jjayroe85

Members

View Profile See their activity

Posts
2
Joined
July 5, 2013
Last visited
July 6, 2013

Reputation

0 Neutral

WmiPrvSE.exe is spiking CPU usage

jjayroe85 replied to jjayroe85's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.05.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Jamie :: JAMIE-HP [administrator] 7/5/2013 7:42:38 PM mbar-log-2013-07-05 (19-42-38).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 289961 Time elapsed: 21 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 11810410496, free: 8763244544 Downloaded database version: v2013.07.05.04 Initializing... ------------ Kernel report ------------ 07/05/2013 19:42:32 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\amdsata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS \SystemRoot\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS \SystemRoot\System32\Drivers\fsh.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\scmndisp.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\DRIVERS\AtiPcie64.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\NISx64\1109000.00C\Ironx64.SYS \SystemRoot\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100909.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\NISx64\1109000.00C\ccHPx64.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx64.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\mcvidrv_x64.sys \SystemRoot\system32\DRIVERS\STREAM.SYS \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\mcaudrv_x64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ScreamingBAudio64.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\appliand.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amdsata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Program Files (x86)\IObit\Password Folder\pffilter.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys \SystemRoot\system32\DRIVERS\avgidsfiltera.sys \SystemRoot\system32\DRIVERS\lirsgt.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\cdd.dll \??\C:\Program Files\PeerBlock\pbfilter.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800b695060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a0\ Lower Device Object: 0xfffffa800b694b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800b68a6f0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009f\ Lower Device Object: 0xfffffa800b686b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800b68b060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009e\ Lower Device Object: 0xfffffa800b688b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800b690790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009d\ Lower Device Object: 0xfffffa800b695b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8009500370 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa80094f16d0 Lower Device Driver Name: \Driver\amdsata\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8009500370, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009501040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009500370, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80094f5b80, DeviceName: Unknown, DriverName: \Driver\amdxata\ DevicePointer: 0xfffffa80094f16d0, DeviceName: \Device\00000073\, DriverName: \Driver\amdsata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: FDE46555 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1226211328 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1226418176 Numsec = 23842816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800b690790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b068a20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b690790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b68a040, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa800b695b60, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800b68b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b1816a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b68b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b685040, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa800b688b60, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800b68a6f0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b694470, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b68a6f0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b689690, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa800b686b60, DeviceName: \Device\0000009f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800b695060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b684040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b695060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b686570, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa800b694b60, DeviceName: \Device\000000a0\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Read File: File "c:\programdata\avg2012\chjw\24f8aa51f8aa20d2.dat:4144a759-abe0-445f-9750-754fa058cc64" is sparse (flags = 32768) Read File: File "c:\programdata\avg2012\log\avg-b7993b37-50ce-4316-a5d2-1c466fb2d36c.tmp" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Jamie on Fri 07/05/2013 at 20:06:20.