Svchost.exe keeps poping out

[mirekti]

Hi there,

I've been infected with something and I can see Malwarebytes keep putting svchost.exe into quarantine.

I really need some help here. Thank you!!!

Here is DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2

Run by Milan at 19:46:55 on 2013-03-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7987.4457 [GMT -5:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Users\Milan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\SysWOW64\nlssrv32.exe

C:\Windows\SysWOW64\NMSAccessU.exe

C:\Windows\SysWOW64\o2flash.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Fujitsu\PSUtility\PSUService.exe

C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSierra.exe

C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Xobni\XobniService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe

C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\AM-Notebook\notebook.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Tablet\Wacom\WacomHost.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit = userinit.exe,

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Giant Savings Extension: {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Milan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

uRun: [AdobeBridge] <no file>

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Milan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AM-NOT~1.LNK - C:\Program Files (x86)\AM-Notebook\notebook.exe

StartupFolder: C:\Users\Milan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\Users\Milan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - <no file>

IE: Lookup on Wikipedia - <no file>

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 12.159.30.2

TCP: Interfaces\{4D4F1672-E23E-422B-BC5E-13FED4A9B329} : DHCPNameServer = 12.159.30.2

TCP: Interfaces\{4D4F1672-E23E-422B-BC5E-13FED4A9B329}\16474777966696 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{4D4F1672-E23E-422B-BC5E-13FED4A9B329}\84971647470205C616365602751696B696B696 : DHCPNameServer = 8.8.8.8 4.4.4.4

TCP: Interfaces\{4D4F1672-E23E-422B-BC5E-13FED4A9B329}\84F6C69646169794E6E654870727563737 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{4D4F1672-E23E-422B-BC5E-13FED4A9B329}\D416579675966496 : DHCPNameServer = 192.168.0.9

TCP: Interfaces\{4D4F1672-E23E-422B-BC5E-13FED4A9B329}\E435E4D27455543545 : DHCPNameServer = 93.183.10.6 93.183.16.7

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe

x64-Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

x64-Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

x64-Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe

x64-Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [ptndhe] rundll32.exe "C:\Users\Milan\AppData\Roaming\ptndhe.dll",HriCreatePhonebookEntry

x64-Run: [mbcotb] "C:\Windows\System32\rundll32.exe" "C:\Users\Milan\AppData\Roaming\mbcotb.dll",Node_Free

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d9xqldwl.default\

FF - prefs.js: network.proxy.type - 2

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Users\Milan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-02-04 20:08; ytd@mybrowserbar.com; C:\Program Files (x86)\YTD Toolbar\FF

FF - ExtSQL: !HIDDEN! 2013-03-11 18:35; {1be4e4a5-b29a-4f53-82c7-1b1cf71f5c7a}; C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d9xqldwl.default\extensions\{1be4e4a5-b29a-4f53-82c7-1b1cf71f5c7a}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Milan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-7-25 107520]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-9-4 66560]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-4-13 88576]

R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-29 63336]

R2 QDLService2kSierra;Qualcomm Gobi 2000 Download Service (Sierra);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSierra.exe [2010-3-15 330488]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-11 3467768]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-16 2314240]

R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2012-12-21 613760]

R2 XobniService;XobniService;C:\Program Files\Xobni\XobniService.exe [2012-4-9 62184]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-7-16 294064]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2012-7-16 7296]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-7-16 56344]

R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-21 13728]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-7-16 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-16 317440]

R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2010-5-10 57576]

R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2010-4-27 56040]

R3 qcfiltersra2k;Gobi 2000 USB Composite Device Filter Driver(1199-9001);C:\Windows\System32\drivers\qcfiltersra2k.sys [2010-3-15 6400]

R3 qcusbnetsra2k;Gobi 2000 USB-NDIS miniport(1199-9001);C:\Windows\System32\drivers\qcusbnetsra2k.sys [2010-3-15 242176]

R3 qcusbsersra2k;Gobi 2000 USB Device for Legacy Serial Communication(1199-9001);C:\Windows\System32\drivers\qcusbsersra2k.sys [2010-3-15 121600]

R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-21 81312]

R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-21 15776]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-6 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-6 682344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-6 24176]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-2-24 31800]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-16 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\ConTEXT.exe="C:\Program Files (x86)\ConTEXT\ConTEXT.exe" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-03-12 00:34:02 20480 ----a-w- C:\Windows\svchost.exe

2013-03-12 00:16:20 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-03-11 23:44:37 -------- d-----w- C:\Users\Milan\AppData\Roaming\AVG2013

2013-03-11 23:43:59 -------- d-----w- C:\Users\Milan\AppData\Roaming\TuneUp Software

