Hi there folks! Posting on behalf of a friend.

Actually, working on a computer on behalf of a friend, posting on my own behalf. I offered to check out her virus problem and quickly realized it was outside my scope of abilities.

As soon as there's an internet connection, computer starts playing audio from random advertisements/internet radio stations of some sort. 1-3 going at once. Fan spins at random speeds, and on some boots svchost will grab 500+ MB and 100% CPU, leading eventually to crash.

Windows Defender had been uninstalled; I rolled back before that point w/system restore, then was able to install malwarebytes and MSE. MWB found 0 viruses (quick), then 2 trojans (full), then 1 trojan (quick), MSE found nothing, computer crashed trying ESET, and I gave up.

I know, the proper thing was to give up before I started and just call y'all . . .

Doing the dds and gmer via flashdrive, so I won't be hooking that machine back up to the internet until your say-so.

Do NOT have access to a windows install disk, or a Boot CD, as far as I know. I'll ask her, but, doubt it.

Thanks in advance!

jw

[EDIT: It's a basic HP desktop w/W7 Home Premium. dunno other specs but if you want them I will look at the machine and figure it out]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by user at 4:42:23 on 2013-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1645 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{17E9560D-3F76-44C9-9D56-CE452E47AA95} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\d41ayao8.default\
FF - prefs.js: browser.startup.homepage - www.drudgereport
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2013-04-11 06:51:55 -------- d-----w- c:\program files\ESET
2013-04-11 03:52:45 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5caf78a8-7818-4225-8a58-4586d90cbd0e}\offreg.dll
2013-04-10 20:03:59 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 20:03:57 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:03:50 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 20:03:49 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 20:03:48 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 20:02:24 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 20:00:48 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c78e23f9-a39e-4748-8a11-52d751d755d7}\gapaengine.dll
2013-04-10 20:00:39 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5caf78a8-7818-4225-8a58-4586d90cbd0e}\mpengine.dll
2013-04-10 19:54:49 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-10 19:54:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-10 19:52:13 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{11b76aa2-b743-412d-83e5-33fe1b1e873f}\mpengine.dll
2013-04-08 04:20:03 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2013-04-08 04:19:49 -------- d-----w- c:\programdata\Malwarebytes
2013-04-08 04:19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-08 04:19:19 -------- d-----w- c:\users\user\appdata\local\Programs
2013-03-25 23:52:28 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 18:47:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:47:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 19:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
.
============= FINISH: 4:44:39.47 ===============

I realized I probably had a virus after my computer started to behave weird. First I checked with Avast and it found some viruses and got rid of them. I also used Spybot and it can find viruses but does not remove them. I checked my computer also with different spyware programs and they did not find anything! I tried at least 3 others, but all free versions. I also downloaded Malwarebytes PRO and also nothing! I need to operate my laptop in safe mode because in normal the internet doesn't work.
Spybot usually finds 5 grade 5 viruses and 4 grade 1, after I click 'fix' and scan again it only shows half of them left but still shows them. However after I restart my computer and scan again, it shows all of them again.
I also checked for rootkits and it found 2 but I don't understand what they are and what to do. I'd be grateful for your help.

Hi, can anyone tell me if they have ever come across "Gen variant graftor.7067", and if so, is it harmful and how could I get rid of it.

Many thanks in antisipation.

Dear Tech Support,

I downloaded Teleport Pro from CNET and found I had also downloaded a piece of malware called FreeRideGames. I used Superantispyware to get rid of it but I now find there is some residual code that I can’t shake off.

It appears as a blank (white) rectangle occupying the centre of my Desktop on booting up (I assume it’s where the welcome panel would be) and also a greyed out icon in the task bar at the bottom of the screen. I can temporarily get rid of it by using Task Manager to delete the process freeridegames.exe but I can’t find where the executable is located or get rid of it.

I’ve run the logs as described in your instructions (attached) and I’d really appreciate any help you can give me to get rid of this malware.

My hardware is a Lenovo T420 Thinkpad
OS is Windows 7 Pro
I do not have access to a Windows install disc or boot cd.

Kind regards
Richard Milton

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Richard at 9:45:25 on 2013-04-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3979.1997 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Richard\AppData\Local\Temp\SDM143\Free Ride Games.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SelectionLinks: {29AAADC9-DA30-4264-BCC4-D447F7146FC1} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: &Quero: {A411D7F4-8D11-43EF-BDE4-AA921666388A} - C:\Program Files\Quero Toolbar\Quero.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe
uRun: [BIBLauncher] C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Exent_SDM] C:\Users\Richard\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freeridegames.com/do/SDMC?action=config&type=DL_CNET_DLAUNCH_OCT12&contentId=586350&sId=CNET_DLaunch_Oct12' p '143' c '466550'"
uRun: [GoogleChromeAutoLaunch_29A699B01FEEF335BD09EDAD4C8A90AE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SMessaging] C:\Users\Richard\AppData\Local\Strongvault Online Backup\SMessaging.exe
StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{26BF36CF-C0B5-4BE7-BD10-3707A60E1909} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{26BF36CF-C0B5-4BE7-BD10-3707A60E1909}\334574 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{26BF36CF-C0B5-4BE7-BD10-3707A60E1909}\34753475962756C656373713 : DHCPNameServer = 192.168.16.5 192.168.16.9
TCP: Interfaces\{26BF36CF-C0B5-4BE7-BD10-3707A60E1909}\35C40275962756C6563737 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{26BF36CF-C0B5-4BE7-BD10-3707A60E1909}\7516C6C61636563507163656 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{26BF36CF-C0B5-4BE7-BD10-3707A60E1909}\E45445745414251393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E9B1AF1C-5EBE-479F-BF6A-D6247814589C} : NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{E9B1AF1C-5EBE-479F-BF6A-D6247814589C} : DHCPNameServer = 88.82.13.44 88.82.13.44
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: &Quero: {A411D7F4-8D11-43EF-BDE4-AA921666388A} - C:\Program Files\Quero Toolbar\x64\Quero.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 Spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-2-19 15664]
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-12-16 31344]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-12-16 23664]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-8-17 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-9 32104]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-12-16 198784]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-1-30 8894864]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-16 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-8-17 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-16 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-17 133992]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-12-16 101376]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-28 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-28 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-28 168384]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-8-17 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-17 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 2656280]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-6-30 82544]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [?]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-12-16 166016]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-2-19 385840]
R3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2011-12-16 26664]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2011-12-16 30248]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-8-3 85504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-16 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 l36wgps; Mobile Broadband GPS Port;C:\Windows\System32\drivers\l36wgps64.sys [2011-12-16 101416]
R3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-12-16 419400]
R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-12-16 430664]
R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2011-12-16 19528]
R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2011-12-16 483400]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
R3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2011-12-16 286248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-9 144232]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 WajamUpdater;WajamUpdater;"C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys [2013-2-19 17408]
S3 dlusbaudio;dlusbaudio;C:\Windows\System32\drivers\dlusbaudio_x64.sys [2013-1-30 199472]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-16 478056]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-8-3 13952]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-8-3 94208]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-8-3 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-8-3 196608]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-12-16 332272]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-16 87400]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-16 173416]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-04-11 20:13:54 -------- d-----w- C:\Windows\pss
2013-04-11 20:03:10 -------- d-----w- C:\Users\Richard\AppData\Local\NeoSmart_Technologies
2013-04-11 20:01:19 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
2013-04-11 16:00:41 -------- d-----w- C:\Program Files\Perfect Uninstaller
2013-04-11 15:21:51 -------- d-----w- C:\Program Files\CCleaner
2013-04-11 10:17:00 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{287AEC77-B075-434F-BDFE-C971014E88CA}\mpengine.dll
2013-04-11 10:12:00 -------- d-----w- C:\Program Files (x86)\Teleport Pro
2013-04-10 04:30:01 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 04:30:01 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 04:30:00 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 04:30:00 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 04:30:00 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 04:30:00 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 04:29:50 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 04:29:48 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 04:29:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 04:29:45 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 04:29:44 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 04:29:44 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 04:29:43 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 04:29:43 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 04:29:42 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-09 23:01:09 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-09 21:17:09 -------- d-----w- C:\New folder (5)
2013-04-09 16:37:15 -------- d-----w- C:\Windowsphone8site
2013-04-04 14:31:01 -------- d-----w- C:\Author's websites
2013-04-04 12:43:58 -------- d-----w- C:\New folder (4)
2013-04-03 16:50:46 -------- d-----w- C:\Shared
2013-04-02 11:37:27 -------- d-----w- C:\WebSEO
2013-03-21 23:53:49 -------- d-----w- C:\Conjuring Screenplay
2013-03-21 23:37:24 -------- d-----w- C:\Users\Richard\AppData\Roaming\Final Draft
2013-03-21 23:35:22 4169728 ----a-r- C:\Windows\SysWow64\cdintf400.dll
2013-03-21 23:35:10 -------- d-----w- C:\ProgramData\Final Draft
2013-03-21 23:35:06 -------- d-----w- C:\Program Files (x86)\Final Draft 8
2013-03-21 23:34:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-21 10:12:42 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32989414-BC0D-4584-8AFE-DB1CFCD1F546}\gapaengine.dll
2013-03-17 03:01:48 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-03-17 03:01:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-03-17 01:34:44 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-16 22:58:27 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-14 11:23:00 -------- d-----w- C:\Amir
2013-03-13 10:15:56 -------- d-----w- C:\Program Files (x86)\BT Broadband Desktop Help
.
==================== Find3M ====================
.
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 10:14:07 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll
2013-02-19 10:14:07 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll
2013-02-19 10:14:07 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll
2013-02-19 10:14:07 0 ----a-w- C:\Windows\System32\dlumd9.dll
2013-02-19 10:14:07 0 ----a-w- C:\Windows\System32\dlumd11.dll
2013-02-19 10:14:07 0 ----a-w- C:\Windows\System32\dlumd10.dll
2013-02-19 10:14:00 2081792 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.0.41409.0.dll
2013-02-19 10:13:59 17408 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-30 07:42:12 385840 ----a-w- C:\Windows\System32\drivers\dlkmd.sys
2013-01-30 07:42:12 199472 ----a-w- C:\Windows\System32\drivers\dlusbaudio_x64.sys
2013-01-30 07:42:12 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys
2013-01-30 07:40:53 1130384 ----a-w- C:\Windows\System32\dlumd64.dll
2013-01-30 07:40:51 937360 ----a-w- C:\Windows\SysWow64\dlumd32.dll
2013-01-30 07:40:49 106384 ----a-w- C:\Windows\System32\DLTmmB.dll
2013-01-30 07:40:48 103312 ----a-w- C:\Windows\System32\ManageTMMLifeTime.dll
2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 9:46:12.68 ===============