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] cltmngsvc Successfully deleted: [service] cltmngsvc Successfully stopped: [service] ibupdaterservice Successfully deleted: [service] ibupdaterservice ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1033992396-2068033507-787783631-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2559434 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3298578 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2229AD99-9C34-4FF5-8863-0D587A2517B7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{78735F40-4E2A-43E4-9622-8D476ADEE356} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9E6E165D-D113-45EE-9717-6817519ED7BD} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{78735F40-4E2A-43E4-9622-8D476ADEE356} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" ~~~ Files Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job" Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.1049.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.1049.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\Users\Jamie\AppData\Roaming\dvdvideosoftiehelpers" Successfully deleted: [Folder] "C:\Users\Jamie\AppData\Roaming\pccustubinstaller" Successfully deleted: [Folder] "C:\Users\Jamie\AppData\Roaming\searchprotect" Successfully deleted: [Folder] "C:\Users\Jamie\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Jamie\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Jamie\appdata\locallow\conduitengine" Successfully deleted: [Folder] "C:\Users\Jamie\appdata\locallow\mywebsearch" Successfully deleted: [Folder] "C:\Users\Jamie\appdata\locallow\pricegong" Failed to delete: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine" Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect" Successfully deleted: [Folder] "C:\Windows\freecorder" Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{03A99A0E-BB2D-4514-9FD5-94021FDA373A} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{068B7947-B111-4FBD-A59F-61BCDD5F81AA} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{0CE0BF7A-FE73-4C7F-B633-6489E8C27231} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{2CEA4D59-2C28-4CD8-9230-210C3D0EB07E} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{2D4E20B3-5004-49EB-9107-1985FF9EDE13} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{375ACDEE-0C06-471D-BD19-28162A88890B} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{5EF8A467-5DA4-4FC7-B679-BFEBA896A479} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{635C9B28-AFF6-486A-942C-B244459758D2} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{7E6B86F8-C2B9-403C-BEA0-2BDEF16899CF} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{A200F0F7-E504-4ED9-9BEB-605EBA91CBEA} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{AAFC84A6-C6F2-41A6-8EC9-10FA45A7808D} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{B0EE4706-0D65-418D-88E2-B859DF4A84C7} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{B35090CD-37BC-4142-8817-DF589706E67B} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{B7A575C7-3D56-4903-8828-ACBA9B1C6F42} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{BBAE0874-1BB2-46FC-9B2D-534DEF7978D4} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{DF9580FB-452D-4451-AE36-0C21720CD585} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{E1955FD8-4DAB-4F43-B795-DB69726BAA1A} Successfully deleted: [Empty Folder] C:\Users\Jamie\appdata\local\{F459E1EA-E57C-4529-BAED-91573CA6B1F9} Successfully deleted: [Folder] "C:\ProgramData\ask" Successfully deleted: [Folder] "C:\Users\Jamie\appdata\locallow\asktoolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ FireFox Successfully deleted: [File] C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\user.js Successfully deleted: [File] C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\invalidprefs.js Successfully deleted: [File] C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\searchplugins\askcom.xml Successfully deleted: [File] C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\searchplugins\conduit.xml Successfully deleted: [Folder] C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\smartbar Successfully deleted the following from C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\prefs.js user_pref("CT3298578.installType", "conduitnsisintegration"); user_pref("CT3298578.