2013-03-11 23:43:05 -------- d--h--w- C:\$AVG

2013-03-11 23:43:05 -------- d-----w- C:\ProgramData\AVG2013

2013-03-11 23:39:28 -------- d-----w- C:\Users\Milan\AppData\Local\MFAData

2013-03-11 23:39:28 -------- d-----w- C:\Users\Milan\AppData\Local\Avg2013

2013-03-11 23:34:26 -------- d--h--w- C:\Users\Milan\AppData\Roaming\B93CF104

2013-03-09 09:32:05 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F02A1C4C-816E-449B-8BC1-D6CB1E356A2A}\mpengine.dll

2013-03-06 07:33:32 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-06 07:32:56 -------- d-----w- C:\Users\Milan\AppData\Roaming\Malwarebytes

2013-03-06 07:32:49 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-06 07:32:49 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-06 07:32:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-06 06:58:32 -------- d-----w- C:\TDSSKiller_Quarantine

2013-03-05 23:18:32 -------- d-----w- C:\Users\Milan\AppData\Roaming\Yzihm

2013-03-05 23:18:32 -------- d-----w- C:\Users\Milan\AppData\Roaming\Kyhok

2013-03-05 18:36:21 -------- d-----w- C:\cygwin

2013-02-28 14:34:03 -------- d-----w- C:\Users\Milan\Tracing

2013-02-28 14:32:33 -------- d-----w- C:\ProgramData\Applications

2013-02-26 21:57:05 -------- d-----w- C:\TorrentStream

2013-02-26 21:56:56 -------- d-----w- C:\Users\Milan\AppData\Roaming\.Torrent Stream

2013-02-26 21:24:00 -------- d-----w- C:\Users\Milan\AppData\Roaming\TorrentStream

2013-02-26 21:14:11 -------- d-----w- C:\Program Files (x86)\SopCast

2013-02-25 22:36:33 -------- d-----w- C:\Users\Milan\AppData\Local\Xobni

2013-02-25 22:36:05 -------- d-----w- C:\Program Files\Xobni

2013-02-25 01:27:08 -------- d-----w- C:\FLAV

2013-02-25 01:21:33 -------- d-----w- C:\Users\Milan\AppData\Local\VS Revo Group

2013-02-25 01:21:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2013-02-25 01:21:31 -------- d-----w- C:\ProgramData\VS Revo Group

2013-02-25 01:21:30 -------- d-----w- C:\Program Files\VS Revo Group

2013-02-25 01:21:23 -------- d-----w- C:\Users\Milan\AppData\Local\Programs

2013-02-25 01:13:26 -------- d-----w- C:\FlashAudio

2013-02-25 01:09:55 -------- d-----w- C:\ProgramData\Auto Updater

2013-02-25 01:09:54 -------- d-----w- C:\Program Files (x86)\Auto Updater

2013-02-25 01:06:10 -------- d-----w- C:\Users\Milan\AppData\Local\ExeOutput

2013-02-25 01:03:10 -------- d-----w- C:\ProgramData\Boxtools

2013-02-25 01:02:38 756736 ----a-w- C:\Windows\SysWow64\LameACM.acm

2013-02-25 01:02:38 -------- d-----w- C:\Program Files (x86)\Common Files\VisioForge Shared

2013-02-25 01:02:35 -------- d-----w- C:\Program Files (x86)\Boxoft Free FLV to MP3 Converter(freeware)

2013-02-24 23:44:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-24 23:44:23 -------- d-----w- C:\Program Files\iTunes

2013-02-24 23:44:23 -------- d-----w- C:\Program Files\iPod

2013-02-24 23:44:23 -------- d-----w- C:\Program Files (x86)\iTunes

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-15 15:46:48 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-15 05:19:11 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-15 05:19:11 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 17:47:22 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 17:47:21 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 17:47:21 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 17:47:15 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 17:47:15 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 17:47:15 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 17:47:15 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 17:47:15 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 17:47:15 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 17:47:15 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 17:47:14 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 17:47:14 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-11 21:21:13 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

.

==================== Find3M ====================

.

2013-03-06 07:33:29 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-06 07:33:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-26 23:12:31 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-26 23:12:31 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-13 19:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-12-13 19:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

.

============= FINISH: 19:47:11.80 ===============

Here is Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 7/16/2012 7:59:02 PM

System Uptime: 3/11/2013 7:20:33 PM (0 hours ago)

.

Motherboard: FUJITSU | | FJNB210

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | Onboard | 2400/133mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 50 GiB total, 34.087 GiB free.

C: is FIXED (NTFS) - 112 GiB total, 46.246 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 22.235 GiB free.

