Jump to content

Win 8 problem possable

Mwda

By Mwda
in Resolved Malware Removal Logs

 Share

Recommended Posts

Mwda

Mwda

Posted
Posted

Merged 3 post.

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

We where trying to get a mobel phone to connect with the computer via USB but could not so we called Verizon which finally said it must be a computer infection so he sent us, we thought, to MS tech support which said we are infected with a virus that could not be detected with malwarbytes or any AV program. We had run Malwarebytes and Avast programs that found nothing. Tech support sent us to a higher level person who pointed to some items in the "prefetch folder" as proof and told us that he could remove the backdoor infection for $200 dollars. We asked and he said he was not connected with MS so we stopped any contact. I am not sure that we where ever talking to MS tech support. Up shot is we think we may have a virus that is using a backdoor though we have no clear proof of this other then the questionableTech support assertion.

We ran Malwarebytes and root kit Malwarebytes with no results.

Asus "SonicMaster" ultrabook laptop computer

Win 8

Avast and Windows Firewall with Malwarebytes check

The tech support person pointed to the prefetch items listed here as Rundll32 as proof of the infection.

"C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf"

Prefetch items listed bellow are their after a deletion of all items in the prefetch folder and a reboot.

hijackthis log plus list of items in prefetch

=================================

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:07:00 PM, on 3/18/2013

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16518)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Online Backup\OnlineBackup.exe

C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe

C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe

C:\Users\JeanetteN\AppData\Roaming\SearchProtect\bin\cltmng.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

C:\Windows\syswow64\wwahost.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?

ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN29455329721650021&UM=2&UP=SPB6315E5A-FADF-4976-9A6C-

48E7DCEC7281

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: MixiDJ V8 Toolbar - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: GetSavin 5.0 - {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie

\getsavin_1363531801.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: MixiDJ V8 - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: MixiDJ V8 Toolbar - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact

\ASHelper.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe

O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget

\P0000000000000000" /M "XP-400 Series"

O4 - HKCU\..\Run: [searchProtect] C:\Users\JeanetteN\AppData\Roaming\SearchProtect\bin\cltmng.exe

O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-

491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://www.backup.com/user/webrestore.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey

\ASLDRSrv.exe

O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @oem7.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal

Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows

\system32\DptfParticipantProcessorService.exe (file missing)

O23 - Service: @oem7.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework

Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file

missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater

\GoogleUpdaterService.exe

O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService

\IntelMeFWService.exe

O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel®

Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files

(x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through

\PassThruSvr.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file

missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe

O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file

missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel

\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @oem8.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:

\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file

missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows

Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files

(x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15566 bytes

=======================================

list of prefetch files

"C:\Windows\Prefetch\ReadyBoot\rblayout.xin"

"C:\Windows\Prefetch\ReadyBoot\Trace1.fx"

"C:\Windows\Prefetch\ReadyBoot\Trace2.fx"

"C:\Windows\Prefetch\ReadyBoot\Trace3.fx"

"C:\Windows\Prefetch\ReadyBoot\Trace4.fx"

"C:\Windows\Prefetch\ACMON.EXE-039F45B0.pf"

"C:\Windows\Prefetch\ACOVS.EXE-2C6C215E.pf"

"C:\Windows\Prefetch\ACRORD32.EXE-153662D3.pf"

"C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf"

"C:\Windows\Prefetch\ADOBEARM.EXE-813E932C.pf"

"C:\Windows\Prefetch\ADOBECOLLABSYNC.EXE-3F5B152C.pf"

"C:\Windows\Prefetch\AgAppLaunch.db"

"C:\Windows\Prefetch\AgCx_S2_S-1-5-21-1919060137-1190633048-1460563888-1001.snp.db"

"C:\Windows\Prefetch\AgCx_SC1.db"

"C:\Windows\Prefetch\AgCx_SC1.db.trx"

"C:\Windows\Prefetch\AgCx_SC5.db"

"C:\Windows\Prefetch\AgGlFaultHistory.db"

"C:\Windows\Prefetch\AgGlFgAppHistory.db"

"C:\Windows\Prefetch\AgGlGlobalHistory.db"

"C:\Windows\Prefetch\AgRobust.db"

"C:\Windows\Prefetch\AMAZONCLOUDDRIVE.EXE-17FB41F5.pf"

"C:\Windows\Prefetch\ASUSTPCFG64.EXE-7A0C8A89.pf"