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN user_pref("CT3298578.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll user_pref("CT3298578.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dwww.motherless.com%26pc%3Dconduit%26pta user_pref("CT3298578.search.searchAppId", "130110229089034497"); user_pref("CT3298578.search.searchCount", "0"); user_pref("CT3298578.smartbar.CTID", "CT3298578"); user_pref("CT3298578.smartbar.Uninstall", "0"); user_pref("CT3298578.smartbar.homepage", "true"); user_pref("CT3298578.smartbar.isHidden", true); user_pref("CT3298578.smartbar.toolbarName", "MixiDJ V42 "); user_pref("CommunityToolbar.ToolbarsList", "CT2559434"); user_pref("CommunityToolbar.ToolbarsList2", "CT2559434"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Dec 25 2010 19:56:39 GMT-0500 (Eastern Standard Time)"); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559434"); user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V42 Customized Web Search"); user_pref("Smartbar.keywordURLSelectedCTID", "CT3298578"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultthis.engineName", "MixiDJ V42 Customized Web Search"); user_pref("browser.search.order.1", "Ask.com"); user_pref("smartbar.addressBarOwnerCTID", "CT3298578"); user_pref("smartbar.machineId", "W1IYF3KN5ZGV4OIAXZGC/APOWHLNJAWRPYYZWGDHGVDOBQIV25Y05SQTUN+SJ7RUBJREDTSALRZGVBCITGRBJG"); Emptied folder: C:\Users\Jamie\AppData\Roaming\mozilla\firefox\profiles\bhcjvdrk.default\minidumps [354 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 07/05/2013 at 20:12:20.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.304 - Logfile created 07/05/2013 at 20:15:04 # Updated 03/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Jamie - JAMIE-HP # Boot Mode : Normal # Running from : C:\Users\Jamie\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boalolmjphaheejepjcjcpngbeimiend Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Folder Deleted : C:\Program Files (x86)\Hoyle Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\Users\Buddy\AppData\Local\AVG Security Toolbar Folder Deleted : C:\Users\Buddy\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Buddy\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Buddy\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Buddy\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Buddy\AppData\LocalLow\Hoyle Folder Deleted : C:\Users\Buddy\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Buddy\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Buddy\AppData\Roaming\Hoyle Folder Deleted : C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\entriy2b.default\StumbleUpon Folder Deleted : C:\Users\Buddy\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boalolmjphaheejepjcjcpngbeimiend Folder Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Folder Deleted : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\Jamie\AppData\LocalLow\Hoyle Folder Deleted : C:\Users\Jamie\AppData\Roaming\Hoyle Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Hoyle Key Deleted : HKCU\Software\Google\Chrome\Extensions\boalolmjphaheejepjcjcpngbeimiend Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\Software\Hoyle Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{333F21AD-824F-4A75-A04C-7A66E18D90BF} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{333F21AD-824F-4A75-A04C-7A66E18D90BF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\boalolmjphaheejepjcjcpngbeimiend Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C61F20F6-195E-41F5-AFCB-9B9C034D2A34} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hoyle Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\prefs.js Deleted : user_pref("CT2559434.CTID", "CT2559434"); Deleted : user_pref("CT2559434.CurrentServerDate", "26-12-2010"); Deleted : user_pref("CT2559434.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2559434.DownloadReferralCookieData", ""); Deleted : user_pref("CT2559434.EMailNotifierPollDate", "Sat Dec 25 2010 21:21:39 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2559434.FeedLastCount129126410061715397", 0); Deleted : user_pref("CT2559434.FeedPollDate129126410061715397", "Sat Dec 25 2010 21:11:39 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2559434.FirstServerDate", "26-12-2010"); Deleted : user_pref("CT2559434.FirstTime", true); Deleted : user_pref("CT2559434.FirstTimeFF3", true); Deleted : user_pref("CT2559434.FirstTimeSettingsDone", true); Deleted : user_pref("CT2559434.FixPageNotFoundErrors", true); Deleted : user_pref("CT2559434.