Laura Blues
Posts: 16 +1
Every time I turn on my computer, I see a pop-up for a setup.exe file wanting to make changes to my hard drive. When I click for more info to see the source of the file, I see this:
"C:\User\Me\AppData\Local\Temp\s4tk\Set/S" BUT the "s4tk" part, right after Temp, changes every time I turn on my computer. Invariably, I choose "No". I can never find this file in the Temp folder.
I have tried running full scans with Norton and Kaspersky, and neither of them find anything. Then, I ran a TFC scan. I also tried restoring previous settings, which failed with a message that it was not possible to go back to that point.
Then I found here a somewhat similar issue (https://www.techspot.com/community/...rus-in-temp-folder-log-files-attached.137262/), followed the updated 4-step instructions and I paste my logs below.
I am not very good at understanding these things, so please I beg a little patience and a lot of help.
Thank you very much in advance!
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.01.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
FlaviaLaura :: FLAS-PLAYGROUND [administrator]
Protection: Enabled
01/01/2014 17:45:28
mbam-log-2014-01-01 (17-45-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206394
Time elapsed: 2 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
Files Detected: 4
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
Run by FlaviaLaura at 17:58:02 on 2014-01-01
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.12227.9054 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskhostex.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Users\FlaviaLaura\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\FlaviaLaura\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\WmiApSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=HPDTDFJS
uDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
mStart Page = hxxp://www.bing.com?pc=HPDTDFJS
mDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [LightShot] C:\Users\FlaviaLaura\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\FLAVIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\FlaviaLaura\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B414FBFB-0AD3-41B5-A557-D13E020D019C} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.bing.com?pc=HPDTDFJS
x64-mDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FlaviaLaura\AppData\Roaming\Mozilla\Firefox\Profiles\gs6k1fla.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289116&SearchSource=2&CUI=UN25941791417858127&UM=1&q=
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\Drivers\excsd.sys [2013-11-12 112552]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-19 678384]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-11-12 91712]
R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\Drivers\excfs.sys [2013-11-12 26024]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\Drivers\klim6.sys [2013-11-26 30304]
R1 klpd;klpd;C:\windows\System32\Drivers\klpd.sys [2013-4-12 15456]
R1 klwfp;klwfp;C:\windows\System32\Drivers\klwfp.sys [2013-11-26 64608]
R1 kneps;kneps;C:\windows\System32\Drivers\kneps.sys [2013-6-6 178272]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-11-26 214512]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-11-12 89864]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-11-12 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-11-12 294664]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-12-22 1375600]
R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2013-1-8 107944]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-6-7 92160]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-12 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-12 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-1 701512]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-11-12 84168]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-22 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-22 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\Drivers\klkbdflt.sys [2013-11-26 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\Drivers\klmouflt.sys [2013-11-26 29280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-1-1 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\Drivers\nvvad64v.sys [2013-12-22 39200]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-3-1 259144]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-12-28 760032]
S0 klelam;klelam;C:\windows\System32\Drivers\klelam.sys [2013-11-26 29792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-3-25 108312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2013-10-28 204568]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-4-9 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S4 klflt;klflt;C:\windows\System32\Drivers\klflt.sys [2014-1-1 112224]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-01 16:44:29 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\Malwarebytes
2014-01-01 16:44:20 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-01 16:44:20 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-01 16:44:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 01:59:25 110176 ----a-w- C:\windows\System32\klfphc.dll
2014-01-01 01:58:54 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-01-01 01:58:54 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-01-01 01:58:52 112224 ----a-w- C:\windows\System32\drivers\klflt.sys
2013-12-29 20:38:54 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\hpqlog
2013-12-29 12:04:57 -------- d-----r- C:\Users\FlaviaLaura\Dropbox
2013-12-29 12:02:27 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\Dropbox
2013-12-28 01:35:56 -------- d-----w- C:\ProgramData\Updater