Attached Files

	ark.zip (3.5 KB)
	attach.zip (4.9 KB)

Okay, this is really hard to explain.
My laptop has been running for about a week now, and today when I woke up, I tried to access something on an already open chrome tab and suddenly shockwave player crashed, chrome became irresponsive. I closed it but the computer was running overall slow so I restarted it.
After the restart, I noticed that chrome doesn't want to start and tried to access task manager, but I got the following error:
"The logon process was unable to display security and logon options when CTRL ALT DEL was pressed. IF the operating system does not respond, press ESC or restart the computer by using the power switch"
Next thing I did was run a system restore to a couple of days ago, I didn't download or install anything malicious, like ever.
After the restore chrome actually booted up, and the system seemed to work for about 1-2 minutes, than it would started working slower and slower, and Task Manager wouldn't start. I ran an ESET NOD32 portable Virus scan and found some win32 miner.nab and some spyware things that were immediately deleted, but the system still didn't run properly.
Overall, here are the "symptoms"

- No executable starts (I actually managed to start task manager immediately after login screen and was constantly checking for weird looking processes, but couldn't find any. Whatever executable I would attempt to start would just stay on the process list, but wouldn't actually run)
- Some icon problems, they either load up really slow, or don't load at all
- explorer.exe seems to run fine, I can start and go around folders without any problems.
- start menu also runs fine
- I cannot connect to internet (I'm on a college network so credentials are required every time, but after I enter them, the LAN icon just shows the yellow triangle thing)

I am running in safe mode at the moment.
Please help?

Hello. I have some sort of virus where searching on Google redirects me to some sort of advertisement. Any help would be greatly appreciated. Below is my DDS, while I've attached the zipped file. Thanks!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_39
Run by Patrick at 15:08:03 on 2013-04-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.973 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Patrick\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\jucheck.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskhost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [{500EFB15-6553-41DB-B57B-639B1B235D12}] rundll32 "C:\Users\Patrick\AppData\Local\{0A43785C-4EA9-40E3-92EA-51D1184D99C3}\{500EFB15-6553-41DB-B57B-639B1B235D12}\hfrua.dll",K_Main
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADVANC~1.LNK - C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe
StartupFolder: C:\Users\Patrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Patrick\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{FD2B834A-2BF3-4684-B929-77CCB0C1C839} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FD2B834A-2BF3-4684-B929-77CCB0C1C839}\14454563335303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FD2B834A-2BF3-4684-B929-77CCB0C1C839}\7594E4F573366366 : DHCPNameServer = 192.168.254.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-27 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-11-1 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-11-1 221304]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-11-1 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130411.001\IDSviA64.sys [2013-4-12 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-11-1 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-11-1 451704]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-2-27 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-11-1 126400]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-9-5 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-9-5 460288]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-27 689472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-2-27 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-19 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-1 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-6-23 35840]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-1 215552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-2 1255736]
.
=============== Created Last 30 ================
.
2013-04-12 17:03:52 -------- d-----w- C:\Program Files\Enigma Software Group
2013-04-12 17:02:08 -------- d-----w- C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-12 17:02:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-23 19:43:46 -------- d-----r- C:\Users\Patrick\Dropbox
2013-03-15 10:14:50 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-03-12 20:20:05 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 20:20:05 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-02 12:07:55 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-02 12:07:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 15:08:54.97 ===============

Attached Files

attach.zip (5.6 KB)

Attached Files

	ark.txt (7.6 KB)
	attach.txt (14.1 KB)

Right so heres a detailed account of whats been happening. Read all please.

My computer started showing weird symptoms last night, an svchost.exe in my task manager was stalling all of my other programs and eating 500,000K+ of memory! I tried ending the process but the .exe just kept coming back and eating away memory slowly. and this .exe is stalling all of my programs and causing some programs that would run fine before to lock up until I kill the process then the program unfreezes itself. I keep constantly having to kill it and its getting annoying. oh and did I mention that every time I kill this svchost.exe it keeps disabling my Windows Audio and I keep having to restart it through the services area? because thats getting highly annoying too.

I unplugged my computer from the internet and, after updating it before I disconnected, ran an all night scan of Malwarebytes anti-malware and it did find 2 threats that I removed and rebooted for. after the reboot, I did 1 more quick scan and it didn't find anything so I thought I was in the clear.