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2559434.Initialize", true); Deleted : user_pref("CT2559434.InitializeCommonPrefs", true); Deleted : user_pref("CT2559434.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2559434.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2559434.InstalledDate", "Sat Dec 25 2010 19:56:38 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2559434.InvalidateCache", false); Deleted : user_pref("CT2559434.IsGrouping", false); Deleted : user_pref("CT2559434.IsMulticommunity", false); Deleted : user_pref("CT2559434.IsOpenThankYouPage", false); Deleted : user_pref("CT2559434.IsOpenUninstallPage", true); Deleted : user_pref("CT2559434.LanguagePackLastCheckTime", "Sat Dec 25 2010 19:56:39 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT2559434.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2559434.LastLogin_2.7.1.3", "Sat Dec 25 2010 19:56:39 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT2559434.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2559434.Locale", "en"); Deleted : user_pref("CT2559434.LoginCache", 4); Deleted : user_pref("CT2559434.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2559434.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2559434.RadioIsPodcast", false); Deleted : user_pref("CT2559434.RadioLastCheckTime", "Sat Dec 25 2010 19:56:39 GMT-0500 (Eastern Standard Time)[...] Deleted : user_pref("CT2559434.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2559434.RadioLastUpdateServer", "0"); Deleted : user_pref("CT2559434.RadioMediaID", "9909"); Deleted : user_pref("CT2559434.RadioMediaType", "Media Player"); Deleted : user_pref("CT2559434.RadioMenuSelectedID", "EBRadioMenu_CT25594349909"); Deleted : user_pref("CT2559434.RadioStationName", "WQXR-FM%20NYC%20(Classical)"); Deleted : user_pref("CT2559434.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2559434.SearchInNewTabEnabled", true); Deleted : user_pref("CT2559434.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2559434.SearchInNewTabLastCheckTime", "Sat Dec 25 2010 19:56:39 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT2559434.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2559434.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2559434.SettingsLastCheckTime", "Sat Dec 25 2010 19:56:36 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2559434.SettingsLastUpdate", "1293103260"); Deleted : user_pref("CT2559434.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2559434.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 19:56:36 GMT-0500 (Eastern Sta[...] Deleted : user_pref("CT2559434.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2559434.UserID", "UN74079594107204837"); Deleted : user_pref("CT2559434.WeatherNetwork", ""); Deleted : user_pref("CT2559434.WeatherPollDate", "Sat Dec 25 2010 20:56:39 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2559434.WeatherUnit", "F"); Deleted : user_pref("CT2559434.alertChannelId", "952325"); Deleted : user_pref("CT2559434.clientLogIsEnabled", true); Deleted : user_pref("CT2559434.myStuffEnabled", true); Deleted : user_pref("CT2559434.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2559434.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3298578.1000082.isPlayDisplay", "true"); Deleted : user_pref("CT3298578.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...] Deleted : user_pref("CT3298578.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3298578.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3298578.FF19Solved", "true"); Deleted : user_pref("CT3298578.FirstTime", "true"); Deleted : user_pref("CT3298578.FirstTimeFF3", "true"); Deleted : user_pref("CT3298578.PG_ENABLE", "dHJ1ZQ=="); Deleted : user_pref("CT3298578.SF_JUST_INSTALLED.enc", "RkFMU0U="); Deleted : user_pref("CT3298578.SF_STATUS.enc", "RU5BQkxFRA=="); Deleted : user_pref("CT3298578.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...] Deleted : user_pref("CT3298578.UserID", "UN74375291159141340"); Deleted : user_pref("CT3298578.YTbyClickFavorites.enc", "W10="); Deleted : user_pref("CT3298578.YTbyClickRecent.enc", "W10="); Deleted : user_pref("CT3298578.