Steam
    SumatraPDF
    Update for Microsoft .NET Framework 4.5 (KB2750147)
    VIA Platform Device Manager
    VLC media player 2.0.6
    WhiteCap
    Win7codecs
    Windows Live Communications Platform
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WOT for Internet Explorer
    x64 Components v4.1.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/5/2013 4:04:06 AM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service

    depends on the Windows Process Activation Service service which failed to start because of the following error:

    The service cannot be started, either because it is disabled or because it has no enabled devices associated

    with it.
    5/5/2013 12:43:08 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as

    a member of a domain. The Netlogon service does not need to run in this configuration.
    5/4/2013 9:55:21 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the

    Server service which failed to start because of the following error: The dependency service or group failed to

    start.
    5/4/2013 9:55:20 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the

    Function Discovery Provider Host service which failed to start because of the following error: The dependency

    service or group failed to start.
    5/4/2013 9:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to

    start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/4/2013 9:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to

    start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/4/2013 9:55:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to

    start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-

    00C04FB926AF}
    5/4/2013 9:55:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to

    start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-

    50B198B896DC}
    5/4/2013 9:55:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver

    (s) failed to load: AsIO discache KLIF kneps spldr Wanarpv6
    5/4/2013 7:39:48 PM, Error: volmgr [46] - Crash dump initialization failed!
    5/4/2013 7:03:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from

    a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80069fb660,

    0xfffff8000230a510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050413-48563-01.
    5/4/2013 6:33:51 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
    5/4/2013 6:04:11 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    5/4/2013 6:03:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while

    waiting for the AMD FUEL Service service to connect.
    5/4/2013 6:03:49 PM, Error: Service Control Manager [7000] - The AMD FUEL Service service failed to start due

    to the following error: The service did not respond to the start or control request in a timely fashion.
    5/4/2013 10:13:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated

    unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000

    milliseconds: Restart the service.
    5/4/2013 10:13:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with

    service-specific error %%-1073473535.
    5/4/2013 1:28:13 AM, Error: Service Control Manager [7000] - The cpuz136 service failed to start due to the

    following error: The system cannot find the path specified.
    5/3/2013 8:15:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from

    a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80069fb660,

    0xfffff8000230a510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050313-30466-01.
    5/3/2013 7:26:54 PM, Error: JRAID [117] - The driver for device \Device\Scsi\JRAID1 detected a port timeout

    due to prolonged inactivity. All associated busses were reset in an effort to clear the condition.
    5/2/2013 12:03:50 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with

    service-specific error %%-1073473536.
    4/29/2013 9:56:55 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service

    service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in

    30000 milliseconds: Restart the service.
    4/29/2013 9:49:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to

    start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/29/2013 9:49:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while

    waiting for the Windows Search service to connect.
    4/29/2013 9:49:38 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due

    to the following error: The service did not respond to the start or control request in a timely fashion.
    4/29/2013 5:00:21 PM, Error: Service Control Manager [7000] - The cpuz136 service failed to start due to the

    following error: The system cannot find the file specified.
    4/29/2013 4:40:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while

    waiting for the Steam Client Service service to connect.
    4/29/2013 4:40:04 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start

    due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Please disable "word wrap" in Notepad because your logs are hard to read.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. TrunkMonkey

    TrunkMonkey TS Rookie Topic Starter Posts: 73

    MBAR was clean! Removed word wrap.

    NOTE: RK always crashes on the MBR section (generic WIN7 message saying it has unexpectedly stopped), so I ran it in safe mode. Hope that works too. Have you heard of this happening to others?


    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : SuperUser [Admin rights]
    Mode : Scan -- Date : 05/06/2013 13:07:07
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST2000DM 001-1CH164 SATA Disk Device +++++
    --- User ---
    [MBR] 8b0a009f7a2005551b965e75a8395451
    [BSP] 00c11e3126db23695f6005d92b3cd533 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST2000DM 001-1CH164 SATA Disk Device +++++
    --- User ---
    [MBR] 19d84013c847badf8f782ac91fa90e69
    [BSP] d60ab8c6d76ad40ff39df1e4271c256d : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_05062013_02d1307.txt >>
    RKreport[1]_S_05062013_02d1307.txt







    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : SuperUser [Admin rights]
    Mode : Remove -- Date : 05/06/2013 13:07:35
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST2000DM 001-1CH164 SATA Disk Device +++++
    --- User ---
    [MBR] 8b0a009f7a2005551b965e75a8395451
    [BSP] 00c11e3126db23695f6005d92b3cd533 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST2000DM 001-1CH164 SATA Disk Device +++++
    --- User ---
    [MBR] 19d84013c847badf8f782ac91fa90e69
    [BSP] d60ab8c6d76ad40ff39df1e4271c256d : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_05062013_02d1307.txt >>
    RKreport[1]_S_05062013_02d1307.txt ; RKreport[2]_D_05062013_02d1307.txt




     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I don't see anything malicious in your logs.
     
  5. TrunkMonkey

    TrunkMonkey TS Rookie Topic Starter Posts: 73

    Good news! So I guess the KAV upload prompt was legit. 2 questions : Is this behavior you're familiar with for that software? And what about "TOO MANY REDIRECTS" on chrome in place of a website you just typed in?

    I don't want to waste your time but it's odd to get messages I've never seen considering how often I've used this computer.

    Honestly it "feels" like it's running well. Thanks!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  7. TrunkMonkey

    TrunkMonkey TS Rookie Topic Starter Posts: 73

    Thanks those were helpful links. So this could all just be a coincidence of explainable events.
    I thought for sure there was something going on since RogueKiller removed 2 registry entries which disable registry tools, is that normal? Could legit software be doing that for any good reason?

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    thank you. I will consider myself clean and keep an eye on it.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I see those a lot even on clean computers.
     
  9. TrunkMonkey

    TrunkMonkey TS Rookie Topic Starter Posts: 73

    Very glad I asked because those 2 lines have kept me paranoid for about 6 months!

    Thanks again.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...