svchost.exe memory usage high/google redirect

Shadowthrow · June 9, 2012

Hello, I've been having a issue with my svchost.exe, it's take around 160k to 800k( it reaches higher the longer I leave the computer on). My start up is very slow and Im guessing it has to do with the memory that is being consumed. Anyways, Here is the logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Eric at 5:16:14 on 2012-06-09

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1660 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

uURLSearchHooks: H - No File

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD1.dll

BHO: AutorunsDisabled - No File

BHO: Ask Toolbar BHO - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD1.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: WinToFlash Suggestor: {fc36b0bd-27f0-4cdd-8ab1-50651efc3efd} - c:\program files\wintoflash suggestor\WinToFlashSuggestor.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD1.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\eric\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Free YouTube to iPod Converter - c:\users\eric\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm

IE: Free YouTube to Mp3 Converter - c:\users\eric\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - c:\program files\wintoflash suggestor\WinToFlashSuggestor.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{57A175E1-2CD4-46D8-A7DE-7D0BFFE0319E} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration

mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111103

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\webzen\browserextension\NPWZCmnCtrl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\eric\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\extensions\{f689bafc-70f0-4550-9001-dc2a1cc8c0dd}\plugins\np-mswmp.dll

FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\zne32cu7.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\plugins\np-mswmp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: extentions.y2layers.installId - aa5136da-a24e-4cf5-8cf7-9786300623f0

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals,

.

============= SERVICES / DRIVERS ===============

.

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2012-4-28 23680]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-1-26 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-1 21992]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-1-26 21504]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-10 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]

S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]

S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-2-11 10872]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-8-9 50728]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-2-20 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2012-4-28 6656]

S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\drivers\ladfBakerCi386.sys [2011-3-18 378568]

S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\drivers\ladfBakerRi386.sys [2011-3-18 312136]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\drivers\ladfGSCi386.sys [2011-4-11 378568]

S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\drivers\ladfGSRi386.sys [2011-4-11 317384]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2010-1-26 21504]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-2-13 27136]

S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [2009-8-3 286208]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2012-4-28 10240]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 257696]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]

S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-7 8704]

S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]

S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-29 206120]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]

S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688]

S4 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-29 185640]

S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-2-13 736104]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-06-09 08:56:49 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-09 08:18:58 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-06-09 05:20:55 -------- d-sh--w- C:\found.000

2012-06-08 17:10:12 -------- d-----w- c:\users\eric\appdata\roaming\SUPERAntiSpyware.com

2012-06-08 17:09:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-08 17:09:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-08 15:46:24 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-08 15:46:22 -------- d-----w- c:\users\eric\appdata\local\temp

2012-06-08 05:50:52 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6d68408e-d63c-4acc-83d3-3ed7513a8d04}\mpengine.dll

2012-06-01 21:10:57 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2012-06-01 21:10:56 -------- d-----w- c:\program files\ffdshow

2012-06-01 21:10:36 -------- d-----w- c:\programdata\IObit

2012-06-01 21:10:36 -------- d-----w- c:\program files\IObit

2012-06-01 17:49:22 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys

2012-06-01 17:49:21 -------- d-----w- c:\program files\CPUID

2012-06-01 03:32:59 1933312 ----a-w- c:\windows\system32\MaxxAudioEQ.dll

2012-05-31 21:41:44 -------- d-----w- c:\program files\Logitech Gaming Software

2012-05-28 18:07:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-05-28 18:07:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-28 18:07:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-28 18:07:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-28 18:07:47 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-05-23 11:45:58 -------- d-----w- c:\users\eric\appdata\roaming\LolClient2

2012-05-21 17:45:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-21 17:44:36 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-05-21 17:44:36 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

2012-05-21 17:44:35 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-05-21 17:44:35 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-05-21 17:44:35 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

2012-05-21 17:44:35 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-05-21 12:19:14 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-21 10:35:48 -------- d-----w- c:\programdata\WeCareReminder

2012-05-21 10:35:20 -------- d-----w- c:\users\eric\appdata\roaming\OpenCandy

2012-05-21 10:35:11 2557952 ----a-w- c:\windows\system32\QtCore4.dll

2012-05-21 10:35:09 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll

2012-05-21 02:37:31 -------- d-----w- c:\program files\WinToFlash Suggestor

2012-05-21 01:51:24 -------- d-----w- c:\program files\Oracle

2012-05-21 01:51:13 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

.