2013-12-28 01:35:56 -------- d-----w- C:\ProgramData\RHelpers
2013-12-28 01:35:55 -------- d-----w- C:\ProgramData\Websteroids
2013-12-27 20:32:52 -------- d-----w- C:\MediaServer
2013-12-22 23:36:22 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-22 12:29:54 -------- d-----w- C:\Program Files (x86)\Skillbrains
2013-12-22 12:29:53 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Skillbrains
2013-12-22 11:49:41 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-12-22 11:49:39 -------- d-----w- C:\Program Files (x86)\Steam
2013-12-22 11:40:13 511328 ----a-w- C:\windows\System32\d3dx10_43.dll
2013-12-22 11:40:13 470880 ----a-w- C:\windows\SysWow64\d3dx10_43.dll
2013-12-22 11:40:13 2401112 ----a-w- C:\windows\System32\D3DX9_43.dll
2013-12-22 11:40:13 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll
2013-12-22 11:40:10 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\NVIDIA Corporation
2013-12-22 11:39:45 39200 ----a-w- C:\windows\System32\drivers\nvvad64v.sys
2013-12-22 11:39:45 32544 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll
2013-12-22 11:39:33 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\NVIDIA
2013-12-22 11:35:05 982232 ----a-w- C:\windows\SysWow64\nvspcap.dll
2013-12-22 11:35:05 1100248 ----a-w- C:\windows\System32\nvspcap64.dll
2013-12-22 11:29:05 -------- d-----w- C:\NVIDIA
2013-12-22 11:20:36 -------- d-----w- C:\ProgramData\Oracle
2013-12-22 11:20:07 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-22 01:26:28 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\ElevatedDiagnostics
2013-12-22 00:50:01 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Macromedia
2013-12-22 00:47:15 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Adobe
2013-12-22 00:23:27 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\NVIDIA
2013-12-22 00:23:24 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\Firestorm
2013-12-22 00:23:24 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Firestorm
2013-12-22 00:22:40 -------- d-----w- C:\Program Files (x86)\Firestorm-Beta
2013-12-22 00:14:36 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Hewlett-Packard
2013-12-22 00:13:58 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-22 00:13:57 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-22 00:10:49 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-22 00:10:49 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-22 00:07:45 -------- d-----r- C:\windows\BrowserChoice
2013-12-22 00:02:49 -------- d-----w- C:\sources
2013-12-21 23:46:58 -------- d-----w- C:\windows\System32\MRT
2013-12-21 23:28:53 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Programs
2013-12-21 23:26:56 -------- d-----w- C:\ProgramData\ClassicShell
2013-12-21 23:26:35 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\ClassicShell
2013-12-21 23:26:21 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\HP Quick Start
2013-12-21 23:22:26 -------- d-----w- C:\Program Files\Classic Shell
2013-12-21 22:02:29 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-12-21 21:58:03 -------- d-----r- C:\Users\FlaviaLaura\Searches
2013-12-21 21:58:03 -------- d-----r- C:\Users\FlaviaLaura\Contacts
2013-12-21 21:56:54 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Power2Go8
2013-12-21 21:56:29 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\VirtualStore
2013-12-21 21:56:17 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Packages
2013-12-21 21:40:58 -------- d-sh--we C:\Programme
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Vorlagen
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Startmenü
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Dokumente
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Anwendungsdaten
2013-12-21 21:40:58 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
2013-12-21 21:40:57 -------- d-sh--we C:\Dokumente und Einstellungen
.
==================== Find3M ====================
.
2014-01-01 02:07:40 178272 ----a-w- C:\windows\System32\drivers\kneps.sys
2013-12-05 08:42:26 35104 ----a-w- C:\windows\System32\nvaudcap64v.dll
2013-11-26 03:53:10 64608 ----a-w- C:\windows\System32\drivers\klwfp.sys
2013-11-26 03:53:10 30304 ----a-w- C:\windows\System32\drivers\klim6.sys
2013-11-26 03:53:10 29280 ----a-w- C:\windows\System32\drivers\klmouflt.sys
2013-11-26 03:53:10 29280 ----a-w- C:\windows\System32\drivers\klkbdflt.sys
2013-11-26 03:53:04 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2013-11-26 03:53:04 29792 ----a-w- C:\windows\System32\drivers\klelam.sys
2013-11-23 06:43:58 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-14 11:57:05 31520 ----a-w- C:\windows\System32\nvhdap64.dll
2013-11-14 11:57:05 196384 ----a-w- C:\windows\System32\drivers\nvhda64v.sys
2013-11-14 11:57:05 1510176 ----a-w- C:\windows\System32\nvhdagenco64.dll
2013-11-11 15:02:02 6674208 ----a-w- C:\windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-11-11 15:01:59 2559776 ----a-w- C:\windows\System32\nvsvcr.dll
2013-11-11 15:01:59 219424 ----a-w- C:\windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\windows\System32\nvcoproc.bin
2013-11-11 07:59:28 590112 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-28 00:12:12 204568 ----a-w- C:\windows\System32\drivers\ssudmdm.sys
2013-10-28 00:12:10 107288 ----a-w- C:\windows\System32\drivers\ssudbus.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-20 16:47:24 329216 ----a-w- C:\windows\System32\StartMenuHelper64.dll
2013-10-20 16:46:56 268288 ----a-w- C:\windows\SysWow64\StartMenuHelper32.dll
2013-10-19 05:45:45 62976 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-10-05 06:10:20 285016 ----a-w- C:\windows\System32\drivers\spaceport.sys
.