"C:\Windows\Prefetch\ASUSVIBE2.0.EXE-0908717F.pf"

"C:\Windows\Prefetch\ASUSVIBELAUNCHER.EXE-901B0E99.pf"

"C:\Windows\Prefetch\ASUSWSPANEL.EXE-379DF0C0.pf"

"C:\Windows\Prefetch\ATBROKER.EXE-8B8F7F7C.pf"

"C:\Windows\Prefetch\ATKOSD2.EXE-830E1513.pf"

"C:\Windows\Prefetch\AU_.EXE-4EDBB485.pf"

"C:\Windows\Prefetch\AU_.EXE-D53D2755.pf"

"C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf"

"C:\Windows\Prefetch\AUTHHOST.EXE-2D7C3758.pf"

"C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf"

"C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf"

"C:\Windows\Prefetch\AVASTUI.EXE-DC11C262.pf"

"C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf"

"C:\Windows\Prefetch\BITSADMIN.EXE-51D741B1.pf"

"C:\Windows\Prefetch\BU_.EXE-563CB68A.pf"

"C:\Windows\Prefetch\BU_.EXE-CFDB43BA.pf"

"C:\Windows\Prefetch\CAVWP.EXE-3E14ACA0.pf"

"C:\Windows\Prefetch\CCLEANER64.EXE-1137D9AC.pf"

"C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-58FC0582.pf"

"C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-242DE3C4.pf"

"C:\Windows\Prefetch\CFPCONFG.EXE-A9FE19C1.pf"

"C:\Windows\Prefetch\CFW_INSTALLER.EXE-17F59D26.pf"

"C:\Windows\Prefetch\CIS.EXE-7DDE53FE.pf"

"C:\Windows\Prefetch\CISBF.EXE-5C7FFF36.pf"

"C:\Windows\Prefetch\CISTRAY.EXE-D7F757B6.pf"

"C:\Windows\Prefetch\CLTMNG.EXE-B8F0815A.pf"

"C:\Windows\Prefetch\CLTMNG.EXE-E14AC8B0.pf"

"C:\Windows\Prefetch\CMDAGENT.EXE-78C04C12.pf"

"C:\Windows\Prefetch\CMDINSTALL.EXE-0A68BBF9.pf"

"C:\Windows\Prefetch\CMDVIRTH.EXE-D7511A98.pf"

"C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf"

"C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf"

"C:\Windows\Prefetch\CONTROL.EXE-5BCB0217.pf"

"C:\Windows\Prefetch\CSC.EXE-4D47A477.pf"

"C:\Windows\Prefetch\CSC.EXE-064435F2.pf"

"C:\Windows\Prefetch\CSRSS.EXE-A7A2B218.pf"

"C:\Windows\Prefetch\CTFMON.EXE-5E6E7DF5.pf"

"C:\Windows\Prefetch\CVTRES.EXE-84F07AF8.pf"

"C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf"

"C:\Windows\Prefetch\DEFRAG.EXE-22AD8A37.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-50DEE1CF.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-59F5A146.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-461712A4.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-7242160E.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-C7028A70.pf"

"C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf"

"C:\Windows\Prefetch\DPTFPOLICYLPMSERVICE.EXE-5981626A.pf"

"C:\Windows\Prefetch\DPTFPOLICYLPMSERVICEHELPER.EX-8EC05A62.pf"

"C:\Windows\Prefetch\DRAGON.EXE-F6903912.pf"

"C:\Windows\Prefetch\DRAGON.EXE-F6903915.pf"

"C:\Windows\Prefetch\DRAGON.EXE-F6903916.pf"

"C:\Windows\Prefetch\DRAGON.EXE-F6903919.pf"

"C:\Windows\Prefetch\DRAGON_UPDATER.EXE-277E571E.pf"

"C:\Windows\Prefetch\DRAGONSETUP.EXE-06668C80.pf"

"C:\Windows\Prefetch\DRVINST.EXE-26FFA444.pf"

"C:\Windows\Prefetch\DSMUSERTASK.EXE-D4A83970.pf"

"C:\Windows\Prefetch\DW20.EXE-DB97FF03.pf"

"C:\Windows\Prefetch\DWM.EXE-F29FE9E2.pf"

"C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf"

"C:\Windows\Prefetch\EXPRESSCACHE.EXE-90CF5D74.pf"

"C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf"

"C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf"

"C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-E0E5E52F.pf"

