Author Topic: Ram usage really high (Read 45066 times)

smallzZz8 · « **on:** September 10, 2013, 06:15:33 PM »

ok so i normally get around 50-60 ram when doing my stuff. but just the other day i ran all these scans to clean my computer. Norton did a backup, tuneup and disk optimization. I also used ccleaner to clear some junk and delete a few programs. That all took me a few days and now when i turn my server on like normal and do my stuff i run like 90% ram or physical memory. so i did a malware scan and deleted a few things. I also turned off some startup programs and restarted my computer. When it turned back on it was working good and i turned all my programs back on and it was running normal. i left it on over night like normal and woke up the next morning and it was at like 90%-100%. Can someone please tell me what is wrong with my computer!!!?!?!?!?!? Thanks soo much

Here are the scans report logs

step 4 security check http://pastebin.com/iYR0cSCa#

step 3 malwarebytes http://pastebin.com/EkaaAdKe

Step 2 AdwCleaner http://pastebin.com/qJsBTLXi

I am following/replying from this link http://www.computerhope.com/forum/index.php/topic,46313.0.html

Results of screen317's Security Check version 0.99.73
2. Windows 7 Service Pack 1 x64 (UAC is enabled)
3. Internet Explorer 10
4.``````````````Antivirus/Firewall Check:``````````````[/u]
5. Windows Firewall Enabled!
6.Norton 360
7. WMI entry may not exist for antivirus; attempting automatic update.
8.`````````Anti-malware/Other Utilities Check:`````````[/u]
9. Malwarebytes Anti-Malware version 1.75.0.1300
10. Java 7 Update 25
11. Adobe Reader 9 Adobe Reader out of Date!
12. Google Chrome 29.0.1547.62
13. Google Chrome 29.0.1547.66
14.````````Process Check: objlist.exe by Laurent````````[/u]
15. Norton ccSvcHst.exe
16.`````````````````System Health check`````````````````[/u]
17. Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
18.````````````````````End of Log``````````````````````[/u]

1.Malwarebytes Anti-Malware 1.75.0.1300
2.www.malwarebytes.org
3.
4.Database version: v2013.09.03.07
5.
6.Windows 7 Service Pack 1 x64 NTFS
7.Internet Explorer 10.0.9200.16660
8.Bryce :: ADAMS-PC [administrator]
9.
10.9/10/2013 5:26:07 PM
11.mbam-log-2013-09-10 (17-26-07).txt
12.
13.Scan type: Quick scan
14.Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
15.Scan options disabled: P2P
16.Objects scanned: 321294
17.Time elapsed: 6 minute(s), 44 second(s)
18.
19.Memory Processes Detected: 0
20.(No malicious items detected)
21.
22.Memory Modules Detected: 0
23.(No malicious items detected)
24.
25.Registry Keys Detected: 0
26.(No malicious items detected)
27.
28.Registry Values Detected: 0
29.(No malicious items detected)
30.
31.Registry Data Items Detected: 0
32.(No malicious items detected)
33.
34.Folders Detected: 0
35.(No malicious items detected)
36.
37.Files Detected: 1
38.C:\Users\Bryce\Downloads\ManyCamSetup.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
39.
40.(end)