F: is CDROM ()

J: is FIXED (NTFS) - 1863 GiB total, 641.886 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP102: 3/11/2013 6:42:35 PM - Installed AVG 2013

RP103: 3/11/2013 6:42:49 PM - Installed AVG 2013

RP105: 3/11/2013 7:14:33 PM - Revo Uninstaller Pro's restore point - VUDU To Go

RP106: 3/11/2013 7:14:40 PM - Removed VUDU To Go

RP108: 3/11/2013 7:16:06 PM - Revo Uninstaller Pro's restore point - HTC Sync Manager

RP109: 3/11/2013 7:16:14 PM - Removed HTC Sync Manager.

RP111: 3/11/2013 7:17:01 PM - Revo Uninstaller Pro's restore point - EOSCount ActiveX control

RP112: 3/11/2013 7:17:15 PM - Removed EOSCount ActiveX control

RP114: 3/11/2013 7:17:46 PM - Revo Uninstaller Pro's restore point - Leawo iTransfer version 1.4.0.1106

RP116: 3/11/2013 7:18:29 PM - Revo Uninstaller Pro's restore point - ERUNT 1.1j

RP118: 3/11/2013 7:18:50 PM - Revo Uninstaller Pro's restore point - ieSpell

RP120: 3/11/2013 7:19:31 PM - Revo Uninstaller Pro's restore point - YTD Toolbar v7.0

RP121: 3/11/2013 7:19:39 PM - Removed YTD Toolbar v7.0.

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS6

Adobe Photoshop Lightroom 4.2 64-bit

Adobe Reader X (10.1.6)

Adobe Shockwave Player 11.6

AM-Notebook 5.0.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

Auto Updater 1.2.0.3

AVG 2013

Battery Utility

Bonjour

Canon Utilities Digital Photo Professional 3.11

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities ImageBrowser EX

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Cardbus Smartcard Reader Driver (x64)

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cisco Systems VPN Client 5.0.07.0290

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Color Efex Pro 4

ConTEXT v0.98.6

DefaultTab

DefaultTab Chrome

Flash Player Pro V5.4

foobar2000 v1.1.18

Fujitsu Display Manager

Fujitsu Hotkey Utility

Giant Savings Extension

Google Chrome

HTC Driver Installer

iCloud

IMS Customization Tools

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Network Connections Drivers

iTunes

Java 7 Update 17

Java Auto Updater

Java 7 Update 3 (64-bit)

JavaFX 2.1.1

JGsoft PowerGREP 3 v.3.5.5

JGsoft PowerGREP 4 DEMO 4.2.0

Juniper Networks Host Checker

Juniper Networks, Inc. Setup Client

Juniper Networks, Inc. Setup Client Activex Control

Lame ACM MP3 Codec

LifeBook Application Panel

Magic ISO Maker v5.5 (build 0281)

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Croatian) 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (Croatian) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (Croatian) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (Croatian) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Language Pack 2010 - Croatian/Hrvatski

Microsoft Office Live Meeting 2007

Microsoft Office O MUI (Croatian) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Croatian) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (Croatian) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (Croatian) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Croatian) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Italian) 2010

Microsoft Office Proof (Serbian (Latin)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Croatian) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (Croatian) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (Croatian) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (Croatian) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (Croatian) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office X MUI (Croatian) 2010

Microsoft Outlook Web Access S/MIME (2007)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Mp3tag v2.53

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Notepad++

O2Micro Flash Memory Card Windows Driver

OZ711 SCR Driver (x64)

PDF Settings CS6

Photodex Presenter

Photomatix Pro version 4.2.4

Power Saving Utility

PrimoPDF -- brought to you by Nitro PDF Software

ProShow Producer

Qualcomm Gobi 2000 Package for Sierra

QuickTime

Realtek High Definition Audio Driver

Revo Uninstaller Pro 3.0.1

RSA SecurID Software Token

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Silver Efex Pro 2

Skype™ 6.1

Snagit 10.0.2

SopCast 3.5.0

swMSM

SyncBackPro

TeamViewer 8

TeamViewer Packages

Technitium MAC Address Changer v6.0.3

Total Commander 64-bit (Remove or Repair)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VanDyke Software SecureCRT 6.2

Veetle TV

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.5

Wacom Tablet

WebEx

WebTablet FB Plugin 32 bit

WebTablet FB Plugin 64 bit

WinPcap 4.1.2

WinRAR 4.20 (64-bit)

Wireshark 1.8.5 (64-bit)

Xobni

Xobni Core

YTD Video Downloader 3.9.6

.

==== Event Viewer Messages From Past Week ========

.