==================== Find3M ====================

.

2012-06-01 03:33:03 319456 ----a-w- c:\windows\DIFxAPI.dll

2012-06-01 03:32:57 315392 ----a-w- c:\windows\HideWin.exe

2012-05-21 02:02:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-21 02:02:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-04-06 02:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 02:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll

2012-04-06 02:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-04-06 02:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll

2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll

2012-04-06 02:16:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-04-06 02:16:24 451072 ----a-w- c:\windows\system32\atieclxx.exe

2012-04-06 02:15:50 217600 ----a-w- c:\windows\system32\atiesrxx.exe

2012-04-06 02:14:36 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2012-04-06 02:14:28 20992 ----a-w- c:\windows\system32\atimuixx.dll

2012-04-06 02:14:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- c:\windows\system32\atidxx32.dll

2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:50:56 19753984 ----a-w- c:\windows\system32\atioglxx.dll

2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll

2012-04-06 01:34:04 6203392 ----a-w- c:\windows\system32\atiumdag.dll

2012-04-06 01:30:14 46080 ----a-w- c:\windows\system32\aticalrt.dll

2012-04-06 01:30:06 44032 ----a-w- c:\windows\system32\aticalcl.dll

2012-04-06 01:25:30 13764096 ----a-w- c:\windows\system32\aticaldd.dll

2012-04-06 01:22:54 4795904 ----a-w- c:\windows\system32\atiumdva.dll

2012-04-06 01:11:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll

2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll

2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll

2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll

2012-04-06 01:09:10 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-04-06 01:09:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 ->

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x9082E368]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, 0x909b3030; PUSH EAX; MOV ECX, [EBP+0xc]; PUSH ECX; MOV EDX, [EBP+0x8]; PUSH EDX; MOV ECX, [EAX+0x18]; CALL ECX; }

1 ntkrnlpa!IofCallDriver[0x80C89912] -> \Device\Harddisk0\DR0[0x8EC82030]

3 CLASSPNP[0x8138D8B3] -> ntkrnlpa!IofCallDriver[0x80C89912] -> [0x8E2E3A60]

5 acpi[0x812906BC] -> ntkrnlpa!IofCallDriver[0x80C89912] -> [0x8E2E1C90]

\Driver\nvstor32[0x8EDD8100] -> IRP_MJ_CREATE -> 0x8EE384B1

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-75A7B#4&3b9922aa&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 5:18:30.90 ===============

gringo_pr · June 10, 2012

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
[*]Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
[*]Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
[*]Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from

here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

Shadowthrow · June 10, 2012

Results of screen317's Security Check version 0.99.41

Windows Vista Service Pack 2 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

JavaFX 2.1.0

Java 6 Update 26

Java 7 Update 4

Java SE Development Kit 7 Update 1

Adobe Flash Player 11.2.202.235

Adobe Reader X (10.1.3)

Mozilla Firefox (12.0)

Google Chrome 19.0.1084.46

Google Chrome 19.0.1084.52

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

Shadowthrow · June 10, 2012

ComboFix 12-06-09.02 - Eric 06/10/2012 2:31.5.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1928 [GMT -4:00]

Running from: c:\users\Eric\Downloads\gkhygk.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\ladfGSRCoinst_i386.dll

.

((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))

.

2012-06-10 06:40 . 2012-06-10 06:40 -------- d-----w- c:\users\Eric\AppData\Local\temp

2012-06-10 06:40 . 2012-06-10 06:40 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-06-10 06:40 . 2012-06-10 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-10 03:38 . 2012-06-10 03:38 -------- d-----w- c:\program files\iPod

2012-06-10 03:38 . 2012-06-10 03:39 -------- d-----w- c:\program files\iTunes

2012-06-10 03:37 . 2012-06-10 03:37 -------- d-----w- c:\program files\Apple Software Update

2012-06-09 14:54 . 2012-06-10 03:37 -------- d-----w- c:\windows\LastGood

2012-06-09 14:53 . 2012-06-09 14:56 -------- d-----w- c:\program files\Logitech Gaming Software

2012-06-09 08:56 . 2012-06-09 08:56 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-09 08:18 . 2012-06-09 08:48 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-06-09 05:20 . 2012-06-09 05:20 -------- d-----w- C:\found.000