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3298578.autoDisableScopes", -1); Deleted : user_pref("CT3298578.browser.search.defaultthis.engineName", "true"); Deleted : user_pref("CT3298578.countryCode", "US"); Deleted : user_pref("CT3298578.defaultSearch", "true"); Deleted : user_pref("CT3298578.enableAlerts", "true"); Deleted : user_pref("CT3298578.enableFix404ByUser", "TRUE"); Deleted : user_pref("CT3298578.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT3298578.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3298578.fixPageNotFoundError", "true"); Deleted : user_pref("CT3298578.fixPageNotFoundErrorByUser", "true"); Deleted : user_pref("CT3298578.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3298578.fixUrls", true); Deleted : user_pref("CT3298578.fullUserID", "UN74375291159141340.UP.20130625212812"); Deleted : user_pref("CT3298578.homepageuserchanged", true); Deleted : user_pref("CT3298578.installDate", "6/6/2013 18:37:02"); Deleted : user_pref("CT3298578.installId", "aaa_cid152_307"); Deleted : user_pref("CT3298578.installSessionId", "{D0A41674-2ED6-4C1E-AA18-7EB278F2BF8D}"); Deleted : user_pref("CT3298578.installSp", "TRUE"); Deleted : user_pref("CT3298578.installUsage", "2013-06-07T01:41:43.237639+03:00"); Deleted : user_pref("CT3298578.installUsageEarly", "2013-06-07T01:41:39.6807706+03:00"); Deleted : user_pref("CT3298578.installerVersion", "1.4.2.3"); Deleted : user_pref("CT3298578.isCheckedStartAsHidden", true); Deleted : user_pref("CT3298578.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3298578.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT3298578.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3298578.keyword", "true"); Deleted : user_pref("CT3298578.lastVersion", "10.16.4.519"); Deleted : user_pref("CT3298578.mam_gk_appStateReportTime.enc", "MTM3MDU1ODUyMDI2MQ=="); Deleted : user_pref("CT3298578.mam_gk_appState_CouponBuddy.enc", "b2Zm"); Deleted : user_pref("CT3298578.mam_gk_appState_Easytobook.enc", "b2Zm"); Deleted : user_pref("CT3298578.mam_gk_appState_Easytobook_targeted.enc", "b2Zm"); Deleted : user_pref("CT3298578.mam_gk_appState_PriceGong.enc", "b2Zm"); Deleted : user_pref("CT3298578.mam_gk_appState_WindowShopper.enc", "b2Zm"); Deleted : user_pref("CT3298578.mam_gk_appsDefaultEnabled.enc", "ZmFsc2U="); Deleted : user_pref("CT3298578.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5Iiw[...] Deleted : user_pref("CT3298578.mam_gk_currentVersion.enc", "MS44LjAuNA=="); Deleted : user_pref("CT3298578.mam_gk_eventsCache.enc", "eyIyMGQyMjcwNC02NTk2LTQ2NDEtYjRkZC02OGY2MmIyN2UwYmYiO[...] Deleted : user_pref("CT3298578.mam_gk_first_time.enc", "MQ=="); Deleted : user_pref("CT3298578.mam_gk_gadgetOpen.enc", "MA=="); Deleted : user_pref("CT3298578.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Deleted : user_pref("CT3298578.mam_gk_lastLoginTime.enc", "MTM3MDU1ODUxODQ1NQ=="); Deleted : user_pref("CT3298578.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...] Deleted : user_pref("CT3298578.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); Deleted : user_pref("CT3298578.mam_gk_showCloseButton.enc", "dHJ1ZQ=="); Deleted : user_pref("CT3298578.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ=="); Deleted : user_pref("CT3298578.mam_gk_userId.enc", "ZjAxODNhNWEtZDk5NC00MmM5LTlmYjgtNDEwNjUxODQzMGU4"); Deleted : user_pref("CT3298578.mam_gk_user_approval_interacted.enc", "MQ=="); Deleted : user_pref("CT3298578.migrateAppsAndComponents", true); Deleted : user_pref("CT3298578.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Deleted : user_pref("CT3298578.openThankYouPage", "false"); Deleted : user_pref("CT3298578.openUninstallPage", "true"); Deleted : user_pref("CT3298578.originalSearchEngine", "Hotspot Shield Private Search"); Deleted : user_pref("CT3298578.revertSettingsEnabled", "true"); Deleted : user_pref("CT3298578.searchFromAddressBarEnabledByUser", "true"); Deleted : user_pref("CT3298578.searchInNewTabEnabledByUser", "true"); Deleted : user_pref("CT3298578.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3298578.searchRevert", "true"); Deleted : user_pref("CT3298578.searchSuggestEnabledByUser", "true"); Deleted : user_pref("CT3298578.searchUserMode", "2"); Deleted : user_pref("CT3298578.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3298578.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3298578.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3298578.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3298578.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3298578.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3298578.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3298578.