============= FINISH: 17:58:15.52 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 21/12/2013 22:56:11
System Uptime: 01/01/2014 17:50:39 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 2AF7
Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz | | 3101/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 459 GiB total, 392.465 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.654 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 458 GiB total, 457.591 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 21/12/2013 23:19:22 - Language Pack Removal
RP4: 29/12/2013 19:28:32 - Scheduled Checkpoint
RP5: 01/01/2014 16:58:31 - Restore Operation
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Alcor Micro USB Card Reader Driver
Bonjour
Classic Shell
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 12
D3DX10
DisplayFusion 5.1.1
Dropbox
ExpressCache
Firestorm-Beta (remove only)
Fotogalerie
GeForce Experience NvStream Client Components
Hewlett-Packard ACLM.NET v1.2.2.1
HP Connected Music (Meridian - installer)
HP Customer Experience Enhancements
HP Postscript Converter
HP Quick Start
HP Registration Service
HP Support Assistant
HP Support Information
IDT Audio
Intel(R) Management Engine Components
Intel® Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
Kaspersky Internet Security
lightshot-4.4.2.10
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Photo Common
Photo Gallery
Qualcomm Atheros Driver Installation Program
Realtek Card Reader
Recovery Manager
SHIELD Streaming
Skype™ 6.11
Steam
Still Life 2
Updater
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
01/01/2014 17:01:51, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
01/01/2014 16:59:13, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
01/01/2014 15:02:05, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).
01/01/2014 14:41:27, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).
01/01/2014 14:20:50, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
"C:\User\Me\AppData\Local\Temp\s4tk\Set/S" BUT the "s4tk" part, right after Temp, changes every time I turn on my computer. Invariably, I choose "No". I can never find this file in the Temp folder.
I have tried running full scans with Norton and Kaspersky, and neither of them find anything. Then, I ran a TFC scan. I also tried restoring previous settings, which failed with a message that it was not possible to go back to that point.
Then I found here a somewhat similar issue (https://www.techspot.com/community/...rus-in-temp-folder-log-files-attached.137262/), followed the updated 4-step instructions and I paste my logs below.
I am not very good at understanding these things, so please I beg a little patience and a lot of help.
Thank you very much in advance!
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.01.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
FlaviaLaura :: FLAS-PLAYGROUND [administrator]
Protection: Enabled
01/01/2014 17:45:28
mbam-log-2014-01-01 (17-45-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206394
Time elapsed: 2 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
Files Detected: 4
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
Run by FlaviaLaura at 17:58:02 on 2014-01-01
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.12227.9054 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskhostex.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Users\FlaviaLaura\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\FlaviaLaura\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\WmiApSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=HPDTDFJS
uDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
mStart Page = hxxp://www.bing.com?pc=HPDTDFJS
mDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [LightShot] C:\Users\FlaviaLaura\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\FLAVIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\FlaviaLaura\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B414FBFB-0AD3-41B5-A557-D13E020D019C} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.bing.com?pc=HPDTDFJS
x64-mDefault_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FlaviaLaura\AppData\Roaming\Mozilla\Firefox\Profiles\gs6k1fla.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289116&SearchSource=2&CUI=UN25941791417858127&UM=1&q=
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\Drivers\excsd.sys [2013-11-12 112552]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-19 678384]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-11-12 91712]
R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\Drivers\excfs.sys [2013-11-12 26024]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\Drivers\klim6.sys [2013-11-26 30304]
R1 klpd;klpd;C:\windows\System32\Drivers\klpd.sys [2013-4-12 15456]
R1 klwfp;klwfp;C:\windows\System32\Drivers\klwfp.sys [2013-11-26 64608]
R1 kneps;kneps;C:\windows\System32\Drivers\kneps.sys [2013-6-6 178272]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-11-26 214512]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-11-12 89864]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-11-12 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-11-12 294664]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-12-22 1375600]