"C:\Windows\Prefetch\FREEALARMCLOCK.EXE-92BD2D09.pf"

"C:\Windows\Prefetch\GEEKBUDDYRSP.EXE-00F934D5.pf"

"C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf"

"C:\Windows\Prefetch\GRPCONV.EXE-926E9525.pf"

"C:\Windows\Prefetch\GRPCONV.EXE-D0333FE9.pf"

"C:\Windows\Prefetch\HCONTROL.EXE-752ABE5C.pf"

"C:\Windows\Prefetch\HECISERVER.EXE-AD396A6A.pf"

"C:\Windows\Prefetch\HELPER.EXE-FDD78328.pf"

"C:\Windows\Prefetch\HELPPANE.EXE-5A92E3D5.pf"

"C:\Windows\Prefetch\HKCMD.EXE-15DC91D5.pf"

"C:\Windows\Prefetch\HPQTRA08.EXE-97BDFA1A.pf"

"C:\Windows\Prefetch\HSMSERVICEENTRY.EXE-59F1E6CC.pf"

"C:\Windows\Prefetch\HTCSYNCMANAGER.EXE-1F03F570.pf"

"C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf"

"C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf"

"C:\Windows\Prefetch\IGFXEXT.EXE-B04096D5.pf"

"C:\Windows\Prefetch\IGFXSRVC.EXE-F41E6E8E.pf"

"C:\Windows\Prefetch\IGFXTRAY.EXE-21BDFE68.pf"

"C:\Windows\Prefetch\INSONWMI.EXE-D024CEF9.pf"

"C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf"

"C:\Windows\Prefetch\JAVA.EXE-4EF2C834.pf"

"C:\Windows\Prefetch\JAVAW.EXE-EF2DD849.pf"

"C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf"

"C:\Windows\Prefetch\LAUNCHER.EXE-4240042A.pf"

"C:\Windows\Prefetch\LAUNCHER_HELPER.EXE-F206875D.pf"

"C:\Windows\Prefetch\LAUNCHER_SERVICE.EXE-4698DC02.pf"

"C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf"

"C:\Windows\Prefetch\Layout.ini"

"C:\Windows\Prefetch\LIGHTSCRIBECONTROLPANEL.EXE-DCE20B68.pf"

"C:\Windows\Prefetch\LMS.EXE-409EDB07.pf"

"C:\Windows\Prefetch\LOGONUI.EXE-E35F76FB.pf"

"C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf"

"C:\Windows\Prefetch\MBAMSCHEDULER.EXE-E0C395DC.pf"

"C:\Windows\Prefetch\MBAMSERVICE.EXE-5C46DB66.pf"

"C:\Windows\Prefetch\MOVIEMAKER.EXE-A6401490.pf"

"C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf"

"C:\Windows\Prefetch\MSDT.EXE-A16F1692.pf"

"C:\Windows\Prefetch\MSFEEDSSYNC.EXE-C2C33DF2.pf"

"C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf"

"C:\Windows\Prefetch\MSIEXEC.EXE-BAE57A74.pf"

"C:\Windows\Prefetch\MSNMSGR.EXE-424B3DE6.pf"

"C:\Windows\Prefetch\MY_INTEL_CPP_X64.EXE-1A95AA96.pf"

"C:\Windows\Prefetch\NETSH.EXE-59756CAC.pf"

"C:\Windows\Prefetch\NETSH.EXE-355423B0.pf"

"C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf"

"C:\Windows\Prefetch\NOTEPAD.EXE-B28CC291.pf"

"C:\Windows\Prefetch\NOTEPAD.EXE-F0516D55.pf"

"C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf"

"C:\Windows\Prefetch\Op-EXPLORER.EXE-03C49D11-000000F5.pf"

"C:\Windows\Prefetch\PASSTHRUSVR.EXE-82F7BBA9.pf"

"C:\Windows\Prefetch\PfSvPerfStats.bin"

"C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf"

"C:\Windows\Prefetch\POWERCFG.EXE-14BEB11F.pf"

"C:\Windows\Prefetch\REG.EXE-CC1AF0A4.pf"

"C:\Windows\Prefetch\REGSVR32.EXE-3290E8FC.pf"

"C:\Windows\Prefetch\REGSVR32.EXE-E1DBB6D8.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf"

"C:\Windows\Prefetch\RUNDLL32.EXE-C9FC3476.pf"

"C:\Windows\Prefetch\RUNONCE.EXE-AAB0060C.pf"