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT3298578.serviceLayer_services_Configuration_lastUpdate", "1372280532474"); Deleted : user_pref("CT3298578.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370558505406"); Deleted : user_pref("CT3298578.serviceLayer_services_appsMetadata_lastUpdate", "1370558505192"); Deleted : user_pref("CT3298578.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370558505211"); Deleted : user_pref("CT3298578.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1370558500[...] Deleted : user_pref("CT3298578.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1370558505821")[...] Deleted : user_pref("CT3298578.serviceLayer_services_location_lastUpdate", "1372138783535"); Deleted : user_pref("CT3298578.serviceLayer_services_login_10.15.2.23_lastUpdate", "1370573608066"); Deleted : user_pref("CT3298578.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372198399241"); Deleted : user_pref("CT3298578.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372280533836"); Deleted : user_pref("CT3298578.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370558505137"); Deleted : user_pref("CT3298578.serviceLayer_services_searchAPI_lastUpdate", "1372280532250"); Deleted : user_pref("CT3298578.serviceLayer_services_serviceMap_lastUpdate", "1372280531984"); Deleted : user_pref("CT3298578.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370558504990"); Deleted : user_pref("CT3298578.serviceLayer_services_toolbarSettings_lastUpdate", "1372280533894"); Deleted : user_pref("CT3298578.serviceLayer_services_translation_lastUpdate", "1372280533527"); Deleted : user_pref("CT3298578.settingsINI", true); Deleted : user_pref("CT3298578.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3298578.showToolbarPermission", "false"); Deleted : user_pref("CT3298578.startPage", "true"); Deleted : user_pref("CT3298578.toolbarBornServerTime", "7-6-2013"); Deleted : user_pref("CT3298578.toolbarCurrentServerTime", "27-6-2013"); Deleted : user_pref("CT3298578.toolbarDisabled", "true"); Deleted : user_pref("CT3298578.toolbarLoginClientTime", "Thu Jun 06 2013 18:41:45 GMT-0400 (Eastern Standard T[...] Deleted : user_pref("CT3298578.versionFromInstaller", "10.15.2.23"); Deleted : user_pref("CT3298578_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("extensions.asktb.cbid", "OP"); Deleted : user_pref("extensions.asktb.fresh-install", false); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1339629098896"); Deleted : user_pref("extensions.asktb.locale", "en_US"); Deleted : user_pref("extensions.asktb.o", "16179"); Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.r", "6"); Deleted : user_pref("extensions.asktb.search-suggestions-enabled", false); Deleted : user_pref("extensions.asktb.v", "3.9.1.100013"); File : C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\entriy2b.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); -\\ Google Chrome v27.0.1453.116 File : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.35] : keyword = "search.conduit.com", ************************* AdwCleaner[s1].txt - [23952 octets] - [05/07/2013 20:15:04] ########## EOF - C:\AdwCleaner[s1].txt - [24013 octets] ########## C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application C:\Users\Jamie\Downloads\ac3filter_2_5b.exe Win32/OpenCandy application C:\Users\Jamie\Downloads\FCTBSetup.exe Win32/OpenCandy application C:\Users\Jamie\Downloads\FLVPlayerSetup.exe Win32/OpenCandy application C:\Users\Jamie\Downloads\FreeHideIP-3.7.0.2.Setup.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\FreeYouTubeToMP3Converter.exe multiple threats C:\Users\Jamie\Downloads\installer_cdisplay_1_8_1_0_English.exe multiple threats C:\Users\Jamie\Downloads\ManyCam (2).exe multiple threats C:\Users\Jamie\Downloads\ManyCam(2).exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\ManyCam(3).exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\ManyCam(4).exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\ManyCam.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\ManyCam_v.2.4.69.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\notmyip.exe probably a variant of Win32/Agent.NKSPSGW trojan C:\Users\Jamie\Downloads\password-folder-setup-beta.exe Win32/Toolbar.Widgi application C:\Users\Jamie\Downloads\pc-wizard_2012.2.11-setup(1).exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\pc-wizard_2012.2.11-setup.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Jamie\Downloads\VeohWebPlayerSetup_us.exe a variant of Win32/InstallBrain.A application
- July 6, 2013
- 4 replies
WmiPrvSE.exe is spiking CPU usage