R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2013-1-8 107944]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-6-7 92160]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-11-12 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-12 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-1 701512]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-11-12 84168]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-22 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-22 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\Drivers\klkbdflt.sys [2013-11-26 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\Drivers\klmouflt.sys [2013-11-26 29280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-1-1 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\Drivers\nvvad64v.sys [2013-12-22 39200]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-3-1 259144]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-12-28 760032]
S0 klelam;klelam;C:\windows\System32\Drivers\klelam.sys [2013-11-26 29792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-3-25 108312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2013-10-28 107288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2013-10-28 204568]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-4-9 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S4 klflt;klflt;C:\windows\System32\Drivers\klflt.sys [2014-1-1 112224]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-01 16:44:29 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\Malwarebytes
2014-01-01 16:44:20 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-01 16:44:20 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-01 16:44:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 01:59:25 110176 ----a-w- C:\windows\System32\klfphc.dll
2014-01-01 01:58:54 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-01-01 01:58:54 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-01-01 01:58:52 112224 ----a-w- C:\windows\System32\drivers\klflt.sys
2013-12-29 20:38:54 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\hpqlog
2013-12-29 12:04:57 -------- d-----r- C:\Users\FlaviaLaura\Dropbox
2013-12-29 12:02:27 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\Dropbox
2013-12-28 01:35:56 -------- d-----w- C:\ProgramData\Updater
2013-12-28 01:35:56 -------- d-----w- C:\ProgramData\RHelpers
2013-12-28 01:35:55 -------- d-----w- C:\ProgramData\Websteroids
2013-12-27 20:32:52 -------- d-----w- C:\MediaServer
2013-12-22 23:36:22 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-22 12:29:54 -------- d-----w- C:\Program Files (x86)\Skillbrains
2013-12-22 12:29:53 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Skillbrains
2013-12-22 11:49:41 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-12-22 11:49:39 -------- d-----w- C:\Program Files (x86)\Steam
2013-12-22 11:40:13 511328 ----a-w- C:\windows\System32\d3dx10_43.dll
2013-12-22 11:40:13 470880 ----a-w- C:\windows\SysWow64\d3dx10_43.dll
2013-12-22 11:40:13 2401112 ----a-w- C:\windows\System32\D3DX9_43.dll
2013-12-22 11:40:13 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll
2013-12-22 11:40:10 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\NVIDIA Corporation
2013-12-22 11:39:45 39200 ----a-w- C:\windows\System32\drivers\nvvad64v.sys
2013-12-22 11:39:45 32544 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll
2013-12-22 11:39:33 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\NVIDIA
2013-12-22 11:35:05 982232 ----a-w- C:\windows\SysWow64\nvspcap.dll
2013-12-22 11:35:05 1100248 ----a-w- C:\windows\System32\nvspcap64.dll
2013-12-22 11:29:05 -------- d-----w- C:\NVIDIA
2013-12-22 11:20:36 -------- d-----w- C:\ProgramData\Oracle
2013-12-22 11:20:07 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-22 01:26:28 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\ElevatedDiagnostics
2013-12-22 00:50:01 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Macromedia
2013-12-22 00:47:15 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Adobe
2013-12-22 00:23:27 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\NVIDIA
2013-12-22 00:23:24 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\Firestorm
2013-12-22 00:23:24 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Firestorm
2013-12-22 00:22:40 -------- d-----w- C:\Program Files (x86)\Firestorm-Beta
2013-12-22 00:14:36 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Hewlett-Packard
2013-12-22 00:13:58 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-22 00:13:57 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-22 00:10:49 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-22 00:10:49 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-22 00:07:45 -------- d-----r- C:\windows\BrowserChoice
2013-12-22 00:02:49 -------- d-----w- C:\sources
2013-12-21 23:46:58 -------- d-----w- C:\windows\System32\MRT
2013-12-21 23:28:53 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Programs
2013-12-21 23:26:56 -------- d-----w- C:\ProgramData\ClassicShell
2013-12-21 23:26:35 -------- d-----w- C:\Users\FlaviaLaura\AppData\Roaming\ClassicShell
2013-12-21 23:26:21 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\HP Quick Start
2013-12-21 23:22:26 -------- d-----w- C:\Program Files\Classic Shell
2013-12-21 22:02:29 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-12-21 21:58:03 -------- d-----r- C:\Users\FlaviaLaura\Searches
2013-12-21 21:58:03 -------- d-----r- C:\Users\FlaviaLaura\Contacts
2013-12-21 21:56:54 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Power2Go8
2013-12-21 21:56:29 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\VirtualStore
2013-12-21 21:56:17 -------- d-----w- C:\Users\FlaviaLaura\AppData\Local\Packages
2013-12-21 21:40:58 -------- d-sh--we C:\Programme
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Vorlagen
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Startmenü
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Dokumente
2013-12-21 21:40:58 -------- d-sh--we C:\ProgramData\Anwendungsdaten
2013-12-21 21:40:58 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
2013-12-21 21:40:57 -------- d-sh--we C:\Dokumente und Einstellungen
.