"C:\Windows\Prefetch\RUNONCE.EXE-E874B0D0.pf"

"C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf"

"C:\Windows\Prefetch\SC.EXE-443D0E78.pf"

"C:\Windows\Prefetch\SCALC.EXE-5046D548.pf"

"C:\Windows\Prefetch\SDIAGNHOST.EXE-D8BC1DC6.pf"

"C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf"

"C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf"

"C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf"

"C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf"

"C:\Windows\Prefetch\SETUP_CLPS_BOOT_TIME_MONITOR_-3C5060EF.pf"

"C:\Windows\Prefetch\SETUP_CLPS_BROWSER_ADDONS_MON-BBC42489.pf"

"C:\Windows\Prefetch\SETUP_CLPS_CLIENT_TRANSACTION-992F173E.pf"

"C:\Windows\Prefetch\SETUP_CLPS_WINDOWS_EVENT_MONI-492DC639.pf"

"C:\Windows\Prefetch\SMSS.EXE-81AD91F0.pf"

"C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf"

"C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf"

"C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf"

"C:\Windows\Prefetch\SSVAGENT.EXE-03CE9021.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-5B401A7E.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-574A519D.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-3395AAB7.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-5511E724.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-B7E95B0C.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-BD1BACA1.pf"

"C:\Windows\Prefetch\SVCHOST.EXE-F76F2CFA.pf"

"C:\Windows\Prefetch\SWRITER.EXE-FDA9E68A.pf"

"C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf"

"C:\Windows\Prefetch\TABTIP.EXE-58E52E53.pf"

"C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf"

"C:\Windows\Prefetch\TASKENG.EXE-23205583.pf"

"C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf"

"C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf"

"C:\Windows\Prefetch\TASKHOST.EXE-D687BE54.pf"

"C:\Windows\Prefetch\TASKHOST.EXE-F2C7AEBC.pf"

"C:\Windows\Prefetch\TASKHOSTEX.EXE-7356AAC0.pf"

"C:\Windows\Prefetch\TASKMGR.EXE-39AABA37.pf"

"C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf"

"C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf"

"C:\Windows\Prefetch\UNINSTALL.EXE-4C83D450.pf"

"C:\Windows\Prefetch\UNINSTALL.EXE-8DDEB871.pf"

"C:\Windows\Prefetch\UNINSTALL.EXE-641B5087.pf"

"C:\Windows\Prefetch\UNINSTALL.EXE-AB0C8B25.pf"

"C:\Windows\Prefetch\UNINSTALL.EXE-CF399C92.pf"

"C:\Windows\Prefetch\UNIT.EXE-7102C278.pf"

"C:\Windows\Prefetch\UNIT_MANAGER.EXE-A10E606A.pf"

"C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf"

"C:\Windows\Prefetch\UNSECAPP.EXE-454AB5C0.pf"

"C:\Windows\Prefetch\USERINIT.EXE-7FD17ED1.pf"

"C:\Windows\Prefetch\VDECK.EXE-815C8D0F.pf"

"C:\Windows\Prefetch\VIAAUD.EXE-93054CC8.pf"

"C:\Windows\Prefetch\VIRTKIOSK.EXE-87F784B1.pf"

"C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf"

"C:\Windows\Prefetch\VSSVC.EXE-206E55B3.pf"

"C:\Windows\Prefetch\WELCOME_SCREEN.EXE-7E1FAA87.pf"

"C:\Windows\Prefetch\WERFAULT.EXE-44194444.pf"

"C:\Windows\Prefetch\WERMGR.EXE-D948C216.pf"

"C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf"

"C:\Windows\Prefetch\WLCOMM.EXE-D12936DC.pf"

"C:\Windows\Prefetch\WLMAIL.EXE-A89F57F3.pf"

"C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf"

"C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf"

"C:\Windows\Prefetch\WMIPRVSE.EXE-0C8A533A.pf"

"C:\Windows\Prefetch\WMIPRVSE.EXE-BB49B536.pf"

"C:\Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf"

Are we infected or is this all nothing?

Thank you for the help you may offer.

Marshall

I am sorry that I did not run DDS as requested in the first part of the forum. I had not read that but here are the two txt files, first dds.txt then attach.txt.