jjayroe85 posted a topic in Resolved Malware Removal Logs

Needing some help with this. This .exe is pushing my CPU usage to 100% at times, seems dangerous to me. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2 Run by Jamie at 19:22:46 on 2013-07-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.11263.8516 [GMT -4:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\ProgramData\IBUpdaterService\ibsvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\Jamie\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Users\Jamie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Hoyle Toolbar: {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\tbHoyl.dll uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned> mURLSearchHooks: Hoyle Toolbar: {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\tbHoyl.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll BHO: Hoyle Toolbar: {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\tbHoyl.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Qbyrd Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll TB: Qbyrd Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Hoyle Toolbar: {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} - C:\Program Files (x86)\Hoyle\tbHoyl.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll TB: Hoyle Toolbar: {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - C:\Program Files (x86)\Hoyle\tbHoyl.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Qbyrd Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [ROC_ROC_APR2013_AV] C:\Users\Jamie\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid c2d79917a09ac5fa4665d82830057ace-e8e4fbfb4a16d65e9400e2ce60e5c18caf270c7c --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 uRun: [searchProtect] C:\Users\Jamie\AppData\Roaming\SearchProtect\bin\cltmng.exe uRun: [spotify Web Helper] "C:\Users\Jamie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Free YouTube to MP3 Converter - C:\Users\Jamie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{638EA22C-0D41-4970-8820-2E082AE102C7} : DHCPNameServer = 24.28.193.96 24.28.193.97 192.168.1.1 TCP: Interfaces\{E33C1F11-F633-414A-9E8B-0DB157F129DE} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{E33C1F11-F633-414A-9E8B-0DB157F129DE}\05F6C696365602355727675696C6C616E63656026516E6 : DHCPNameServer = 208.85.133.10 208.85.133.11 TCP: Interfaces\{E33C1F11-F633-414A-9E8B-0DB157F129DE}\34963736F6455646 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff11.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff12.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}\components\RadioWMPCoreGecko5.dll FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}\components\RadioWMPCoreGecko6.dll FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}\components\RadioWMPCoreGecko7.dll FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}\components\RadioWMPCoreGecko8.dll FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\bhcjvdrk.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}\components\RadioWMPCoreGecko9.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll FF - plugin: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-23 11:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . ---- FIREFOX POLICIES ---- FF - user.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2010-5-23 55872] R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-3-5 25312] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2011-10-12 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2011-10-12 221304] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-8-9 945200] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2011-10-12 593544] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100909.001\IDSviA64.sys [2010-9-10 463408] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2011-10-12 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2011-10-12 451704] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [2010-5-23 95544] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984] R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-5-1 397848] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-12 126400] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-6-19 132504] R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Password Folder\pffilter.sys [2011-4-8 66144] R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-3-5 272864] R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-3-5 1244224] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-6-19 138912] R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304] R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-5-31 24176] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-18 39480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-21 46136] S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560] S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2013-6-19 24368] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-2 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-7-27 6465632] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-18 346144] S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2012-1-23 21504] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-13 1255736] S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2010-5-23 101952] . =============== Created Last 30 ================ . 2013-06-28 21:34:47 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-26 01:52:01 -------- d-----w- C:\Users\Jamie\AppData\Local\SlimWare Utilities Inc 2013-06-26 01:51:55 -------- d-----w- C:\Program Files (x86)\DriverUpdate 2013-06-19 05:09:10 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup 3.0 2013-06-19 04:45:58 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-06-19 04:34:53 -------- d-----w- C:\AMD 2013-06-19 04:21:59 -------- d-----w- C:\ProgramData\UAB 2013-06-19 04:21:52 -------- d-----w- C:\Users\Jamie\AppData\Local\PC_Drivers_Headquarters 2013-06-19 04:21:34 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters 2013-06-19 04:21:31 -------- d-----w- C:\Users\Jamie\AppData\Roaming\PCCUStubInstaller 2013-06-19 04:19:51 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters 2013-06-19 04:17:58 -------- d-----w- C:\ProgramData\APN 2013-06-19 04:08:32 114176 ----a-w- C:\Windows\SysWow64\PCWizard.cpl 2013-06-19 04:08:30 -------- d-----w- C:\Program Files (x86)\CPUID 2013-06-12 07:02:04 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2013-06-12 07:01:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-06-12 07:01:59 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-12 07:01:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-06-12 07:01:58 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-12 00:16:28 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-12 00:16:27 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-12 00:16:27 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-06-12 00:16:16 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-12 00:16:15 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-06-12 00:16:07 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-12 00:16:07 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-06-12 00:15:52 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-06-12 00:15:52 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-06-12 00:15:52 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-06-12 00:15:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-12 00:15:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-12 00:15:52 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-06-12 00:15:52 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-12 00:15:52 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-06-12 00:15:52 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-06-12 00:15:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-06-12 00:15:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-12 00:15:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-06-07 14:16:01 -------- d-----w- C:\ProgramData\Battle.net 2013-06-06 22:37:44 -------- d-----w- C:\Program Files (x86)\Conduit 2013-06-06 22:37:41 -------- d-----w- C:\Users\Jamie\AppData\Local\Conduit 2013-06-06 22:37:25 -------- d-----w- C:\Users\Jamie\AppData\Local\CRE 2013-06-06 22:37:08 -------- d-----w- C:\Program Files (x86)\SearchProtect 2013-06-06 22:37:03 -------- d-----w- C:\Users\Jamie\AppData\Roaming\SearchProtect . ==================== Find3M ==================== . 2013-06-28 21:39:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-28 21:39:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-28 21:34:38 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-28 21:34:38 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2013-05-08 06:10:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2013-04-24 19:28:08 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys 2013-04-24 19:18:34 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-11 07:18:40 384800 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 19:23:50.36 ===============
- July 5, 2013
- 4 replies

Sign In

jjayroe85

Posts

Joined

Last visited

Reputation

WmiPrvSE.exe is spiking CPU usage

WmiPrvSE.exe is spiking CPU usage

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information