==================== Find3M ====================
.
2014-01-01 02:07:40 178272 ----a-w- C:\windows\System32\drivers\kneps.sys
2013-12-05 08:42:26 35104 ----a-w- C:\windows\System32\nvaudcap64v.dll
2013-11-26 03:53:10 64608 ----a-w- C:\windows\System32\drivers\klwfp.sys
2013-11-26 03:53:10 30304 ----a-w- C:\windows\System32\drivers\klim6.sys
2013-11-26 03:53:10 29280 ----a-w- C:\windows\System32\drivers\klmouflt.sys
2013-11-26 03:53:10 29280 ----a-w- C:\windows\System32\drivers\klkbdflt.sys
2013-11-26 03:53:04 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2013-11-26 03:53:04 29792 ----a-w- C:\windows\System32\drivers\klelam.sys
2013-11-23 06:43:58 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-14 11:57:05 31520 ----a-w- C:\windows\System32\nvhdap64.dll
2013-11-14 11:57:05 196384 ----a-w- C:\windows\System32\drivers\nvhda64v.sys
2013-11-14 11:57:05 1510176 ----a-w- C:\windows\System32\nvhdagenco64.dll
2013-11-11 15:02:02 6674208 ----a-w- C:\windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-11-11 15:01:59 2559776 ----a-w- C:\windows\System32\nvsvcr.dll
2013-11-11 15:01:59 219424 ----a-w- C:\windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\windows\System32\nvcoproc.bin
2013-11-11 07:59:28 590112 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-28 00:12:12 204568 ----a-w- C:\windows\System32\drivers\ssudmdm.sys
2013-10-28 00:12:10 107288 ----a-w- C:\windows\System32\drivers\ssudbus.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-20 16:47:24 329216 ----a-w- C:\windows\System32\StartMenuHelper64.dll
2013-10-20 16:46:56 268288 ----a-w- C:\windows\SysWow64\StartMenuHelper32.dll
2013-10-19 05:45:45 62976 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-10-05 06:10:20 285016 ----a-w- C:\windows\System32\drivers\spaceport.sys
.
============= FINISH: 17:58:15.52 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 21/12/2013 22:56:11
System Uptime: 01/01/2014 17:50:39 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 2AF7
Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz | | 3101/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 459 GiB total, 392.465 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.654 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 458 GiB total, 457.591 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 21/12/2013 23:19:22 - Language Pack Removal
RP4: 29/12/2013 19:28:32 - Scheduled Checkpoint
RP5: 01/01/2014 16:58:31 - Restore Operation
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Alcor Micro USB Card Reader Driver
Bonjour
Classic Shell
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 12
D3DX10
DisplayFusion 5.1.1
Dropbox
ExpressCache
Firestorm-Beta (remove only)
Fotogalerie
GeForce Experience NvStream Client Components
Hewlett-Packard ACLM.NET v1.2.2.1
HP Connected Music (Meridian - installer)
HP Customer Experience Enhancements
HP Postscript Converter
HP Quick Start
HP Registration Service
HP Support Assistant
HP Support Information
IDT Audio
Intel(R) Management Engine Components
Intel® Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
Kaspersky Internet Security
lightshot-4.4.2.10
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Photo Common
Photo Gallery
Qualcomm Atheros Driver Installation Program
Realtek Card Reader
Recovery Manager
SHIELD Streaming
Skype™ 6.11
Steam
Still Life 2
Updater
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
01/01/2014 17:01:51, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
01/01/2014 16:59:13, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
01/01/2014 15:02:05, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).
01/01/2014 14:41:27, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).
01/01/2014 14:20:50, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================