2012-06-08 17:10 . 2012-06-08 17:10 -------- d-----w- c:\users\Eric\AppData\Roaming\SUPERAntiSpyware.com

2012-06-08 17:09 . 2012-06-08 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-08 17:09 . 2012-06-08 17:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-08 05:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D68408E-D63C-4ACC-83D3-3ED7513A8D04}\mpengine.dll

2012-06-01 21:10 . 2009-12-05 23:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\ffdshow

2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\programdata\IObit

2012-06-01 21:10 . 2012-06-01 21:10 -------- d-----w- c:\program files\IObit

2012-06-01 17:49 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys

2012-06-01 17:49 . 2012-06-01 17:49 -------- d-----w- c:\program files\CPUID

2012-06-01 03:32 . 2012-06-01 03:32 -------- d-----w- c:\program files\Realtek

2012-05-28 18:07 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-28 18:07 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-28 18:07 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-28 18:07 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-05-28 18:07 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\Eric\AppData\Roaming\LolClient2

2012-05-21 17:45 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-21 17:44 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-21 17:44 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe

2012-05-21 17:44 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-21 17:44 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-21 17:44 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-21 17:44 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll

2012-05-21 12:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\programdata\WeCareReminder

2012-05-21 10:35 . 2012-05-21 10:35 -------- d-----w- c:\users\Eric\AppData\Roaming\OpenCandy

2012-05-21 10:35 . 2012-03-22 17:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll

2012-05-21 10:35 . 2012-04-18 17:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll

2012-05-21 02:37 . 2012-05-21 02:37 -------- d-----w- c:\program files\WinToFlash Suggestor

2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Common Files\Java

2012-05-21 01:51 . 2012-05-21 01:51 -------- d-----w- c:\program files\Oracle

2012-05-21 01:51 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-21 01:45 . 2012-05-21 01:46 -------- d-----w- c:\program files\Common Files\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-21 02:02 . 2012-04-09 11:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-21 02:02 . 2011-06-08 12:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-09 02:34 . 2011-11-18 18:56 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-04-06 02:34 . 2012-04-06 02:34 159232 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll

2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\system32\OVDecode.dll

2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\system32\amdocl.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll

2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe

2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe

2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll

2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\system32\atidxx32.dll

2012-04-06 02:00 . 2011-12-06 02:18 52736 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll

2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll

2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll

2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll

2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll

2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll

2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll

2012-04-06 01:09 . 2012-04-06 01:09 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2012-04-04 22:47 . 2011-07-07 06:20 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 19:56 . 2010-08-07 10:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-25 11:07 . 2011-05-06 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD1.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]

2012-04-09 13:03 301872 ----a-w- c:\program files\WinToFlash Suggestor\WinToFlashSuggestor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]

"Skytel"="Skytel.exe" [2008-07-16 1833504]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]

2012-03-13 09:37 3331872 ----a-w- c:\users\Eric\AppData\Local\Akamai\netsession_win.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2011-08-24 01:20 887976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCore]

2012-05-21 15:10 5092152 ----a-w- c:\program files\Logitech Gaming Software\LCore.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lycosa]

2011-03-22 01:01 233984 ----a-w- c:\program files\Razer\Razer Lycosa\razerhid.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]

2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2011-05-13 21:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]

2007-10-26 16:51 184352 ----a-w- c:\windows\System32\nvraidservice.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]

2011-12-12 23:21 22459984 ----a-w- c:\program files\ooVoo\ooVoo.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2012-02-25 21:21 3087440 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-07-16 23:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-02-04 17:27 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-10-19 01:21 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0415Mon.exe]

2008-08-06 21:00 28672 ----a-w- c:\windows\V0415Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VERIZONDM]

2010-09-29 10:59 206120 ----a-w- c:\program files\VERIZONDM\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]

2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

2011-05-10 16:01 5416794 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 257696]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BONJOUR_SERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:07]

.

2012-06-09 c:\windows\Tasks\Game_Booster_AutoUpdate.job

- c:\program files\IObit\Game Booster\AutoUpdate.exe [2012-06-01 15:21]

.

2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49]

.

2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 20:49]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to iPod Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm

IE: Free YouTube to Mp3 Converter - c:\users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zne32cu7.default\