3/6/2013 2:19:32 AM, Error: Service Control Manager [7034] - The syshost32 service terminated unexpectedly. It has done this 1 time(s).

3/5/2013 1:30:47 PM, Error: Service Control Manager [7030] - The BrlAPI service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/11/2013 7:21:05 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

3/11/2013 7:20:57 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

3/11/2013 1:09:44 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'O2Micro PCMCIA Reader 0' rejected IOCTL TRANSMIT: The request could not be performed because of an I/O device error. If this error persists, your smart card or reader may not be functioning correctly. Command Header: 00 a4 04 00

.

==== End Of File ===========================

Apart from that, and before I ran DDS.com I tried to fix some issues by deleting some files/entries after the scan and now I can see there is a problem when starting the system with ...\AppData\Roaming\ptndhe.dll and mbcotb.dll.

Do you have any idea what these missing .dll might be?

Thanks!!

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[gringo_pr]

removed

[mirekti]

Time : 11/03/2013 20:38:27

--------------------------

ERROR [KB01312979.exe.vir] -> C:\Users\Milan\AppData\Roaming\KB01312979.exe

ERROR [ptndhe.dll.vir] -> C:\Users\Milan\AppData\Roaming\ptndhe.dll

ERROR [mbcotb.dll.vir] -> C:\Users\Milan\AppData\Roaming\mbcotb.dll

ERROR [KB01312979.exe.vir] -> C:\Users\Milan\AppData\Roaming\KB01312979.exe

[mirekti]

RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Milan [Admin rights]

Mode : Scan -- Date : 03/11/2013 20:38:27

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : KB01312979.exe ("C:\Users\Milan\AppData\Roaming\KB01312979.exe") [x] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : ptndhe (rundll32.exe "C:\Users\Milan\AppData\Roaming\ptndhe.dll",HriCreatePhonebookEntry) [x] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : mbcotb ("C:\Windows\System32\rundll32.exe" "C:\Users\Milan\AppData\Roaming\mbcotb.dll",Node_Free) [7] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-714887494-1001003831-3927643702-1000[...]\Run : KB01312979.exe ("C:\Users\Milan\AppData\Roaming\KB01312979.exe") [x] -> FOUND

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

[TASK][ROGUE ST] 4678 : wscript.exe C:\Users\Milan\AppData\Local\Temp\launchie.vbs //B -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> B:\windows\system32\config\SOFTWARE

-> B:\windows\system32\config\SYSTEM

-> B:\Documents and Settings\Administrator\NTUSER.DAT

-> B:\Documents and Settings\All Users\NTUSER.DAT

-> B:\Documents and Settings\Default User\NTUSER.DAT

-> B:\Documents and Settings\hr1uz0v9\NTUSER.DAT

-> B:\Documents and Settings\LocalService\NTUSER.DAT

-> B:\Documents and Settings\NetworkService\NTUSER.DAT

-> B:\Documents and Settings\wixxxcat\NTUSER.DAT

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545016B9A300 ATA Device +++++

--- User ---

[MBR] d25dfdb5cc311e480f99e0c8d7bbceda

[bSP] ffbfec809c4f90527587665f41c8ce5c : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 51206 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104872320 | Size: 101418 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: KINGSTON SH100S3120G ATA Device +++++

--- User ---

[MBR] e5e8e70c9dc057da7f0fdc9f6d6e810b

[bSP] eee7db39a791b094b08e610fd65ed3b2 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 00942b8edad6aa9a9b6cef662038702c

[bSP] eee7db39a791b094b08e610fd65ed3b2 : Windows 7/8 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

Finished : << RKreport[1]_S_03112013_02d2038.txt >>

RKreport[1]_S_03112013_02d2038.txt

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : KB01312979.exe ("C:\Users\Milan\AppData\Roaming\KB01312979.exe") [x] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : ptndhe (rundll32.exe "C:\Users\Milan\AppData\Roaming\ptndhe.dll",HriCreatePhonebookEntry) [x] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : mbcotb ("C:\Windows\System32\rundll32.exe" "C:\Users\Milan\AppData\Roaming\mbcotb.dll",Node_Free) [7] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-714887494-1001003831-3927643702-1000[...]\Run : KB01312979.exe ("C:\Users\Milan\AppData\Roaming\KB01312979.exe") [x] -> FOUND

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

[TASK][ROGUE ST] 4678 : wscript.exe C:\Users\Milan\AppData\Local\Temp\launchie.vbs //B -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]

Now click Delete on the right hand column under Options

-------------

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[mirekti]

It worked like a charm, thanks!!

mbar-log-2013-03-11 (22-58-20).txt

system-log.txt

[MrCharlie]

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!