trojan.fake virus 9 of them comes back hourly

My computer is new about three weeks old. I keep getting these 9 same viruses even after malwarebytes finds and deletes them. They reappear exactly one hour later. I have even deleted the msrtn32 folder they reside in. Six of them run under task manager as rthdcpd.exe and all six have the name "driver helper". Causes my processor to run 90-100%. MBAM says these are called Trojan.fakems viruses.

Attached below are the required info posted on your site that you need:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
Run by Franklin Family at 14:55:03 on 2014-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2039.926 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Users\Franklin Family\AppData\Local\Temp\20140717\ctfmon.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\msrtn32\msrtn32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\msrtn32\rthdcpd.exe
C:\Program Files\msrtn32\rthdcpd.exe
C:\Program Files\msrtn32\rthdcpd.exe
C:\Program Files\msrtn32\rthdcpd.exe
C:\Program Files\msrtn32\rthdcpd.exe
C:\Program Files\msrtn32\rthdcpd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = Google
mStart Page = Google
mSearch Page = Google
mDefault_Page_URL = Google
mDefault_Search_URL = Google
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Nvdiai] wscript.exe "c:\microsoft\lib\inc\xx.js"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] "c:\programdata\malwarebytes' anti-malware (portable)\mbamdor.exe" "c:\programdata\Malwarebytes' Anti-Malware (portable)"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{49CD470B-BFE0-4487-80DC-856A6DAE0897} : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{49CD470B-BFE0-4487-80DC-856A6DAE0897}\354756675602646464 : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{49CD470B-BFE0-4487-80DC-856A6DAE0897}\C496E6B63797372323035373 : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{49CD470B-BFE0-4487-80DC-856A6DAE0897}\C696E6B6379737 : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{4E5D6211-0026-466E-8501-04BB5428FD0E} : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{6712E01D-E21D-4F40-8140-1800B8F2F674} : DHCPNameServer = 192.168.5.2
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\franklin family\appdata\roaming\mozilla\firefox\profiles\87yf22zs.default\
FF - prefs.js: browser.search.selectedEngine - istart123
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-6-17 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-6-17 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-6-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-6-17 197400]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-7-28 75480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-7-10 3244048]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-7-10 289328]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-6-24 1565880]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-7-29 106248]
R2 Network File Service;Network File Service;c:\users\franklin family\appdata\local\temp\20140717\ctfmon.exe [2014-7-13 697344]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104264]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500w7.sys [2014-6-22 1092160]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-8 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-23 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-23 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-6-23 1343400]
.
=============== Created Last 30 ================
.
2014-08-06 21:41:35 52440 ----a-w- c:\windows\system32\drivers\imofugc.sys
2014-08-06 21:30:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-06 21:21:23 -------- d-----w- c:\program files\explorer_0711
2014-08-06 20:21:31 -------- d-----w- c:\program files\msrtn32
2014-08-06 20:03:25 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c13681f-f971-4da6-8c03-d02746ac1ceb}\offreg.dll
2014-08-05 21:43:37 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bd30ccb2-5193-4dd2-b01a-3f387219145f}\gapaengine.dll
2014-08-05 21:42:54 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c13681f-f971-4da6-8c03-d02746ac1ceb}\mpengine.dll
2014-08-01 00:30:31 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-08-01 00:25:33 -------- d-----w- c:\programdata\Avg_Update_0614a
2014-07-30 23:41:34 -------- d-----w- c:\users\franklin family\appdata\roaming\AVG2014
2014-07-30 23:41:06 -------- d-----w- c:\users\franklin family\appdata\roaming\TuneUp Software
2014-07-30 23:40:43 -------- d--h--w- C:\$AVG
2014-07-30 23:40:43 -------- d-----w- c:\programdata\AVG2014
2014-07-30 23:40:21 -------- d-----w- c:\program files\AVG
2014-07-30 23:38:31 -------- d--h--w- c:\programdata\Common Files
2014-07-30 23:38:31 -------- d-----w- c:\users\franklin family\appdata\local\MFAData