I rebooted again and reconnected my computer to the internet. I get hit with a CHKDSK screen asking me to preform a disk check, I let it proceed and it removes some corrupted files and entires. one thing I remember is that it kept saying "Restoring orphaned file" along with a filename and a location. seemed odd but then again I don't use CHKDSK too much to really see a problem.

When I get back to my account I get some windows updates ready to install, mostly security stuff including an update to the malicious software removal tool for XP, figured since some threats were found I figured I would need these security updates. I go ahead and let those install and reboot again.


When the operating system loaded and I got back to my account I was hit with this right off the bat:



And then svchost.exe comes back with a roaring vengeance and starts eating away at memory again! So I figured this was just some weird problem with XP and I'd do a system restore. I launched system restore and tried rebooting to last week. it starts shutting down and I get the restore process screen so I go and use the bathroom. When I get out I'm greeted with a BSOD and this darling message:

NOTE: I did forget to take out an SD card and charging iPod when I started the system restore process. I don't know if these 2 things would effect the system restore but I'm just throwing that in just in case its useful.

Lovely. so now I rebooted and were here now.

Heres the stuff you guys need:

====
DDS:
====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Ben at 8:25:01 on 2013-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.607 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Semagic - c:\program files\semagic\link.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07882D2D-546F-45CE-9137-ADB2A096475A} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\7bl1swlj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\skype\skypewebplugin\npSkypeWebPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-3-10 22312]
S0 bfsxuxd;bfsxuxd;c:\windows\system32\drivers\jhtqvat.sys --> c:\windows\system32\drivers\jhtqvat.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S4 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2012-2-23 125952]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-04-10 13:22:09 -------- d-sh--w- C:\found.000
2013-03-27 18:57:08 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-03-27 18:56:50 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-03-27 18:56:50 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-27 18:56:45 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2013-03-27 18:56:32 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2013-03-21 18:10:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
==================== Find3M ====================
.
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-17 13:38:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-17 13:38:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2013-03-07 01:29:28 64512 ---ha-w- c:\windows\system32\dns-edos.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet(2).dll
2013-03-02 02:06:31 1212928 ----a-w- c:\windows\system32\urlmon(2).dll
2013-03-02 02:06:31 105984 ----a-w- c:\windows\system32\url(2).dll
2013-03-02 02:06:30 2004992 ----a-w- c:\windows\system32\iertutil(2).dll
2013-03-02 02:06:29 11111424 ----a-w- c:\windows\system32\ieframe(2).dll
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k(2).sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet(6).dll
2013-02-05 20:05:47 1212928 ----a-w- c:\windows\system32\urlmon(6).dll
2013-02-05 20:05:47 105984 ----a-w- c:\windows\system32\url(5).dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 8:34:31.59 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once again, thanks for the help. you guys always get me out of my tight spots. :thumb:

(NOTE: For the ARK.log, I left my messenger client on when it was running and it seems to have picked up my messenger client's plugin, "Messenger Plus Live". Messenger Plus Live is a free extension that you can add-on to Windows Live Messenger, it has been brought up in many previous scans as a false positive in scanners. if you wish to confirm the safety of this program, please google "Messenger Plus Live". Thank you.)

Attached Files

attach.zip (6.1 KB)

Hi, my issues just started yesterday, it is a desktop, operating on Windows 7 home edition, at the beginning, it just turn off by itself then turn on, now, it just freezes itself, i have tried to power off then turn it back on, it still freezes within a minute, hope this can be solved ASAP, thanks in advance, here's my HJT:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:13:03 PM, on 4/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\DXPServer.exe
F:\HijackThis.exe

R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(382).dll (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.12.3824.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SRk9ENC1TWFdSOC1KUlRRQS1KQURDSi1XRU1CUg"&"inst=NzYtMTIzMzkzM jE2Mi1TVDEyT0krMS1WSVAxMisxLUREVCswLUVVTEErMS1UMzBFUCsxLVAxMk1CKzEtU1BEKzEt RDM4MUwrNi1TVDEwQVBQKzEtSTEwKzEtQ0lEKzEtSUlTQSsy"&"prod=94"&"ver=10.0.1424
O4 - HKLM\..\RunOnce: [WinSATRestorePower] powercfg -setactive 381b4222-f694-41f0-9685-ff5bb260df2e
O4 - HKCU\..\Run: [Google Update] "C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PPS Accelerator] C:\PPStream\ppsap.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &ѸÀ×ÏÂÔص½ÊÖ»ú - http://static.u.155.com/shoulei/shouleidl.htm
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: ¨Ï¥Î¨³¹p¬Ý¬Ý¼½©ñ¾¹¼½©ñ - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: ʹÓÿ쳵3ÏÂÔØ - C:\Program Files\FlashGet Network\FlashGet 3\fdgeturl.htm
O8 - Extra context menu item: ʹÓÿ쳵3ÏÂÔص±Ç°ÊÓƵ - C:\Program Files\FlashGet Network\FlashGet 3\fdgetflvurl.htm
O8 - Extra context menu item: ʹÓÿ쳵3ÏÂÔØÈ«²¿ÊÓƵ - C:\Program Files\FlashGet Network\FlashGet 3\fdgetallflvurl.htm
O8 - Extra context menu item: ʹÓÿ쳵3ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\FlashGet Network\FlashGet 3\fdgetallurl.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??¡L31p?Y?Y??cn?1 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: ??¡L31p?Y?Y??cn?1 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KUGOU2~1\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KUGOU2~1\KUGOO3~1.OCX
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: ?iOAEe¡Ó¡M¡PtIn (KYDeviceServer) - ¥_¨Ê±yµM¤Ñ¦a¬ì§Þ¦³**¤½¥q - C:\Program Files\kuaiyong\DRM\KYDeviceServer.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

--
End of file - 12069 bytes

Recently i just use ComboFix
It says i need helper to Analyze the log
Here is the log:

ComboFix 13-04-12.02 - Xillus 4/2013 Sun 12:25:37.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.936.86.1033.18.1014.481 [GMT -7:00]
Executive position: c:\users\Xillus\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Deleted files )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\windows\KwYlx.dat
.
.
((((((((((((((((((((((((( New Files From 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 19:32 . 2013-04-14 19:43 -------- d-----w- c:\users\Xillus\AppData\Local\temp
2013-04-14 18:36 . 2013-04-14 18:36 -------- d-----w- c:\users\bin\AppData\Roaming\Malwarebytes
2013-04-14 17:45 . 2013-04-14 17:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF741729-4651-4CD0-909D-8352C4CAC936}\offreg.dll
2013-04-14 08:10 . 2013-04-14 08:10 -------- d-----w- c:\users\Xillus\AppData\Roaming\Malwarebytes
2013-04-14 08:10 . 2013-04-14 08:10 -------- d-----w- c:\programdata\Malwarebytes
2013-04-14 08:10 . 2013-04-14 08:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-14 08:10 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-14 08:10 . 2013-04-14 08:10 -------- d-----w- c:\users\Xillus\AppData\Local\Programs
2013-04-13 18:50 . 2013-04-13 18:50 -------- d-----w- c:\users\bin\AppData\Roaming\Yahoo!
2013-04-13 06:40 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-13 06:40 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-13 06:40 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-13 06:40 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-13 06:40 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-13 06:40 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-13 06:40 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-13 06:40 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-31 07:07 . 2013-03-31 07:48 -------- d-----w- C:\Kuai8Games
2013-03-31 07:03 . 2013-04-06 00:08 -------- d-----w- c:\users\bin\AppData\Roaming\Kuai8
2013-03-30 00:40 . 2013-03-30 00:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 05:46 . 2013-03-29 19:55 -------- d-----w- c:\users\Xillus\funshion
2013-03-26 04:22 . 2013-03-26 04:23 -------- d-----w- c:\users\Public\Thunder Network
2013-03-26 04:22 . 2013-03-26 04:22 -------- d-----w- c:\programdata\Thunder Network
2013-03-23 01:38 . 2013-03-23 01:38 -------- d-----w- c:\users\bin\AppData\Roaming\FreemakeVideoDownloader
2013-03-23 01:31 . 2013-03-23 01:34 -------- d-----w- c:\programdata\Freemake
2013-03-23 01:31 . 2013-02-25 19:47 8013376 ----a-w- c:\program files\Internet Explorer\Microsoft.mshtml.dll
2013-03-23 01:31 . 2013-03-23 01:31 -------- d-----w- c:\program files\Freemake
2013-03-23 00:04 . 2013-03-23 00:04 -------- d-----w- c:\users\bin\AppData\Roaming\xim
2013-03-23 00:04 . 2013-03-23 00:04 -------- d-----w- c:\users\bin\AppData\Roaming\GarenaPlus
2013-03-17 21:36 . 2013-03-17 21:36 -------- d-----w- c:\users\Xillus\AppData\Roaming\Yahoo!
2013-03-17 21:36 . 2013-03-17 21:36 -------- d-----w- c:\programdata\Yahoo! Companion
2013-03-17 21:36 . 2013-03-17 21:36 -------- d-----w- c:\program files\Yahoo!
2013-03-17 21:36 . 2013-03-17 21:36 -------- d-----w- c:\program files\CCleaner
2013-03-17 04:38 . 2013-03-17 04:42 -------- d-----w- c:\program files\Garena Plus
2013-03-16 21:36 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Modified files within three months ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 19:26 . 2012-10-11 23:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 19:26 . 2012-10-11 23:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 23:01 . 2012-12-10 05:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-14 21:07 . 2013-01-14 21:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note * blank legal default login will not be displayed
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2012-05-05 02:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Download Accelerator Manager"="c:\program files\Tensons\Download Accelerator Manager\daman.exe" [2012-10-01 783872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Accelerator Manager]
2012-10-01 17:43 783872 ----a-w- c:\program files\Tensons\Download Accelerator Manager\daman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 247320 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 285208 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 220184 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 20:59 336616 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\DRIVERS\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;g:\game booster 3\Driver\WinRing0.sys [x]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;e:\advanced systemcare 6\ASCService.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 06:53 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
'Scheduled Tasks' folder in the content
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 19:26]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-10 06:33]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-10 06:33]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8FE8FCA9-D234-2AAD-AEE3-2277510BAE53} - c:\program files\BaiduAddr\{8FE8FCA9-D234-2AAD-AEE3-2277510BAE53}\AddressBar.dll
HKU-Default-Run-PPS Accelerator - c:\program files\PPStream\PPSKernel.exe
MSConfigStartUp-ChengZi - c:\program files\chengzi\haochengzi-1681900000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\!j遙篘u
T泏^)Y0W *塠艌z廭]
"DisplayName"="Sims - magical world installer"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other running processes ------------------------
.
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\System32\slui.exe
.
**************************************************************************
.
Completion Time: 2013-04-14 12:47:02 - The computer has been restarted
ComboFix-quarantined-files.txt 2013-04-14 19:47
.
Pre-Run: 75,236,798,464 bytes free
Post-Run: 75,179,696,128 bytes free
.
- - End Of File - - C78DDC59E96DB03CC72D8DD1F6635447



Someone pls help.....................:frown:

Attached Files

log.txt (11.7 KB)

Hello, I requested help in a previous thread but it was closed.

http://www.techsupportforum.com/foru...ce-690264.html

Attached please find the log from Malware bytes.
For some reason I could not upload the mbar-log-YYYY-MM-DD (##-##-##).txt (got a message saying the upload failed. the file has 0 kb).

Appreciate your help in advising what I should do now.
The following items were detected.

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus)
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DECEAAA2-370A-49BB-9362-68C3A58DDC62} (Adware.180Solutions)
c:\Documents and Settings\Robi\Meus documentos\Downloads\filme.exe (Adware.Bundler)
c:\Documents and Settings\Robi\Meus documentos\Downloads\acelerador (1).exe (Adware.Bundler)
c:\Documents and Settings\Robi\Meus documentos\Downloads\acelerador (2).exe (Adware.Bundler)
c:\Documents and Settings\Robi\Meus documentos\Downloads\acelerador.exe (Adware.Bundler)
c:\Documents and Settings\Robi\Meus documentos\Downloads\smss.exe (Heuristics.Reserved.Word.Exploit)

Thanks!

Attached Files

system-log.txt (76.0 KB)