Thank you for any help you offer

Marshall

=========================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2

Run by JeanetteN at 13:05:58 on 2013-03-19

Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3982.1015 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

C:\Windows\system32\DptfParticipantProcessorService.exe

C:\Windows\system32\dashost.exe

C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\igfxpers.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Online Backup\OnlineBackup.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe

C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\splwow64.exe

C:\Windows\syswow64\wwahost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus13.msn.com

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://asus13.msn.com

mURLSearchHooks: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: GetSavin 5.0: {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie\getsavin_1363531801.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

TB: MixiDJ V8 Toolbar: {E4C3A8B6-7724-45D1-A629-17B69118EBCD} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe

uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

StartupFolder: C:\Users\JEANET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} - hxxps://www.backup.com/user/webrestore.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\24F6F63747D4F62696C656023547F627560275966496 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\C6776796C63756D696075726C69636 : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe

x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe

x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\JeanetteN\AppData\Roaming\Mozilla\Firefox\Profiles\nf8bx0p3.default-1363265529755\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=3&q={searchTerms}&CUI=UN33930829371937960

FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN33930829371937960&UM=UM_ID&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-02-07 18:05; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

FF - ExtSQL: 2013-02-12 14:09; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-03-14 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-17 65336]

R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-12-6 95024]

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]

R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-2-12 1025808]

R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-2-12 377920]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-12-6 23344]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-2-12 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-2-12 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-17 45248]

R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-9-28 29056]

R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]

R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-6 129856]

R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-12-6 193576]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-6 166720]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-17 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-17 682344]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-6 365376]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-28 27792]

R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-2-7 109064]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]

R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]

R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-9-28 107328]

R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-9-28 42816]

R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-9-28 64832]

R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-9-28 96064]

R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-9-28 228672]

R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-9-28 361792]

R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-28 21152]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-28 342528]

R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-12-6 43800]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-28 110744]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-17 24176]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2203792]

S2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2012-9-28 36224]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]

S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]

S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-7-13 101504]

S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-17 178624]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\Drivers\ANDROIDUSB.sys [2013-3-17 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\Drivers\htcnprot.sys [2012-12-7 36928]

S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-2-12 23552]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-03-18 19:05:19 388096 ----a-r- C:\Users\JeanetteN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-03-18 19:05:19 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-03-18 02:36:11 -------- d-----w- C:\ProgramData\COMODO

2013-03-18 02:35:56 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Comodo

2013-03-18 02:35:51 50952 ----a-w- C:\Windows\System32\certsentry.dll

2013-03-18 02:35:45 -------- d-----w- C:\Program Files (x86)\Comodo

2013-03-18 02:35:43 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2013-03-18 00:50:01 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-03-18 00:50:01 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-03-17 22:51:01 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Malwarebytes

2013-03-17 22:50:53 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-17 22:50:53 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-17 22:50:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-17 21:38:54 -------- d-----w- C:\Program Files (x86)\Citrix

2013-03-17 21:38:42 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Citrix

2013-03-17 21:38:41 103832 ----a-w- C:\Users\JeanetteN\GoToAssistDownloadHelper.exe

2013-03-17 21:02:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC Sync

2013-03-17 21:02:01 -------- d-----w- C:\Users\JeanetteN\AppData\Local\HTC MediaHub

2013-03-17 21:00:59 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2013-03-17 19:18:57 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-03-17 17:08:31 -------- d-----w- C:\Program Files\HTC

2013-03-17 16:29:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC

2013-03-17 16:29:13 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apple Computer

2013-03-17 16:29:05 -------- d-----w- C:\ProgramData\Motorola

2013-03-17 16:27:05 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Downloaded Installations

2013-03-17 16:26:07 -------- d-----w- C:\Program Files (x86)\HTC

2013-03-17 16:25:25 33736 ----a-w- C:\Windows\System32\drivers\ANDROIDUSB.sys

2013-03-17 16:25:25 1122664 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll

2013-03-17 16:25:24 -------- d-----w- C:\ProgramData\HTC

2013-03-17 16:01:23 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Mp3do

2013-03-17 16:01:11 -------- d-----w- C:\Program Files (x86)\mp3do

2013-03-17 15:08:28 -------- d-----w- C:\Program Files (x86)\Free Convert All Music Audio Converter Gold