2014-07-30 23:38:31 -------- d-----w- c:\users\franklin family\appdata\local\Avg2014
2014-07-30 23:38:31 -------- d-----w- c:\programdata\MFAData
2014-07-30 22:11:41 -------- d-----w- c:\program files\res_0711
2014-07-30 01:34:29 -------- d-----w- c:\program files\HitmanPro
2014-07-30 01:34:03 -------- d-----w- c:\programdata\HitmanPro
2014-07-30 01:30:37 -------- d-----w- c:\program files\CCleaner
2014-07-28 16:55:45 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-28 16:55:15 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-28 16:55:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-28 16:55:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-28 16:55:15 -------- d-----w- c:\programdata\Malwarebytes
2014-07-28 16:55:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-28 16:00:57 -------- d-----w- c:\programdata\NetworkHostTask
2014-07-28 15:55:35 -------- d-----w- c:\program files\KeyDownload
2014-07-28 15:51:54 -------- d-----w- c:\programdata\UpdateCommon
2014-07-27 19:32:38 -------- d-----w- c:\program files\Linksys
2014-07-27 19:16:22 -------- d-----w- c:\programdata\Linksys
2014-07-25 20:53:29 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-24 15:23:35 -------- d-----w- c:\users\franklin family\appdata\local\Diagnostics
2014-07-17 22:08:39 -------- d-----w- c:\program files\predm
2014-07-17 21:38:03 -------- d-----w- C:\Microsoft__Sdk
2014-07-17 21:38:03 -------- d-----w- C:\intel
2014-07-17 21:37:35 -------- d-----w- c:\programdata\ClearAsky Installer
2014-07-17 21:37:06 -------- d-----w- c:\programdata\35d06d6fa08215a
2014-07-17 21:37:05 -------- d-----w- c:\users\franklin family\appdata\local\globalUpdate
2014-07-17 21:37:03 -------- d-----w- c:\users\franklin family\appdata\local\Chromatic Browser
2014-07-17 21:37:02 -------- d-----w- c:\users\franklin family\appdata\local\Torch
2014-07-17 21:37:00 -------- d-----w- c:\users\franklin family\appdata\local\Google
2014-07-17 21:37:00 -------- d-----w- c:\users\franklin family\appdata\local\Comodo
2014-07-17 21:36:58 -------- d-----w- C:\microsoft
2014-07-17 21:36:53 -------- d-----w- c:\programdata\InstallMate
2014-07-17 21:36:49 -------- d-----w- c:\users\franklin family\appdata\local\Programs
2014-07-17 21:34:37 -------- d-----w- c:\users\franklin family\appdata\roaming\serv
2014-07-17 21:34:37 -------- d-----w- c:\programdata\Online
2014-07-16 18:57:20 -------- d-----w- c:\users\franklin family\appdata\local\Macromedia
2014-07-16 18:51:00 -------- d-----w- c:\users\franklin family\appdata\local\Mozilla
2014-07-08 20:48:13 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-08 20:48:13 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-08 20:48:13 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-08 20:48:12 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-08 20:48:12 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-08 20:48:12 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-08 20:48:12 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-08 20:48:12 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-08 20:48:01 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-08 20:48:00 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-08 20:47:58 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-08 20:47:58 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-08 20:47:58 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-08 20:47:57 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-08 20:47:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-08 20:47:57 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-08 20:47:57 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-08 20:47:53 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-08 20:47:52 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-08 20:47:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M ====================
.
2014-07-16 19:42:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-16 19:42:11 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 19:43:12 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-24 02:54:52 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-06-24 02:54:43 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-06-24 02:51:31 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-17 23:22:02 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 23:21:22 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 23:18:00 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 23:17:58 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 23:06:40 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 23:06:22 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 23:06:20 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============= FINISH: 14:56:00.70 ===============

Attached Files

	attach.txt (3.8 KB)
	Ark.txt (34.6 KB)