hello, I have win xp sp3 home edition. A few days ago I started having a problem when restarting or starting up pc, after windows loads when I click on a shortcut application(example: browser), instead of opening it just once it will open 70 or more browsers. Or if I click "start" and move arrow over a file it will open without me even clicking the mouse. I noticed if I click on a browser and then continuously close the 70 or so browsers it opens up then once I close them all the problem stops and doesn't do it again until I restart pc? I am baffled and have no idea what is causing this or how to resolve it. It is very frustrating and I just do not have the funds to take pc to a specialist. Any help would be appreciated?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Owner at 10:31:06 on 2013-04-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.816 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Modem_Agere_2.1.56.1_XPx86_A\Modem_agere_v.2.1.56.1_XPx86\setup.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.2.0.19\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [PM_reg] c:\windows\regedit.exe /s c:\sysprep\Nic_pm.reg
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365657062109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365657214203
TCP: NameServer = 192.168.7.7
TCP: Interfaces\{A2C0C39C-ABF3-4D5E-8021-E0FDE69FE5FD} : DHCPNameServer = 192.168.7.7
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\836ywkm8.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-04-10 18:20; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-04-10 18:55; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-04-12 03:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2013-4-10 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2013-4-10 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130322.001\BHDrvx86.sys [2013-3-22 997464]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2013-4-10 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2013-4-10 175264]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.2.0.19\ccsvchst.exe [2013-4-10 143928]
R3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-10 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130412.001\IDSXpx86.sys [2013-4-12 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130412.024\NAVENG.SYS [2013-4-13 93296]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130412.024\NAVEX15.SYS [2013-4-13 1603824]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2013-4-10 69692]
S3 EraserUtilDrv11220;EraserUtilDrv11220;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11220.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11220.sys [?]
.
=============== Created Last 30 ================
.
2013-04-12 21:03:41 -------- d-----w- c:\documents and settings\owner\application data\OpenOffice.org
2013-04-12 21:01:44 -------- d-----w- c:\program files\OpenOffice.org 3
2013-04-12 16:18:55 68096 ------w- c:\windows\system32\agrsmdel.exe
2013-04-12 16:12:19 -------- d-----w- c:\program files\Realtek
2013-04-12 16:11:55 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2013-04-12 16:11:55 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2013-04-12 16:11:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2013-04-12 16:11:55 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2013-04-12 16:11:55 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2013-04-12 16:11:55 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2013-04-12 16:11:55 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2013-04-12 15:26:35 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-04-12 15:25:15 -------- d-----w- c:\program files\SystemRequirementsLab
2013-04-12 10:27:06 -------- d-----w- c:\windows\system32\XPSViewer
2013-04-12 10:26:32 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-04-12 10:26:07 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-04-12 10:26:07 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-04-12 10:26:07 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-04-12 10:26:07 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-04-12 10:26:07 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-04-12 10:26:07 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-04-12 10:26:07 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-04-12 10:26:07 117760 ------w- c:\windows\system32\prntvpt.dll
2013-04-12 10:26:07 -------- d-----w- C:\a343f2a591818d3c059b03a3
2013-04-12 05:36:18 172032 ----a-w- c:\windows\system32\igfxres.dll
2013-04-11 17:27:16 -------- d-----w- c:\program files\Gilisoft
2013-04-11 05:50:38 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2013-04-11 05:39:38 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2013-04-11 05:31:54 -------- d-----w- c:\windows\ServicePackFiles
2013-04-11 05:29:22 19569 ----a-w- c:\windows\002605_.tmp
2013-04-11 05:27:15 -------- d-----w- c:\windows\EHome
2013-04-11 05:19:15 -------- dc-h--w- c:\windows\ie8
2013-04-11 05:10:46 -------- d-----w- c:\documents and settings\owner\local settings\application data\visi_coupon
2013-04-11 05:04:02 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-04-11 05:00:15 -------- d-----w- c:\windows\system32\RTCOM
2013-04-11 04:58:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2013-04-11 04:54:59 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2013-04-11 04:53:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\tjnet
2013-04-11 04:49:26 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2013-04-11 04:25:35 -------- d-----w- C:\Live! Cam
2013-04-11 04:24:43 -------- d-----w- c:\windows\system32\ReinstallBackups
2013-04-11 04:24:39 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-04-11 04:24:39 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-04-11 04:24:39 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2013-04-11 04:24:31 -------- d-----w- C:\Intel
2013-04-11 04:18:34 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius
2013-04-11 03:57:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-11 03:57:18 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-11 03:57:17 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-11 03:57:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-11 03:44:00 927904 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symefa.sys
2013-04-11 03:44:00 586400 ----a-w- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys
2013-04-11 03:44:00 394656 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symtdi.sys
2013-04-11 03:44:00 368288 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symds.sys
2013-04-11 03:44:00 350368 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symtdiv.sys
2013-04-11 03:44:00 338592 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symnets.sys
2013-04-11 03:44:00 32888 ----a-r- c:\windows\system32\drivers\n360\1402000.013\srtspx.sys
2013-04-11 03:44:00 21400 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symelam.sys
2013-04-11 03:44:00 175264 ----a-r- c:\windows\system32\drivers\n360\1402000.013\ironx86.sys
2013-04-11 03:44:00 134304 ----a-w- c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys
2013-04-11 03:43:03 -------- d-----w- c:\windows\system32\drivers\n360\1402000.013
2013-04-11 03:32:10 -------- d-----w- c:\windows\ie8updates
2013-04-11 03:20:19 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-04-11 03:20:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-04-11 03:20:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-04-11 03:20:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-04-11 03:20:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-11 03:20:17 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-11 03:20:17 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-04-11 03:20:15 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-04-11 03:19:55 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-11 03:19:55 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-11 03:19:36 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2013-04-11 03:19:36 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2013-04-11 03:19:36 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-04-11 03:19:34 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-04-11 03:18:36 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-04-11 03:17:57 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-04-11 03:17:45 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-04-11 03:17:43 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-04-11 03:17:30 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-04-11 03:17:30 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-04-11 03:17:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-04-11 03:16:20 -------- d-----w- c:\documents and settings\owner\local settings\application data\magicJack
2013-04-11 03:16:10 -------- d-----w- c:\documents and settings\all users\application data\magicJack
2013-04-11 03:16:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-04-11 03:15:25 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-04-11 03:15:24 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2013-04-11 03:15:22 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2013-04-11 03:15:21 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2013-04-11 03:15:17 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2013-04-11 03:15:15 -------- d-----w- c:\documents and settings\owner\application data\mjusbsp
2013-04-11 03:15:13 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2013-04-11 03:15:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2013-04-11 03:15:10 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2013-04-11 03:14:49 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-04-11 03:14:41 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2013-04-11 03:14:41 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-04-11 03:14:41 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2013-04-11 03:14:41 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2013-04-11 03:14:41 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-04-11 03:14:08 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-04-11 03:13:31 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-04-11 03:12:30 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-04-11 03:12:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-04-11 03:12:14 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-11 03:12:12 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-04-11 03:11:12 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2013-04-11 03:11:04 -------- d-----w- c:\program files\Belkin
2013-04-11 03:11:04 -------- d-----w- c:\documents and settings\all users\application data\Affinegy
2013-04-11 03:09:48 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-04-11 03:07:36 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-04-11 03:07:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-04-11 03:06:27 -------- d-----w- c:\windows\system32\PreInstall
2013-04-11 03:04:13 24576 ----a-w- c:\windows\system32\msxml3a.dll
2013-04-11 03:04:13 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-04-11 03:04:13 -------- d-----w- c:\program files\common files\AVSMedia
2013-04-11 03:04:13 -------- d-----w- c:\program files\AVS4YOU
2013-04-11 03:03:06 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2013-04-11 03:03:05 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2013-04-11 03:03:05 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2013-04-11 03:03:04 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-04-11 03:03:03 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-04-11 03:02:13 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2013-04-11 03:00:24 -------- d-----w- c:\program files\VideoLAN
2013-04-11 02:55:50 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-04-11 02:55:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\Eastman_Kodak_Company
2013-04-11 02:55:31 -------- d-----w- c:\program files\PrintProjects
2013-04-11 02:55:31 -------- d-----w- c:\documents and settings\all users\application data\Visan
2013-04-11 02:55:31 -------- d-----w- c:\documents and settings\all users\application data\PrintProjects
2013-04-11 02:52:18 -------- d-----w- c:\documents and settings\all users\Kodak
2013-04-11 02:51:58 -------- d-----w- c:\windows\system32\kodak
2013-04-11 02:51:34 604672 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2013-04-11 02:51:34 225792 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2013-04-11 02:51:34 118784 ----a-w- c:\windows\system32\EKIJCOINST13.dll
2013-04-11 02:51:06 -------- d-----w- c:\program files\Kodak
2013-04-11 02:50:56 -------- d-----w- c:\program files\MSXML 6.0
2013-04-11 02:50:11 -------- d-----w- c:\documents and settings\all users\application data\Kodak
2013-04-11 02:49:49 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-04-11 02:49:24 -------- d-----w- c:\documents and settings\owner\application data\Temp
2013-04-11 02:49:23 -------- d-----w- c:\documents and settings\owner\local settings\application data\Eastman Kodak Company
2013-04-11 02:29:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2013-04-11 02:24:05 -------- d-----w- C:\GSMDC-TEMP
2013-04-11 02:24:05 -------- d-----w- c:\documents and settings\owner\application data\GiliSoft
2013-04-11 02:17:30 -------- d-----w- c:\documents and settings\owner\application data\GetRightToGo
2013-04-11 02:08:48 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-04-11 02:06:54 -------- d-----w- c:\program files\Yahoo!
2013-04-11 02:05:16 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-11 02:05:16 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-11 02:02:20 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla
2013-04-11 02:02:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-04-11 01:58:52 -------- d-----w- c:\program files\Bejeweled 3
2013-04-11 01:43:36 7062 ----a-w- c:\windows\system32\audiopid.vxd
2013-04-11 01:43:02 647872 ------w- c:\windows\system32\Mscomct2.ocx
2013-04-11 01:43:02 41984 ------w- c:\windows\Ctregrun.exe
2013-04-11 01:41:57 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-04-11 01:41:57 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2013-04-11 01:41:57 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-04-11 01:41:56 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-04-11 01:41:54 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-04-11 01:41:08 -------- d-----w- c:\program files\Creative
2013-04-11 01:40:40 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2013-04-11 01:40:40 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2013-04-11 01:40:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2013-04-11 01:40:40 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-04-11 01:40:40 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2013-04-11 01:40:40 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2013-04-11 01:40:39 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2013-04-11 01:40:38 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2013-04-11 01:19:28 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-04-11 01:19:28 -------- d-----w- c:\program files\Symantec
2013-04-11 01:19:28 -------- d-----w- c:\program files\common files\Symantec Shared
2013-04-11 01:18:50 -------- d-----w- c:\windows\system32\drivers\N360
2013-04-11 01:18:47 -------- d-----w- c:\program files\Norton Security Suite
2013-04-11 01:18:41 -------- d-----w- c:\program files\NortonInstaller
2013-04-11 01:18:41 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-04-11 01:16:13 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-04-11 01:02:18 -------- d-----w- c:\windows\pss
2013-04-11 00:57:15 25600 ----a-w- c:\windows\system32\setupcl.exe
2013-04-11 00:57:14 -------- d-----w- C:\SYSPREP
2013-04-11 00:55:18 2365288 -c----w- c:\windows\system32\dllcache\WMVCore.dll
2013-04-11 00:39:36 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
2013-04-11 00:36:53 -------- d-----w- c:\windows\creator
2013-04-11 00:36:15 -------- d-----w- c:\windows\SMINST
2013-04-11 00:36:13 -------- d-----w- c:\windows\I386
2013-04-11 00:34:58 8704 -c--a-w- c:\windows\system32\dllcache\tsbyuv.dll
2013-04-11 00:33:58 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
.
==================== Find3M ====================
.
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 10:32:05.90 ===============

