Right so heres a detailed account of whats been happening. Read all please.
My computer started showing weird symptoms last night, an svchost.exe in my task manager was stalling all of my other programs and eating 500,000K+ of memory! I tried ending the process but the .exe just kept coming back and eating away memory slowly. and this .exe is stalling all of my programs and causing some programs that would run fine before to lock up until I kill the process then the program unfreezes itself. I keep constantly having to kill it and its getting annoying. oh and did I mention that every time I kill this svchost.exe it keeps disabling my Windows Audio and I keep having to restart it through the services area? because thats getting highly annoying too.
I unplugged my computer from the internet and, after updating it before I disconnected, ran an all night scan of Malwarebytes anti-malware and it did find 2 threats that I removed and rebooted for. after the reboot, I did 1 more quick scan and it didn't find anything so I thought I was in the clear.
I rebooted again and reconnected my computer to the internet. I get hit with a CHKDSK screen asking me to preform a disk check, I let it proceed and it removes some corrupted files and entires. one thing I remember is that it kept saying "Restoring orphaned file" along with a filename and a location. seemed odd but then again I don't use CHKDSK too much to really see a problem.
When I get back to my account I get some windows updates ready to install, mostly security stuff including an update to the malicious software removal tool for XP, figured since some threats were found I figured I would need these security updates. I go ahead and let those install and reboot again.
When the operating system loaded and I got back to my account I was hit with this right off the bat:
![]()
And then svchost.exe comes back with a roaring vengeance and starts eating away at memory again! So I figured this was just some weird problem with XP and I'd do a system restore. I launched system restore and tried rebooting to last week. it starts shutting down and I get the restore process screen so I go and use the bathroom. When I get out I'm greeted with a BSOD and this darling message:
NOTE: I did forget to take out an SD card and charging iPod when I started the system restore process. I don't know if these 2 things would effect the system restore but I'm just throwing that in just in case its useful.
Lovely. so now I rebooted and were here now.
Heres the stuff you guys need:
====
DDS:
====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Ben at 8:25:01 on 2013-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.607 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Semagic - c:\program files\semagic\link.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07882D2D-546F-45CE-9137-ADB2A096475A} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\7bl1swlj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\skype\skypewebplugin\npSkypeWebPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-3-10 22312]
S0 bfsxuxd;bfsxuxd;c:\windows\system32\drivers\jhtqvat.sys --> c:\windows\system32\drivers\jhtqvat.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S4 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2012-2-23 125952]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-04-10 13:22:09 -------- d-sh--w- C:\found.000
2013-03-27 18:57:08 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-03-27 18:56:50 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-03-27 18:56:50 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-27 18:56:45 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2013-03-27 18:56:32 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2013-03-21 18:10:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
==================== Find3M ====================
.
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-17 13:38:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-17 13:38:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2013-03-07 01:29:28 64512 ---ha-w- c:\windows\system32\dns-edos.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet(2).dll
2013-03-02 02:06:31 1212928 ----a-w- c:\windows\system32\urlmon(2).dll
2013-03-02 02:06:31 105984 ----a-w- c:\windows\system32\url(2).dll
2013-03-02 02:06:30 2004992 ----a-w- c:\windows\system32\iertutil(2).dll
2013-03-02 02:06:29 11111424 ----a-w- c:\windows\system32\ieframe(2).dll
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k(2).sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet(6).dll
2013-02-05 20:05:47 1212928 ----a-w- c:\windows\system32\urlmon(6).dll
2013-02-05 20:05:47 105984 ----a-w- c:\windows\system32\url(5).dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 8:34:31.59 ===============
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Once again, thanks for the help. you guys always get me out of my tight spots. :thumb:
(NOTE: For the ARK.log, I left my messenger client on when it was running and it seems to have picked up my messenger client's plugin, "Messenger Plus Live". Messenger Plus Live is a free extension that you can add-on to Windows Live Messenger, it has been brought up in many previous scans as a false positive in scanners. if you wish to confirm the safety of this program, please google "Messenger Plus Live". Thank you.)