1.# AdwCleaner v3.003 - Report created 10/09/2013 at 17:19:28
2.# Updated 07/09/2013 by Xplode
3.# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
4.# Username : Bryce - ADAMS-PC
5.# Running from : C:\Users\Bryce\Downloads\adwcleaner.exe
6.# Option : Clean
7.
8.***** [ Services ] *****
9.
10.
11.***** [ Files / Folders ] *****
12.
13.Folder Deleted : C:\ProgramData\apn
14.Folder Deleted : C:\ProgramData\Babylon
15.Folder Deleted : C:\ProgramData\blekko toolbars
16.Folder Deleted : C:\ProgramData\boost_interprocess
17.Folder Deleted : C:\ProgramData\BrowserProtect
18.Folder Deleted : C:\ProgramData\PC Optimizer Pro
19.Folder Deleted : C:\Program Files (x86)\FunWebProducts
20.Folder Deleted : C:\Program Files (x86)\Yontoo
21.Folder Deleted : C:\Users\Laura\AppData\LocalLow\iBryte
22.Folder Deleted : C:\Users\Brent\AppData\Local\Babylon
23.Folder Deleted : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
24.Folder Deleted : C:\Users\Brent\AppData\LocalLow\BabylonToolbar
25.Folder Deleted : C:\Users\Brent\AppData\LocalLow\facemoods.com
26.Folder Deleted : C:\Users\Brent\AppData\LocalLow\iBryte
27.Folder Deleted : C:\Users\Brent\AppData\Roaming\DefaultTab
28.Folder Deleted : C:\Users\Bryce\AppData\Local\Bundled software uninstaller
29.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\facemoods.com
30.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\iBryte
31.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Minibar
32.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Smartbar
33.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Softonic
34.Folder Deleted : C:\Users\Mike\AppData\LocalLow\facemoods.com
35.Folder Deleted : C:\Users\Mike\AppData\LocalLow\iBryte
36.Folder Deleted : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
37.Folder Deleted : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
38.Folder Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
39.Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
40.File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
41.File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
42.File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
43.File Deleted : C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
44.File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
45.File Deleted : C:\Windows\Tasks\PC Optimizer Pro Updates.job
46.File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates
47.
48.***** [ Shortcuts ] *****
49.
50.
51.***** [ Registry ] *****
52.
53.Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
54.Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
55.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
56.Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
57.Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
58.Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
59.Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
60.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
61.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
62.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
63.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
64.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
65.Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
66.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
67.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
68.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
69.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
70.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
71.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
72.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
73.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
74.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
75.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
76.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
77.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
78.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
79.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
80.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
81.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
82.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
83.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
84.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
85.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
86.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
87.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
88.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
89.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
90.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
91.Key Deleted : HKCU\Software\5d28adbb73de414
92.Key Deleted : HKLM\SOFTWARE\5d28adbb73de414
93.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_axife-mouse-recorder_RASAPI32
94.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_axife-mouse-recorder_RASMANCS
95.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASAPI32
96.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASMANCS
97.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASAPI32
98.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASMANCS
99.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
100.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
101.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
102.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
103.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
104.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
105.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
106.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
107.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
108.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
109.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
110.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
111.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
112.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
113.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
114.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
115.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
116.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
117.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
118.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
119.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
120.Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
121.Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
122.Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
123.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
124.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
125.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
126.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
127.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
128.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
129.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
130.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
131.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
132.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
133.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
134.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
135.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
136.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
137.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
138.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
139.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
140.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
141.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
142.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
143.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
144.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
145.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
146.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
147.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
148.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{250BECD2-5C43-48CF-A3C6-666338526D67}
149.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
150.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
151.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
152.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
153.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
154.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
155.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
156.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
157.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
158.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
159.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
160.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
161.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
162.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}]
163.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
164.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
165.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
166.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
167.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
168.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
169.Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
170.Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
171.Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe]
172.Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe]
173.Key Deleted : HKCU\Software\BabylonToolbar
174.Key Deleted : HKCU\Software\BI
175.Key Deleted : HKCU\Software\facemoods.com
176.Key Deleted : HKCU\Software\wecarereminder
177.Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
178.Key Deleted : HKLM\Software\Babylon
179.Key Deleted : HKLM\Software\Conduit
180.Key Deleted : HKLM\Software\DataMngr
181.Key Deleted : HKLM\Software\Freeze.com
182.Key Deleted : HKLM\Software\FunWebProducts
183.Key Deleted : HKLM\Software\InstallIQ
184.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
185.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
186.Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
187.Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
188.Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
189.
190.***** [ Browsers ] *****
191.
192.-\\ Internet Explorer v10.0.9200.16660
193.
194.Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
195.Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
196.Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
197.
198.-\\ Google Chrome v29.0.1547.66
199.
200.[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]
201.
202.
203.[ File : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\preferences ]
204.
205.Deleted : urls_to_restore_on_startup
206.
207.[ File : C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\preferences ]
208.
209.Deleted : homepage
210.
211.[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
212.
213.
214.*************************
215.
216.AdwCleaner[R0].txt - [16766 octets] - [10/09/2013 17:17:20]
217.AdwCleaner[S0].txt - [15524 octets] - [10/09/2013 17:19:28]
218.
219.########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15585 octets] ##########

SuperDave · « **Reply #1 on:** September 10, 2013, 07:07:39 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Quote

Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

This could be part of your problem. Please defrag your harddrive.If you need help, please ask. (SSD means Solid State Drive).