Attached Files

	ark.zip (2.2 KB)
	attach.zip (3.1 KB)

After quite awhile, my dad ended up catching some malware again. It was a fake antivirus, I believe it was called "System Care Antivirus" It wouldn't allow him to open anything and it repeatedly told him that Symantec was infected. It didn't run in safe mode, so I was able to run Malwarebytes there. It removed (most of) the associated files, but it left the folder behind, so I erased that. However, it wasn't over. In task manager, I noticed several iexplore.exe processes in Task Manager.
Upon closer inspection, it appeared that there were two hidden Internet Explorer windows visiting random sites (along with calling to certain IP addresses). So, I ran Combofix (I know we shouldn't do that, but I didn't have it fix anything major). It found two DLL files, which I the deleted. Afterward, the suspicious IE windows stopped opening and all seemed to be well. All that was left were two DLL errors that ran at login, referring to the missing DLL files. Though, there were just two registry entries leftover that told rundll32.exe to run those DLLs at startup. It was a simple fix in the Registry Editor.

Still, this suspicious activity has me worried. I remember seeing these symptoms as signs of a possible rootkit infection. So, I scanned with TDSSkiller, but it came up clean. So, I just wanted to see if there is anything left over, or if there is a possible rootkit infection that brought in the malware.

Here's the DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by wamcd at 14:27:58 on 2013-04-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.282 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://education.dellnet.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [DellTouch] c:\windows\MMKeybd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: d:\docume~1\wamcd~1.wam\startm~1\programs\startup\jacqui~1.lnk - c:\program files\jacquie lawson london advent calendar\Jacquie Lawson London Advent Calendar.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115408060564
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130441725093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_02-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.3092708333
DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4D71D46A-A34A-4F59-8B92-CC51FF0FB026} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
SEH: Quick View Plus - ShellExecute Hook - {0cab0400-7395-11d0-a5e5-0020afe2fdd9} -
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\wamcd.wamcd01\application data\mozilla\firefox\profiles\o40f8ch2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-04-13 20:54; {9857e72b-a491-11e2-8274-b8ac6f996f26}; d:\documents and settings\wamcd.wamcd01\application data\mozilla\firefox\profiles\o40f8ch2.default\extensions\{9857e72b-a491-11e2-8274-b8ac6f996f26}.xpi
FF - ExtSQL: !HIDDEN! 2010-12-20 03:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-5-8 212992]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-10 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-10 108392]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-12-17 99896]
R2 IDFEndpointService;Identity Finder Endpoint Service;c:\program files\identity finder 4\idfEndpoint.exe [2010-10-13 6181376]
R2 NetAlrt;NetAlrt;c:\windows\system32\drivers\Netalrt.sys [2002-5-7 39680]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1980-1-1 28672]
R2 PlatAlrt;PlatAlrt;c:\windows\system32\drivers\platalrt.sys [2002-5-7 23744]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-11-8 1839776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-3 106656]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2002-10-7 6942]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-12-17 17408]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130412.016\NAVENG.SYS [2013-4-12 93296]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130412.016\NAVEX15.SYS [2013-4-12 1603824]
S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\a302.sys [2003-8-29 11319]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-3-30 23888]
S3 Intel Remote Control Helper;Intel Remote Control Helper;c:\windows\system32\drivers\rch.sys --> c:\windows\system32\drivers\rch.sys [?]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-04-14 01:50:41 -------- d-----w- c:\windows\pss
2013-04-14 01:02:27 -------- d-----w- C:\ComboFix
2013-04-10 22:32:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-28 03:31:54 98816 ----a-w- c:\windows\sed.exe
2013-03-28 03:31:54 256000 ----a-w- c:\windows\PEV.exe
2013-03-28 03:31:54 208896 ----a-w- c:\windows\MBR.exe
2013-03-21 18:46:17 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 18:46:17 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M ====================
.
2013-04-10 22:32:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-10 22:32:13 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-10 22:32:13 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 02:02:15 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 02:02:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 14:28:58.14 ===============






Here's the Malwarebytes log from when System Care Antivirus was removed:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.13.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
wamcd :: WAMCD01 [administrator]

4/13/2013 8:39:00 PM
mbam-log-2013-04-13 (20-39-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 36463
Time elapsed: 10 minute(s), 18 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rvoelsow (Trojan.Agent.TSV) -> Data: "D:\Documents and Settings\wamcd.WAMCD01\Local Settings\Application Data\qfppiwim.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
D:\Documents and Settings\wamcd.WAMCD01\Local Settings\Application Data\qfppiwim.exe (Trojan.Agent.TSV) -> Quarantined and deleted successfully.
D:\Documents and Settings\wamcd.WAMCD01\Local Settings\Temp\AA_E-Ticket.zip (Trojan.Agent.TSV) -> Quarantined and deleted successfully.
D:\Documents and Settings\wamcd.WAMCD01\Local Settings\Application Data\wjavxrwq.exe (Malware.Packer.EGX7) -> Quarantined and deleted successfully.

(end)

Attached Files

attach.zip (6.4 KB)

Hello

I have the websearch.helpmefindyour.info Search virus. When i open a new tab in my browser i get the search page from websearch...

I tried several tutorials to remove the virus but without succes.
All the tutorials start with stop the service random.exe but i have no services that is called like that.

The next steps are to delete some rules in registery. Been there done that the problem still not solved. :(

Can anyone help me?