My computer started showing weird symptoms last night, an svchost.exe in my task manager was stalling all of my other programs and eating 500,000K+ of memory! I tried ending the process but the .exe just kept coming back and eating away memory slowly. and this .exe is stalling all of my programs and causing some programs that would run fine before to lock up until I kill the process then the program unfreezes itself. I keep constantly having to kill it and its getting annoying. oh and did I mention that every time I kill this svchost.exe it keeps disabling my Windows Audio and I keep having to restart it through the services area? because thats getting highly annoying too.
I unplugged my computer from the internet and, after updating it before I disconnected, ran an all night scan of Malwarebytes anti-malware and it did find 2 threats that I removed and rebooted for. after the reboot, I did 1 more quick scan and it didn't find anything so I thought I was in the clear.
I rebooted again and reconnected my computer to the internet. I get hit with a CHKDSK screen asking me to preform a disk check, I let it proceed and it removes some corrupted files and entires. one thing I remember is that it kept saying "Restoring orphaned file" along with a filename and a location. seemed odd but then again I don't use CHKDSK too much to really see a problem.
When I get back to my account I get some windows updates ready to install, mostly security stuff including an update to the malicious software removal tool for XP, figured since some threats were found I figured I would need these security updates. I go ahead and let those install and reboot again.
When the operating system loaded and I got back to my account I was hit with this right off the bat:
And then svchost.exe comes back with a roaring vengeance and starts eating away at memory again! So I figured this was just some weird problem with XP and I'd do a system restore. I launched system restore and tried rebooting to last week. it starts shutting down and I get the restore process screen so I go and use the bathroom. When I get out I'm greeted with a BSOD and this darling message:
Quote:
|
***STOP: 0x0000007E (0xC0000005, 0xF79C0770, 0xF79F6B94, 0xF79F6890) ***Kdcom.dll Address F79C0770 Base at F79BF000, Datestamp 5164B9E |
Lovely. so now I rebooted and were here now.
Heres the stuff you guys need:
====
DDS:
====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Ben at 8:25:01 on 2013-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.607 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Semagic - c:\program files\semagic\link.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07882D2D-546F-45CE-9137-ADB2A096475A} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\7bl1swlj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\skype\skypewebplugin\npSkypeWebPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-3-10 22312]
S0 bfsxuxd;bfsxuxd;c:\windows\system32\drivers\jhtqvat.sys --> c:\windows\system32\drivers\jhtqvat.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S4 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2012-2-23 125952]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-04-10 13:22:09 -------- d-sh--w- C:\found.000
2013-03-27 18:57:08 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-03-27 18:56:50 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-03-27 18:56:50 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-27 18:56:45 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2013-03-27 18:56:32 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2013-03-21 18:10:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
==================== Find3M ====================
.
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-17 13:38:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-17 13:38:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2013-03-07 01:29:28 64512 ---ha-w- c:\windows\system32\dns-edos.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet(2).dll
2013-03-02 02:06:31 1212928 ----a-w- c:\windows\system32\urlmon(2).dll
2013-03-02 02:06:31 105984 ----a-w- c:\windows\system32\url(2).dll
2013-03-02 02:06:30 2004992 ----a-w- c:\windows\system32\iertutil(2).dll
2013-03-02 02:06:29 11111424 ----a-w- c:\windows\system32\ieframe(2).dll
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k(2).sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet(6).dll
2013-02-05 20:05:47 1212928 ----a-w- c:\windows\system32\urlmon(6).dll
2013-02-05 20:05:47 105984 ----a-w- c:\windows\system32\url(5).dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 8:34:31.59 ===============
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Once again, thanks for the help. you guys always get me out of my tight spots. :thumb:
(NOTE: For the ARK.log, I left my messenger client on when it was running and it seems to have picked up my messenger client's plugin, "Messenger Plus Live". Messenger Plus Live is a free extension that you can add-on to Windows Live Messenger, it has been brought up in many previous scans as a false positive in scanners. if you wish to confirm the safety of this program, please google "Messenger Plus Live". Thank you.)