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

smallzZz8 · « **Reply #2 on:** September 10, 2013, 08:03:42 PM »

Ok i ran the scan and this is my log

http://pastebin.com/Yv6rwidW

I distinctly asked you not to attach the logs. Please copy and paste them in your reply

2.Junkware Removal Tool (JRT) by Thisisu
3.Version: 5.5.9 (09.07.2013:1)
4.OS: Windows 7 Home Premium x64
5.Ran by Bryce on Tue 09/10/2013 at 21:49:12.96
6.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7.
8.
9.
10.
11.~~~ Services
12.
13.
14.
15.~~~ Registry Values
16.
17.
18.
19.~~~ Registry Keys
20.
21.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2811912722-384006635-2399798662-1002\Software\SweetIM
22.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASAPI32
23.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASMANCS
24.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\stub_455_softonic_RASAPI32
25.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\stub_455_softonic_RASMANCS
26.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASAPI32
27.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASMANCS
28.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\stub_455_softonic_RASAPI32
29.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\stub_455_softonic_RASMANCS
30.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{99CCBB95-9586-4231-BD38-0FFBCB48F676}
31.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
32.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
33.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F9C4D153-0065-4C3C-9D87-0561AE12F2B2}
34.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
35.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
36.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0}
37.
38.
39.
40.~~~ Files
41.
42.
43.
44.~~~ Folders
45.
46.Successfully deleted: [Folder] "C:\Users\Bryce\appdata\local\blekkotb_031"
47.Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
48.
49.
50.
51.~~~ Chrome
52.
53.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
54.
55.
56.
57.~~~ Event Viewer Logs were cleared
58.
59.
60.
61.
62.
63.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
64.Scan was completed on Tue 09/10/2013 at 21:58:37.53
65.End of JRT log
66.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

smallzZz8 · « **Reply #3 on:** September 11, 2013, 04:19:41 AM »

Also i restarted my computer and when it turned back on it was at 20-30 ram. i left it on over night and it is now 80-90% ram if this helps at all

SuperDave · « **Reply #4 on:** September 11, 2013, 01:33:14 PM »

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

smallzZz8 · « **Reply #5 on:** September 11, 2013, 05:13:42 PM »