Hey guys,I took some wrong steps when downloading something from internet and now its ******* with my pc adn I don't really know how to delete it from roots.So I downloaded a minecraft ultimate premium account hacker.exe and started it.Nothing happened but after few days performance gradually decreased so I checked processes where I found two numbered .exe's eg. 12343.exe and one more with MR.BEAN as their description I deleted both of them ad=nd deleted the main .exe downloaded from internet.After 1 day those type of files keep regenerating but what I found extremely scary was CPU eating process which changed name after I deleted it,now its name is solidstate.exe and the numbering.exe has changed to name "mandindgo.exe" adn has "grapejuice" as its description instead of MR.BEAN.I knew this was the same malware downloaded from net as they had same icons but the CPU eating .exe had bluetooth description I tried running avast adn microsoft security essentials but no avail,They said its fine.It is not. I need you guys to help me as fast as you can please. one more thing when the virus first started it tried hacking my webcam.I knew webcam was recording as the light next to it turned one.Its really worrying me please help.Thanks

Here are those two viruses,Can't delete them they regenerate with different name :
http://images.devs-on.net/Image/xoIl...EEm-Region.png

Hi guys,

I think I have a virus/malware etc. My PC is running slow and Spybot found entries but couldn't remove all of them (can't remember names).

I am normally very careful but think they maybe came from some pop-ups when I tried streaming football. I also have utorrent installed but I use a private torrent site that is invite only and never download brand new stuff until others have so all that stuff is safe. Also I have used that loads and never been any problems until I tired watching the football.

I have read the instructions so please find attached all the required info and I am unsure if I have an install DVD but don't think so:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Dave at 12:45:13 on 2013-04-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8082.5248 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\IoctlSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Dave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{00F3ECBC-8DC8-4ACA-917F-E473CE402533} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{00F3ECBC-8DC8-4ACA-917F-E473CE402533}\441667562E08993702960586F6E656 : DHCPNameServer = 109.249.185.224 109.249.186.32
TCP: Interfaces\{059D40D1-A959-4578-B5C7-8FBAD7562378} : NameServer = 88.82.13.28 88.82.13.28
TCP: Interfaces\{08C0E097-0034-4B04-A3BE-1B271AA41E5A} : NameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{19F93077-6888-45AE-AAF6-AC7105FED242} : DHCPNameServer = 149.254.230.7 149.254.199.126
TCP: Interfaces\{5E0695D9-A120-4CE1-BD3C-265E460DEA69} : DHCPNameServer = 109.249.185.224 109.249.188.32
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ukmp5vdf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=406&sr=0&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\TorrentStream\player\npts_plugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-14 65336]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-28 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-11-30 30056]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-24 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-30 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-4-20 482384]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-6-13 1025808]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-6-13 377920]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/11/30 11:04:14];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-8-10 147704]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [2012-10-23 408184]
R2 AllShare Play Service;AllShare Play Service;C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe [2013-4-4 662600]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-6-13 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-6-13 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-14 45248]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-11-30 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-11-30 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-11-30 295440]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-4-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-20 161560]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-11-30 83704]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-2-13 1153368]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2012-2-10 295360]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-20 363800]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-4-20 20592]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2013-1-30 90112]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-28 787736]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-4-20 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-20 677480]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2012-4-20 1082472]
R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2012-2-25 22800]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-14 178624]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2013-1-30 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\System32\drivers\ew_usbenumfilter.sys [2013-1-30 13952]
S3 huawei_cdcacm;huawei_cdcacm;C:\windows\System32\drivers\ew_jucdcacm.sys [2013-1-30 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\System32\drivers\ew_juextctrl.sys [2013-1-30 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\windows\System32\drivers\ew_juwwanecm.sys [2013-1-30 229376]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-2 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\drivers\RtsP2Stor.sys [2012-4-20 259176]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-20 57216]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-04-15 00:23:13 -------- d-----w- C:\Users\Dave\AppData\Local\{42C0B184-396F-48DD-AE77-EFF23B47D10D}
2013-04-14 12:22:59 -------- d-----w- C:\Users\Dave\AppData\Local\{EDC08BD1-42CE-4408-990D-70DFB0992F58}
2013-04-13 10:25:27 -------- d-----w- C:\Users\Dave\AppData\Local\{93B1B727-56A0-446C-83ED-43D6C6F3AF20}
2013-04-12 06:46:58 -------- d-----w- C:\Users\Dave\AppData\Local\{739A0CEC-7650-4794-BE34-33EED81BE624}
2013-04-12 06:30:26 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{817CDEEA-8249-4D9B-A6FB-49D03220BF25}\mpengine.dll
2013-04-11 14:59:23 -------- d-----w- C:\Users\Dave\AppData\Local\{F083AE5C-84E6-401B-8484-7C9F8B029002}
2013-04-10 14:01:00 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-04-10 14:00:59 1655656 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-10 14:00:56 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys
2013-04-10 14:00:46 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-04-10 14:00:44 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-04-10 14:00:43 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:00:42 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-04-10 14:00:42 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-04-10 14:00:42 112640 ----a-w- C:\windows\System32\smss.exe
2013-04-10 06:34:30 -------- d-----w- C:\Users\Dave\AppData\Local\{15D295CE-25FB-43B4-AA31-AF17E62F41B6}
2013-04-09 06:43:05 -------- d-----w- C:\Users\Dave\AppData\Local\{A079669B-5323-4D06-8C8D-F6BB0F6F2D7A}
2013-04-07 18:24:39 -------- d-----w- C:\Users\Dave\AppData\Local\{8D9B22FE-EA33-45DC-B1E0-3D54A2DAAB25}
2013-04-07 06:24:23 -------- d-----w- C:\Users\Dave\AppData\Local\{0C94C39A-7F0F-4352-A3FF-8C82F4942650}
2013-04-06 15:44:18 -------- d-----w- C:\Users\Dave\AppData\Local\{C1203D38-1B2A-4762-9663-F70D29C8C191}
2013-04-05 16:45:00 -------- d-----w- C:\Users\Dave\AppData\Local\{F305FA17-2B72-48AA-87E5-6E4638FD1D02}
2013-04-04 17:49:13 -------- d-----w- C:\Users\Dave\.swt
2013-04-04 17:47:37 -------- d-----w- C:\Upload
2013-04-04 17:47:31 -------- d-----w- C:\Users\Dave\AppData\Local\{C896FECB-3BE4-40B9-94DE-49AD6668067D}
2013-04-04 17:46:24 -------- d-----w- C:\Program Files\Samsung
2013-04-04 17:46:24 -------- d-----w- C:\AllShare Play
2013-04-03 05:00:19 -------- d-----w- C:\Users\Dave\AppData\Local\{156EB173-10F5-4FAF-9DAF-31F65B6A8E11}
2013-04-02 15:58:19 -------- d-----w- C:\Users\Dave\AppData\Local\{95A835B5-29E4-4639-9A73-EED93326EB76}
2013-04-02 03:58:04 -------- d-----w- C:\Users\Dave\AppData\Local\{1D08AEDD-0C97-4D35-A7E8-F4F4FD290FE4}
2013-04-01 12:32:13 -------- d-----w- C:\Users\Dave\AppData\Local\{D4A7D05D-FDD9-4D45-85E5-4C492A0836D9}
2013-03-30 03:25:01 -------- d-----w- C:\Users\Dave\AppData\Local\{D38AD429-4D87-4401-8F17-A79C204E38ED}
2013-03-29 03:35:25 -------- d-----w- C:\Users\Dave\AppData\Local\{423C6A64-F026-4A23-8120-6733F479EB60}
2013-03-28 11:09:44 -------- d-----w- C:\Users\Dave\AppData\Local\{A2D0377C-ADEB-431A-8AE5-9176C14022F6}
2013-03-27 12:44:46 -------- d-----w- C:\Users\Dave\AppData\Local\{6B267842-2B6A-4CF4-96E2-4DCB4E102E03}
2013-03-27 00:44:34 -------- d-----w- C:\Users\Dave\AppData\Local\{6447AF92-E6F7-4B38-822C-9393E6A202AE}
2013-03-26 12:44:24 -------- d-----w- C:\Users\Dave\AppData\Local\{1A717ED4-4084-4631-98DE-091F37802CB4}
2013-03-25 23:27:44 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-03-25 19:35:10 -------- d-----w- C:\Users\Dave\AppData\Local\{47DF2E07-17F0-424F-96BB-F624B379349C}
2013-03-25 07:34:40 -------- d-----w- C:\Users\Dave\AppData\Local\{C05E5554-188D-4BFF-BA56-CC35C65FC757}
2013-03-24 14:23:53 -------- d-----w- C:\Users\Dave\AppData\Local\{A236EC90-D960-49AD-BEB6-2D60141D1F52}
2013-03-21 19:39:48 -------- d-----w- C:\Users\Dave\AppData\Local\{E2464B60-6E78-4241-A500-DA6D37E1FB71}
2013-03-21 07:39:38 -------- d-----w- C:\Users\Dave\AppData\Local\{CEF6C0A7-5642-44FE-BD0E-C913FB09617B}
2013-03-20 20:02:40 -------- d-----w- C:\Program Files\iPod
2013-03-20 20:02:39 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-20 20:02:39 -------- d-----w- C:\Program Files\iTunes
2013-03-20 20:02:39 -------- d-----w- C:\Program Files (x86)\iTunes
2013-03-20 15:58:57 -------- d-----w- C:\Users\Dave\AppData\Local\{151DA809-8968-41FF-9CE9-EC5080A840F2}
2013-03-19 16:53:33 -------- d-----w- C:\Users\Dave\AppData\Local\{400951DE-3F1B-47FD-A48D-D1BC1F765207}
2013-03-18 19:42:02 -------- d-----w- C:\Users\Dave\AppData\Local\{37EE71CE-6D76-4F69-95DE-AE9D26A0FB18}
2013-03-17 00:05:04 -------- d-----w- C:\Users\Dave\AppData\Local\{F7B61217-2BAC-4AA1-9D85-D91EA85D26B0}
2013-03-16 12:04:38 -------- d-----w- C:\Users\Dave\AppData\Local\{0BA67D99-17D3-493B-8FAF-E1A178DDBC8F}
.
==================== Find3M ====================
.
2013-04-11 06:38:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 06:38:32 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-04 13:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-03-12 00:10:56 282744 ------w- C:\windows\System32\MpSigStub.exe
2013-03-07 17:57:50 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 17:57:49 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-03-07 17:57:49 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-03-06 23:33:21 70992 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-03-06 23:33:21 178624 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-03-06 23:33:21 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51 41664 ----a-w- C:\windows\avastSS.scr
2013-02-22 06:27:49 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
.
============= FINISH: 12:45:57.90 ===============