2013-03-17 15:01:08 -------- d-----w- C:\Program Files (x86)\Conduit

2013-03-17 15:01:06 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Conduit

2013-03-17 15:01:06 -------- d-----w- C:\Program Files (x86)\MixiDJ_V8

2013-03-17 14:51:36 -------- d-----w- C:\Users\JeanetteN\AppData\Local\getsavin

2013-03-15 13:46:55 -------- d-----w- C:\Program Files\Common Files\EPSON

2013-03-15 13:46:48 -------- d-----w- C:\ProgramData\EPSON

2013-03-15 13:46:30 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL

2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBE.DLL

2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBA.DLL

2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBE.DLL

2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBA.DLL

2013-03-14 13:04:46 -------- d-----w- C:\Program Files (x86)\NCH Software

2013-03-13 16:44:47 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apps

2013-03-13 02:29:04 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-03-13 02:29:03 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-03-13 02:29:00 2246656 ----a-w- C:\Windows\System32\wininet.dll

2013-03-11 02:00:08 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-03-10 18:54:14 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-03-10 18:03:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-03 03:55:39 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-03 03:55:39 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-28 15:29:59 -------- d-----w- C:\Users\JeanetteN\dwhelper

2013-02-27 21:08:12 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2013-02-27 21:08:12 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-02-27 21:08:12 1010688 ----a-w- C:\Windows\System32\reseteng.dll

2013-02-25 05:36:51 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Airytec

2013-02-25 05:35:59 -------- d-----w- C:\Program Files\Airytec

2013-02-24 15:16:01 -------- d-----w- C:\Program Files (x86)\FreeAlarmClock

2013-02-21 01:07:20 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-19 19:20:44 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Aimersoft

2013-02-19 19:20:44 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft

2013-02-19 19:20:30 -------- d-----w- C:\Program Files (x86)\Aimersoft

.

==================== Find3M ====================

.

2013-03-19 17:51:02 401 ----a-w- C:\Users\JeanetteN\AppData\Roaming\sp_data.sys

2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr

2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:44:27 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll

2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll

2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll

2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe

2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe

2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll

2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll

2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll

2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll

2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll

2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll

2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll

2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll

2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll

2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll

2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll

2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll

2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll

2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll

2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-12 01:02:34 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe

2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe

.

============= FINISH: 13:06:34.82 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

attach.txt

=======================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume1

Install Date: 2/9/2013 10:44:06 PM

System Uptime: 3/19/2013 12:50:20 PM (1 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | S400CA

Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 186 GiB total, 120.414 GiB free.

D: is FIXED (NTFS) - 258 GiB total, 257.679 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP13: 3/18/2013 1:43:28 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

6400_Help

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) MUI

Adobe Shockwave Player 12.0

Advanced MP3 Converter Windows 8 1.1

Aimersoft DVD Creator(Build 2.6.5)

Airytec Switch Off

Alcor Micro USB Card Reader

Amazon Cloud Drive

ASUS Instant Connect

ASUS InstantOn

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS Smart Gesture

ASUS Splendid Video Enhancement Technology

ASUS Tutor

ASUS USB Charger Plus

ASUS VivoBook

ASUS WebStorage Sync Agent

AsusVibe2.0

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATK Package

Auslogics Disk Defrag

avast! Free Antivirus

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

D3DX10

Destinations

DeviceDiscovery

DocProc

EPSON XP-400 Series Printer Uninstall

ExpressCache

Fax

Free Alarm Clock 2.7.1

GetSavin

Google Drive

Google Update Helper

GPBaseService2

HiJackThis

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP OfficeJet J6400 14.0 Rel. 6

HP Solution Center 14.0

HP Update

HPProductAssistant

HPSSupply

HTC Driver Installer

HTC Sync Manager

Intel® Dynamic Platform and Thermal Framework

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Start Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

IPTInstaller

iSEEK AnswerWorks English Runtime

J6400

Java 7 Update 17

Java Auto Updater

Junk Mail filter update

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

LightScribe System Software

Magical Jelly Bean KeyFinder

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft Application Error Reporting

Microsoft Office

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MixiDJ V8 Toolbar

Movie Maker

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

Network64

OCR Software by I.R.I.S. 14.0

Online Backup

OpenOffice.org 3.4.1

Photo Common

Photo Gallery

PhotoScape

Picasa 3

Pixillion Image Converter

Platform

ProductContext

Qualcomm Atheros Client Installation Program

Quicken 2012

Scan

Shared C Run-time for x64

Shop for HP Supplies

Skype Click to Call

Skype™ 6.2

SolutionCenter

Status

swMSM

Toolbox

TrayApp

VIA Platform Device Manager

Wajam

WebReg

Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

WModem Driver Installer

.