Ok i did what you said and here is the report

l l l l l l l l l l l l l l l l l l l l l
\/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Command Line
System Idle Process   47.57   0 K   24 K   0
System   1.75   156 K   588 K   4
Interrupts   1.03   0 K   0 K   n/a   Hardware Interrupts and DPCs
smss.exe      444 K   84 K   288
csrss.exe   < 0.01   2,240 K   1,620 K   408
wininit.exe      1,644 K   152 K   472
services.exe      5,816 K   4,184 K   564
svchost.exe      3,960 K   3,056 K   712   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe      2,388 K   432 K   4980
WmiPrvSE.exe      2,820 K   2,524 K   936
nvvsvc.exe      2,496 K   184 K   768   NVIDIA Driver Helper Service, Version 311.06   NVIDIA Corporation   "C:\Windows\system32\nvvsvc.exe"
NvXDSync.exe      7,148 K   292 K   3372
nvtray.exe      13,780 K   812 K   3936   NVIDIA Settings   NVIDIA Corporation   "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
nvvsvc.exe   < 0.01   5,156 K   404 K   3380
nvSCPAPISvr.exe      2,628 K   1,516 K   792   Stereo Vision Control Panel API Server   NVIDIA Corporation   "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
svchost.exe      5,168 K   3,748 K   832   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe      21,568 K   9,184 K   912   Host Process for Windows Services   Microsoft Corporation   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe      17,044 K   16,784 K   4896
svchost.exe   1.37   251,356 K   236,336 K   972   Host Process for Windows Services   Microsoft Corporation   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe   0.34   37,524 K   29,880 K   3280   Desktop Window Manager   Microsoft Corporation   "C:\Windows\system32\Dwm.exe"
svchost.exe   < 0.01   10,664 K   6,264 K   1020   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k LocalService
svchost.exe   < 0.01   30,444 K   22,640 K   308   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe      2,144 K   944 K   3816
FourEngine.exe   < 0.01   11,676 K   1,312 K   3900
UMVPFSrv.exe      1,236 K   132 K   488   Logitech User mode UMVPF service   Logitech Inc.   C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe      2,312 K   1,396 K   1040   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k GPSvcGroup
svchost.exe   < 0.01   12,140 K   8,504 K   1264   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe   0.02   8,160 K   3,592 K   1472   Spooler SubSystem App   Microsoft Corporation   C:\Windows\System32\spoolsv.exe
svchost.exe      10,872 K   4,600 K   1504   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
eEBSvc.exe   0.01   5,112 K   700 K   1588   eEBAPI Core Process module   SEIKO EPSON CORPORATION   C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
AppleMobileDeviceService.exe   0.03   3,068 K   812 K   1788   MobileDeviceService   Apple Inc.   "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
mDNSResponder.exe      2,196 K   1,960 K   1816   Bonjour Service   Apple Inc.   "C:\Program Files\Bonjour\mDNSResponder.exe"
EPCP.exe      6,308 K   7,532 K   1856   Epson Customer Participation   SEIKO EPSON CORPORATION   "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe"
E_S50RPB.EXE      1,304 K   168 K   1912   EPSON Status Monitor 3   SEIKO EPSON CORPORATION   C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
svchost.exe   < 0.01   7,948 K   3,736 K   1944   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ccsvchst.exe   0.15   42,956 K   22,188 K   1976   Symantec Service Framework   Symantec Corporation   "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll" /prefetch:1
ccsvchst.exe   < 0.01   18,836 K   9,228 K   3588
svchost.exe      2,088 K   188 K   1172   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k imgsvc
TeamViewer_Service.exe   < 0.01   4,872 K   672 K   1388   TeamViewer 8   TeamViewer GmbH   "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
WLIDSVC.EXE   < 0.01   6,780 K   2,152 K   2276         "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE      1,208 K   164 K   2512
escsvc64.exe      1,580 K   212 K   2336   Epson Scanner Service (64bit)   Seiko Epson Corporation   C:\Windows\system32\EscSvc64.exe
svchost.exe      2,360 K   228 K   2764   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
SearchIndexer.exe   0.01   52,596 K   11,964 K   2136   Microsoft Windows Search Indexer   Microsoft Corporation   C:\Windows\system32\SearchIndexer.exe /Embedding
taskhost.exe   0.01   12,576 K   7,284 K   3564   Host Process for Windows Tasks   Microsoft Corporation   "taskhost.exe"
svchost.exe      11,096 K   6,988 K   4164   Host Process for Windows Services   Microsoft Corporation   C:\Windows\System32\svchost.exe -k LocalServicePeerNet
wmpnetwk.exe      15,360 K   11,900 K   4288   Windows Media Player Network Sharing Service   Microsoft Corporation   "C:\Program Files\Windows Media Player\wmpnetwk.exe"
svchost.exe   45.97   36,144 K   1,996 K   3472   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k defragsvc
taskhost.exe      6,904 K   13,500 K   4768
lsass.exe      6,624 K   3,972 K   584   Local Security Authority Process   Microsoft Corporation   C:\Windows\system32\lsass.exe
lsm.exe      2,672 K   1,396 K   592
csrss.exe   0.07   5,536 K   3,368 K   484
winlogon.exe      2,864 K   204 K   544
explorer.exe   0.04   44,548 K   46,672 K   3240   Windows Explorer   Microsoft Corporation   C:\Windows\Explorer.EXE
ipoint.exe   < 0.01   7,144 K   4,376 K   3804   IPoint.exe   Microsoft Corporation   "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
SKDaemon.exe      2,876 K   1,204 K   4004   SKDaemon.exe      "C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe"
RAVCpl64.exe      8,552 K   1,260 K   3520   HD Audio Control Panel   Realtek Semiconductor   "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
sidebar.exe   0.66   44,020 K   16,836 K   2216   Windows Desktop Gadgets   Microsoft Corporation   "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
E_IATIIBE.EXE   0.01   4,976 K   5,624 K   4052   EPSON Status Monitor 3   SEIKO EPSON CORPORATION   "C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE" /EPT "EPLTarget\P0000000000000001" /M "XP-400 Series"
GoogleToolbarNotifier.exe   < 0.01   3,312 K   2,560 K   2140   GoogleToolbarNotifier   Google Inc.   "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
chrome.exe   0.02   82,820 K   88,560 K   2112   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.computerhope.com/forum/index.php/board,53.0.html"
chrome.exe      91,368 K   78,724 K   2428   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2112.0.1001853252\1208759826" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19,22 --gpu-vendor-id=0x10de --gpu-device-id=0x06e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1106 --ignored=" --type=renderer " /prefetch:822062411
chrome.exe      52,616 K   64,752 K   4412   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.1.885769848\1624855712" /prefetch:673131151
chrome.exe      51,036 K   53,816 K   4524   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.2.551526088\444615725" /prefetch:673131151
chrome.exe      71,116 K   72,056 K   3104   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.3.394430138\1854293813" /prefetch:673131151
chrome.exe      18,908 K   16,900 K   3300   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.4.350340702\628353570" /prefetch:673131151
chrome.exe      20,292 K   20,116 K   3848   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.5.2111270942\2147011418" /prefetch:673131151
chrome.exe      12,532 K   20,780 K   1340   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll" --lang=en-US --channel="2112.6.1772699085\1181043759" /prefetch:-390060480
procexp.exe      2,688 K   6,872 K   3880   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Users\Bryce\Desktop\New folder\procexp.exe"
procexp64.exe   0.89   21,780 K   41,264 K   2944   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Users\Bryce\Desktop\New folder\procexp.exe"
EEventManager.exe   0.01   3,328 K   1,248 K   844   EEventManager Application   SEIKO EPSON CORPORATION   "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
jusched.exe      1,072 K   308 K   3332   Java(TM) Update Scheduler   Oracle Corporation   "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[recovering disk space, attachment deleted by admin]