Thanks

Davy

Attached Files

attach.zip (23.4 KB)

One of my email accounts that is set up through Outlook 2010 is sending spam. My hosting company tells me that my computer is infected with a virus. I have run Kaspersky virus scan but it did not find anything. I am running Windows 7 and I do not have a boot disk.

Below is the requested log and attached are the other logs.

Just a note but when GMER was done running and pop up message appeared that said it "hasn't found any system modifications".

Thank you in advance!

..............................................................

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by mickapoo at 13:17:59 on 2013-04-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2370 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [GrpConv] grpconv -o
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{166870AD-341B-4B94-90AB-EF466D67EFCE} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{166870AD-341B-4B94-90AB-EF466D67EFCE}\2375942554932363 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mickapoo\AppData\Roaming\Mozilla\Firefox\Profiles\c817ig34.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-04-01 11:57; {66E978CD-981F-47DF-AC42-E3CF417C1467}; C:\Users\mickapoo\AppData\Roaming\Mozilla\Firefox\Profiles\c817ig34.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-22 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-10-26 1041760]
RUnknown 07108306;07108306; [x]
RUnknown 8310438drv;8310438drv; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-11 1255736]
.
=============== Created Last 30 ================
.
2013-04-16 16:01:18 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-04-12 10:47:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0F5A395-EAFD-420F-ACC5-FF35CBAC25A4}\offreg.dll
.
==================== Find3M ====================
.
2013-03-29 22:18:01 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-29 22:18:01 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 13:18:27.30 ===============

Attached Files

Attach.zip (2.4 KB)

Wow. OK, I have a big problem. Lately, whenever I go to Google, Bing or Yahoo search, my computer will redirect me to a totally different site than I clicked on. And it has now started redirecting me to pornographic sites! I am so upset and disgusted. Is there anyway to fix this? :confused:

About 2 weeks ago, I got the FBI/MoneyPack virus thing, so I followed a guide I found and got it removed with MalwareBytes. It removed it, and all was well with my computer. So after that, I got a free 30 day trial of Norton 360. But neither of these programs have stopped this problem I'm having. What can I do? I don't want to have to restore my computer. I did that back in January, and again in March. It's a nightmare.

I'm not computer/tech savvy, so please bear with me. I'll need specific, detailed steps if there is anyway to fix this. I'm sorry. I would really appreciate any help! Thank you.


*Edit: I have Windows 7 and Internet Explorer 10

recently i have noticed certain programs will not open as previously have, so i scan with my anti-virus and it finds something i quarantine and delete try again nothing scan again and finds something else. also just today started seeing a RunDLL error msg ( 2 of them ) on my screen at startup. help me plz i dont know what to do i have no comp skills.

Hey Tech Support Forum!

I need some help with ensuring my computer security is not compromised, because recently i've been getting emails that my facebook account and guild of wars 2 account have been accessed. Web pages are also being sketchy as they often load broken or they don't load at all.

I've done a boot-time scan with AVAST, and it removed some items about java exploits or something, but my computer is still acting up so I want to make sure.

I also don't have the boot disk for vista, thank you guys again!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 10.17.2
Run by Phuny Ly at 20:34:29 on 2013-04-16
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*Yahoo!
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [F.lux] "C:\Users\Phuny Ly\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Spotify Web Helper] "C:\Users\Phuny Ly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\PHUNYL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phuny Ly\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{3BC6F316-2F1D-400C-A6F1-AD92818D443D} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{54DE7010-2C34-424F-8EBA-9735DC5737A6} : DHCPNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
Handler: cw - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files (x86)\CaseWare\cwproto.dll
Handler: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files (x86)\CaseWare\cwproto.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: cw - {774E529C-2458-48A2-8F57-3ED3105D8612} - <orphaned>
x64-Handler: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phuny Ly\AppData\Roaming\Mozilla\Firefox\Profiles\kpaelgu4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google.ca
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Phuny Ly\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\Phuny Ly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Phuny Ly\AppData\Roaming\Mozilla\Firefox\Profiles\kpaelgu4.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-10-25 17:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-04-16 00:09:21 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 00:09:19 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-16 00:09:19 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-16 00:09:19 262560 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-04-16 00:09:19 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-04-16 00:09:19 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-03-14 03:53:57 1890 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2013-03-13 02:49:19 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 02:49:19 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 07:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:35:03.06 ===============

Attached Files

Attach.zip (45.1 KB)