Quote

Here you go: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` AVG PC Tuneup JavaFX 2.1.1 Java 6 Update 31 Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.56 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````

There is no more black screen anymore, thanks. I am posting this without safemode Here's the log: # AdwCleaner v2.107 - Logfile created 01/23/2013 at 15:09:10 # Updated 21/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : coco - COCO-HP # Boot Mode : Safe mode with networking # Running from : C:\Users\coco\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\SweetIM Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\Users\coco\AppData\Local\SwvUpdater Folder Deleted : C:\Users\coco\AppData\Local\Temp\avg@toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\coco\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7142 octets] - [21/01/2013 18:03:06] AdwCleaner[s1].txt - [2049 octets] - [23/01/2013 15:09:10] ########## EOF - C:\AdwCleaner[s1].txt - [2109 octets] ##########

Was that <div> supposed to happen?

<p> </p> <p>I understand and uninstalled BitTorrent</p> <p>Also, there is no "SweetIm for Messenger 3.7" at just, just the "SweetIM Bundle by SweetPacks" guess that is a good thing?</p> <p> </p> <p>Anyways, here is the log,</p> <p> </p> <div># AdwCleaner v2.106 - Logfile created 01/21/2013 at 18:03:06</div> <div># Updated 17/01/2013 by Xplode</div> <div># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)</div> <div># User : coco - COCO-HP</div> <div># Boot Mode : Safe mode with networking</div> <div># Running from : C:\Users\coco\Downloads\adwcleaner.exe</div> <div># Option [search]</div> <div> </div> <div> </div> <div>***** [services] *****</div> <div> </div> <div> </div> <div>***** [Files / Folders] *****</div> <div> </div> <div>Folder Found : C:\Program Files (x86)\SweetIM</div> <div>Folder Found : C:\ProgramData\SweetIM</div> <div>Folder Found : C:\Users\coco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj</div> <div>Folder Found : C:\Users\coco\AppData\Local\SwvUpdater</div> <div>Folder Found : C:\Users\coco\AppData\Local\Temp\avg@toolbar</div> <div>Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div> <div>Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div> <div> </div> <div>***** [Registry] *****</div> <div> </div> <div>Key Found : HKCU\Software\AVG Secure Search</div> <div>Key Found : HKCU\Software\IGearSettings</div> <div>Key Found : HKCU\Software\SweetIM</div> <div>Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</div> <div>Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}</div> <div>Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\Software\AVG Secure Search</div> <div>Key Found : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B</div> <div>Key Found : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B</div> <div>Key Found : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B</div> <div>Key Found : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B</div> <div>Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils</div> <div>Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator</div> <div>Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\sim-packages</div> <div>Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar</div> <div>Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook</div> <div>Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie</div> <div>Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}</div> <div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32</div> <div>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS</div> <div>Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe</div> <div>Key Found : HKLM\Software\SweetIM</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</div> <div>Key Found : HKU\S-1-5-21-2521257847-4211954237-1397596012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</div> <div>Key Found : HKU\S-1-5-21-2521257847-4211954237-1397596012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}</div> <div>Key Found : HKU\S-1-5-21-2521257847-4211954237-1397596012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]</div> <div>Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]</div> <div> </div> <div>***** [internet Browsers] *****</div> <div> </div> <div>-\\ Internet Explorer v9.0.8112.16457</div> <div> </div> <div>[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={AF8CF9AA-6079-11E2-B428-386077E4AB1D}</div> <div> </div> <div>-\\ Google Chrome v24.0.1312.52</div> <div> </div> <div>File : C:\Users\coco\AppData\Local\Google\Chrome\User Data\Default\Preferences</div> <div> </div> <div>[OK] File is clean.</div> <div> </div> <div>*************************</div> <div> </div> <div>AdwCleaner[R1].txt - [7033 octets] - [21/01/2013 18:03:06]</div> <div> </div> <div>########## EOF - C:\AdwCleaner[R1].txt - [7093 octets] ##########</div> <div> </div> <div> </div> <div>May I ask why AVG secure search showed up as "infected" why I still have it when I uninstalled AVG? </div>

Also, is it okay to still have the program I downloaded with the malware on my desktop?

DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1 Run by coco at 14:55:32 on 2013-01-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.5038 [GMT 9:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\ctfmon.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\coco\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={AF8CF9AA-6079-11E2-B428-386077E4AB1D} uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll mWinlogon: Userinit = userinit.exe, BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Google Update] "C:\Users\coco\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [Lexmark 5600-6600 Series] "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: cinemanow.com Trusted Zone: cinemanow.com Trusted Zone: hp.com Trusted Zone: qflix.com Trusted Zone: roxio.com Trusted Zone: roxio.com Trusted Zone: roxionow.com Trusted Zone: roxionow.com Trusted Zone: sonic.com Trusted Zone: sonic.com DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{4C3EC197-301D-493C-BB53-FD8FEAF39B34} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{698D4BB8-D3F5-4BCF-BE87-E7E48CB14B9A} : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" x64-Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-10-5 19600] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-11-3 1582144] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-3 565352] R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-11-3 136000] R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-11-3 409408] S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-10 984144] S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-10 370288] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-3 89600] S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-10 25232] S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-10 71600] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-4 44808] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-6 75624] S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-21 249648] S2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-11-25 181760] S2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-11-25 55296] S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-5-19 575416] S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-17 16384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-29 8704] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-3 2375168] S2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?] S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2008-5-23 33960] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-17 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-17 682344] S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-11-3 1128952] S2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-11-3 109360] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-24 370688] S2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-11-25 291352] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-3 2656280] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-2 195320] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-18 21712] S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-11-3 158976] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-17 24176] S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-5-19 85192] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-3 338536] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2013-01-17 08:11:22 -------- d-----w- C:\Users\coco\AppData\Roaming\Malwarebytes 2013-01-17 08:11:12 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-17 08:11:11 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-17 08:11:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-17 08:10:56 -------- d-----w- C:\Users\coco\AppData\Local\Programs 2013-01-17 07:44:12 -------- d-----w- C:\ProgramData\SweetIM 2013-01-17 07:44:12 -------- d-----w- C:\Program Files (x86)\SweetIM 2013-01-17 07:44:08 -------- d-----w- C:\Program Files (x86)\sweetpacks bundle uninstaller 2013-01-17 07:43:58 -------- d-----w- C:\Users\coco\AppData\Local\SwvUpdater 2013-01-17 07:43:41 -------- d-----w- C:\Program Files (x86)\Media converter 2013-01-17 07:13:42 -------- d-----w- C:\Program Files (x86)\AmazingMIDI 2013-01-16 02:57:25 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{174D0745-E737-4C89-B1AD-D6432935DC84}\mpengine.dll 2013-01-12 13:42:04 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-12 13:42:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-12 13:40:59 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-12 13:39:58 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-12 13:39:57 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-12-22 14:14:37 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-21 09:01:38 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 09:01:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 09:01:37 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 09:01:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll . ==================== Find3M ==================== . 2013-01-13 04:55:48 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-13 04:55:48 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-22 14:14:31 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-12-22 14:14:31 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-12-06 21:46:22 0 ----a-w- C:\Windows\SysWow64\RENCDDD.tmp 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr . ============= FINISH: 14:56:30.39 =============== Roguekiller Scan: RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : coco [Admin rights] Mode : Scan -- Date : 01/19/2013 15:02:32 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++ --- User --- [MBR] bcf52a345e07c92e61b2d643e35b7006 [bSP] 49c79f4f9443c1da590d560f4af66bed : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 936628 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1918420992 | Size: 17139 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] dfda6c72b285d4cfb8c2e53163add206 [bSP] fa145b914d26f33f1dea89776f49388a : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo Finished : << RKreport[1]_S_01192013_02d1502.txt >> RKreport[1]_S_01192013_02d1502.txt Attach.txt is attached attach.zip

Quite recently I downloaded one of those freewares that come bundled with viruses despite if you say not to download it. I had the occurence once before. However the one in the past just stopped. (I don't know what happened to it, im still using the same computer with no problems) I knew something was suspicious about it but I continued to download my program. I clicked install and then it said something about downloading the thing that I said not to download. I opened up google chrome and then a new tab, I was redirected to a search engine page called "Home SweetIM" I knew that my computer had been infected. I immediately ran a scan with avast, it said my computer was perfectly safe. I ran a scan with SpyHunter, I had been infected with a thing called "Whazit" and "SweethomeIM." I downloaded Malwarebytes as quick as possible and ran a scan. I found 11 infected items. It only checked two things to remove. I don't do anything and it removes it. I open Google Chrome and a new tab, the "Home SweetIM" thing was still there. I open Malwarebytes and do another scan and check everything to remove. A dialogue box opened saying something like, "URGENT! You must restart the computer to completely remove the malware!" I press Yes or OK and it restarts. It launches windows, does the loading screen and starts up with a black screen. All I could do was move the cursor with my mouse. I shut off my computer and start in "just safe mode" and run Malwarebytes. It says that all malware was removed. I run SpyHunter, and it says the the malware "whazit" and "SweethomeIM" are still infecting my computer. I don't know what to do now.