SuperDave · « **Reply #6 on:** September 12, 2013, 01:25:54 PM »

I've already asked you to not attach the logs but you insist on doing it. If you do not conform to my instructions I will be forced to discontinue helping you. Use copy and paste to include your logs in your reply. It makes it so much easier to check them.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

smallzZz8 · « **Reply #7 on:** September 12, 2013, 03:55:33 PM »

Ok im sorry but i do not recall you saying to not attach the files but here is the scan from last post

ComboFix 13-09-12.01 - Bryce 09/12/2013 16:55:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.887 [GMT -4:00]
Running from: c:\users\Bryce\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\daemon_mgm.exe
c:\program files (x86)\WinPCap\INSTALL.LOG
c:\program files (x86)\WinPCap\npf_mgm.exe
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\Uninstall.exe
c:\users\Brent\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Bryce\AppData\Local\assembly\tmp
c:\users\Bryce\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SET9D8A.tmp
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))
.
.
2013-09-12 21:04 . 2013-09-12 21:04   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-09-12 21:04 . 2013-09-12 21:04   --------   d-----w-   c:\users\Mike\AppData\Local\temp
2013-09-12 21:04 . 2013-09-12 21:04   --------   d-----w-   c:\users\Laura\AppData\Local\temp
2013-09-11 02:35 . 2013-08-10 05:20   3959296   ----a-w-   c:\windows\system32\jscript9.dll
2013-09-11 01:49 . 2013-09-11 01:49   --------   d-----w-   c:\windows\ERUNT
2013-09-10 21:16 . 2013-09-10 21:19   --------   d-----w-   C:\AdwCleaner
2013-09-04 20:49 . 2013-09-04 20:49   --------   d-----w-   c:\programdata\ManyCam
2013-09-04 20:49 . 2013-09-04 20:51   --------   dc----w-   c:\users\Bryce\AppData\Roaming\ManyCam
2013-08-28 01:43 . 2013-09-04 21:31   --------   dc----w-   c:\users\Bryce\AppData\Local\ManyCam
2013-08-28 01:43 . 2013-09-04 21:14   --------   d-----w-   c:\program files (x86)\ManyCam
2013-08-28 01:43 . 2012-10-11 03:08   44928   ----a-w-   c:\windows\system32\drivers\mcvidrv_x64.sys
2013-08-27 22:43 . 2013-08-27 22:43   4406472   ----a-w-   c:\program files (x86)\Microsoft Games\Halo Custom Edition\Uninstall.exe
2013-08-24 20:53 . 2013-08-24 20:54   --------   d-----w-   C:\wamp
2013-08-14 05:44 . 2013-07-09 05:52   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 05:44 . 2013-07-09 05:46   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 05:44 . 2013-07-09 05:46   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 05:44 . 2013-07-09 05:46   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 05:44 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-08-14 05:44 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-08-14 05:44 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-08-14 05:44 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-08-14 05:44 . 2013-07-19 01:58   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 05:44 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-08-14 05:43 . 2013-07-25 09:25   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 05:43 . 2013-07-25 08:57   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-08-14 05:43 . 2013-07-09 05:51   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 05:43 . 2013-07-09 04:52   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-08-14 05:43 . 2013-06-15 04:32   39936   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 05:43 . 2013-07-06 06:03   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 02:33 . 2011-06-28 20:58   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-09-11 00:55 . 2012-09-07 01:28   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 00:55 . 2011-07-10 19:06   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-02 01:48 . 2013-09-10 19:08   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-06 21:52 . 2013-07-06 21:52   53248   -c--a-r-   c:\users\Bryce\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-07-02 22:03 . 2013-07-02 22:03   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 22:03 . 2012-09-07 19:05   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-07-02 22:03 . 2012-01-22 02:45   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-06-17 23:16 . 2011-07-05 00:35   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE" [2012-02-29 283232]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys

R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys

R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys

R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSvia64.sys

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 21:13 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 00:55]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 19:07]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 19:07]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2811912722-384006635-2399798662-1002Core.job
- c:\users\Bryce\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 18:58]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2811912722-384006635-2399798662-1002UA.job
- c:\users\Bryce\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 18:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{C7AA91E5-B547-4EBB-88CF-46FF1DBE08A3}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Toolbar-10 - (no file)
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk - c:\users\Bryce\AppData\Local\Temp\{F8E5235C-7EBC-43C6-936F-42164A5C58E3}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2811912722-384006635-2399798662-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2811912722-384006635-2399798662-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2013-09-12 17:12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-12 21:12
.
Pre-Run: 528,597,897,216 bytes free
Post-Run: 528,281,608,192 bytes free
.
- - End Of File - - E315EF4652D7B1E3DA8D765641092610
4976D4A7A40B83FC7F06EE4BDD84EB9B

SuperDave · « **Reply #8 on:** September 12, 2013, 04:34:19 PM »

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

smallzZz8 · « **Reply #9 on:** September 12, 2013, 08:11:30 PM »

ok this is the mbar log

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.07.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Bryce :: ADAMS-PC [administrator]

9/12/2013 7:18:47 PM
mbar-log-2013-09-12 (19-18-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360522
Time elapsed: 1 hour(s), 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

and this is the system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 6441525248, free: 1641865216

=======================================
Initializing...
------------ Kernel report ------------
09/12/2013 19:18:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
\SystemRoot\SysWow64\drivers\AsUpIO.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1E62x64.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mcvidrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mcaudrv_x64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130912.001\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130912.001\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80086ea790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa80086ea060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008402790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa800810ca30
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005eab060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8005bd4060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005eab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005eabb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005eab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005bd2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005bd4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CB5BD2B2

Partition information:

Partition 0 type is Other (0x1b)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 16787862

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 16787925 Numsec = 1936731329
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008402790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083f2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008402790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800810ca30, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80086ea790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80086e2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80086ea790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80086ea060, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 42ADA

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953456128

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000170586112 bytes
Sector size: 512 bytes

Done!
Read File: File "C:\Users\Bryce\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat" is compressed (flags = 1)
Read File: File "C:\Users\Bryce\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp" is compressed (flags = 1)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_16787925_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
Removal finished

SuperDave · « **Reply #10 on:** September 13, 2013, 01:23:09 PM »

Is it still using a lot of RAM?

smallzZz8 · « **Reply #11 on:** September 13, 2013, 02:40:55 PM »

yes. i restart my computer and its starts at 20-30% and it SLOWLY goes up to 85-95%. Could it be a virus? because i remember a little time ago kinda when this started norton had me delete two programs

SuperDave · « **Reply #12 on:** September 13, 2013, 07:22:04 PM »

I'm going to ask you to do a little detective work. Start your Task Manager; CTRL+ ALT+ DELETE. Click on processes and click on Mem.usage. This will toggle between the lowest usage and the highest. Click on the highest user and stop the process. Does that help the problem. You will have to reboot the computer and that process will restart. You can do that with each process until you find one that is causing the high usage. The only one you don't want to stop is "explorer". If you find the one that's causing the problem, please let me know the name of it.

smallzZz8 · « **Reply #13 on:** September 16, 2013, 06:48:07 PM »

Ok i did what you said and started the investigation. i started ending random proccesses but i could not come out with an outcome. but when i restarted my computer it was working fine for a few days and i have been keeping an eye on it. sometimes it gets high again then i restart my computer. But i narrowed it down and i think it might be svchost.exe. it sometimes gets high memory usage and there are sometimes many of them.Chrome.exe also takes up alot when i use it also nvtray.exe. but i do think there could be something wrong with svchost.exe but im not sure. i could be wrong but im not sure. i do no that i had ended some progress that did help.Also java.exe goes really really high when i have my server up but i guess thats expected

SuperDave · « **Reply #14 on:** September 16, 2013, 07:22:02 PM »

How much RAM do you have on that computer? You can stop each svchost.exe one at a time and see if there's any improvement.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Computer Hope Forum

News:

Author Topic: Ram usage really high (Read 45066 times)

smallzZz8

Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high

smallzZz8

Re: Ram usage really high

SuperDave

Re: Ram usage really high