==== Event Viewer Messages From Past Week ========

.

3/19/2013 12:50:23 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

3/18/2013 4:15:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

.

==== End Of File ===========================

Another note: I have deleted again the Prefetch folder and this time unlike the first time when the computer was rebooted many items where gone. I rebooted a second and third time and each time I rebooted the prefetch folder had more items in it. This is a list of the items that where in the PF folder after the last reboot. The items that the "tech person" pointed to as proof of a backdoor are gone though they may come back.

=============================================

Pf after deletion and 3 reboots

"C:\Windows\Prefetch\ReadyBoot"

"C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf"

"C:\Windows\Prefetch\AgAppLaunch.db"

"C:\Windows\Prefetch\AgGlFaultHistory.db"

"C:\Windows\Prefetch\AgGlFgAppHistory.db"

"C:\Windows\Prefetch\AgGlGlobalHistory.db"

"C:\Windows\Prefetch\AgRobust.db"

"C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf"

"C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf"

"C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf"

"C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf"

"C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf"

"C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf"

"C:\Windows\Prefetch\CSC.EXE-4D47A477.pf"

"C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf"

"C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf"

"C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf"

"C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf"

"C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf"

"C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf"

"C:\Windows\Prefetch\HPWUSCHD2.EXE-70D5B7CD.pf"

"C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf"

"C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf"

"C:\Windows\Prefetch\LMS.EXE-409EDB07.pf"

"C:\Windows\Prefetch\LPKSETUP.EXE-EE6EE0C2.pf"

"C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf"

"C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf"

"C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf"

"C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf"

"C:\Windows\Prefetch\PfSvPerfStats.bin"

"C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf"

"C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-9AE42873.pf"

"C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf"

"C:\Windows\Prefetch\SCALC.EXE-5046D548.pf"

"C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf"

"C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf"

"C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf"

"C:\Windows\Prefetch\SIMPRESS.EXE-A76BBA08.pf"

"C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf"

"C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf"

"C:\Windows\Prefetch\SPLWOW64.EXE-853292E2.pf"

"C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf"

"C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf"

"C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf"

"C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf"

"C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf"

"C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf"

"C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf"

"C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf"

"C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf"

"C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf"

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Disregard what you were "told" by the questionable 3rd-party so-called "help".

It's quite normal for the prefetch folder to have many items in it, including some that may be rundll32.

You were given a lot of "bunk talk" from them trying to lure you into paying a lot of money for bogus "help".

Follow my guidance and do as much as possible of the following.

To show all files:

  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in 
    explorer.exe

    and press Enter

  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.

Re-Enable your antivirus program when all done.

Press and hold Windows-key & then press R key to get the RUN menu.

Type in 

appwiz.cpl

and press Enter

While in Add-or-Remove Prorams,

Locate and then select HijackThis and then right click it & select Uninstall.

HijackThis is an obsolete tool, rarely used anymore.

Close Control Panel when done.

Link to post
Share on other sites
Mwda

Mwda

Posted
  • Author
Posted

Thank you very much for your response. I did as you instructed and Dr Web found nothing however this may not be fair. I was impatient and after 5 days waiting I posted at BleepingComputers and they instructed me to run 3 programs, ADWCleaner, which found and removed a program called "Conduit", then "Junkware Removal Tool", which did not find much of anything, and last "Rouge Killer", which found a trojan called "Rans.Gendarm" and removed it.

You are right though because whille my sister was waiting for me to find something she called Verizon again and they evedently where able to get the HTC program to communicate with her HTC-DNA mobel phone. It really was a problem with the software that Verizon uses to comunicate with the phone. I still do not know how Verizon could tell us that we where getting a Microsoft tech support person when we where clearly not getting that support. I also don't know how they could charge $200, almost half the price of the laptop.

I thank you for the information about prefetch which is not like my XP computer for it seems to have only one item in prefetch however it is clear that win 7 and win 8 do things a lot different when it comes to prefetch.

I am very happy with the service that Malwarebytes has offered over the years and will recomend them to anyone.

Thank you again for your help

Marshall D'Arcy

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

You should delete DrWeb Cure-it. You should remember that various versions of Windows -do- use the prefetch, and there is no need to be concerned about it, nor to count how many there are.

The only time we very look at it, is -if- and only if there is a malware hiding there. Those are rare these days.

Glad to have helped. I'll now close this thread.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.