100% Computer Usage svchost.exe malware and avast detects nothing

[robins]

I've had this problem on my other laptop for a year and cannot get rid of the virus. Malware and avast detect nothing. i was reading someone elses forum and did combofix with a few fixes and then ran the eset scanner just to see if maybe it would detect something else. One of the problems on combo fix was unwise.exe I know my computer is not cured. I went thru this whole process once before on the other computer to find the 100% usage come back again.

Anyone figured out a way to get rid of this "non virus" 100% usage computer problem? Its a nasty one.

Robin

[Maniac]

Hello Robin and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Next, follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

[robins]

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2

Run by Owner at 8:25:17 on 2013-05-06

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1663 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\System32\WLTRAY.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\dlbkcoms.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={B1B8F380-AFF6-11E2-91B9-0023AE1E50D1}

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

TCP: NameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{53FAF299-2101-492C-B2A9-14F03B4AADC7} : NameServer = 8.8.8.8,4.2.2.4

TCP: Interfaces\{53FAF299-2101-492C-B2A9-14F03B4AADC7} : DHCPNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{C8F1C93B-51CB-44F9-9B8F-369218CD1CB1} : DHCPNameServer = 192.168.0.1

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-8 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-8 174664]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-25 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-25 368944]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-2-20 81920]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-25 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-25 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-25 46808]

R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

.

=============== Created Last 30 ================

.

2013-05-06 03:53:15 -------- d-----w- c:\program files\ESET

2013-05-06 03:41:57 -------- d-sh--w- C:\$RECYCLE.BIN

2013-05-06 03:41:46 -------- d-----w- c:\users\owner\appdata\local\temp

2013-05-06 02:43:18 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-05 20:58:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-05-05 19:21:23 -------- d-----w- C:\cbd04c7d00bba4ab9ce0b644

2013-05-04 06:10:39 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9983179c-d639-4815-9a63-1e849bc0b106}\offreg.dll

2013-05-04 04:39:33 -------- d-----w- c:\program files\FileASSASSIN

2013-05-04 04:06:11 -------- d-----w- c:\users\owner\appdata\roaming\EUROSYSTEMS

2013-05-04 04:06:11 -------- d-----w- c:\programdata\EUROXYSTEMS

2013-05-03 13:42:31 -------- d-----w- C:\components

2013-05-03 06:22:08 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9983179c-d639-4815-9a63-1e849bc0b106}\mpengine.dll

2013-05-03 04:25:36 47104 ----a-w- c:\windows\system32\D2htls32.dll

2013-05-03 04:25:36 28976 ----a-w- c:\windows\system32\D2HTOOLS.DLL

2013-05-03 04:23:23 -------- d-----w- c:\program files\EUROSYSTEMS

2013-05-03 02:17:12 -------- d-----w- c:\program files\MyPC Backup

2013-05-03 02:13:45 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-05-03 02:13:45 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-03 02:10:43 -------- d-----w- c:\users\owner\appdata\roaming\Conduit

2013-05-03 02:09:13 -------- d-----w- c:\users\owner\appdata\local\CRE

2013-04-13 07:01:57 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-04-13 07:01:56 757376 ----a-w- c:\program files\internet explorer\iexplore.exe

2013-04-13 07:01:53 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll

2013-04-13 07:01:51 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2013-04-13 07:01:48 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-12 21:03:40 -------- d-----w- C:\0906c087265c5a109b04

2013-04-10 18:25:37 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 18:25:32 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 18:25:32 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 18:25:31 64000 ----a-w- c:\windows\system32\smss.exe

2013-04-10 18:25:30 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 18:25:27 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 18:25:25 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-04-10 18:25:22 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-04-08 16:42:12 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-04-08 16:42:11 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

.

==================== Find3M ====================

.

2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 23:34:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-01 23:34:08 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-01 23:33:35 41664 ----a-w- c:\windows\avastSS.scr

2013-04-11 22:11:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-11 22:11:01 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-01 02:33:57 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-03-01 02:33:57 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

============= FINISH: 8:26:04.02 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 2/20/2009 12:47:08 AM

System Uptime: 5/6/2013 8:13:44 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | Microprocessor | 1080/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 134 GiB total, 73.094 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 8.214 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.4

avast! Free Antivirus

Bing Bar

Blender

CCleaner

Choice Guard

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CoCut Professional 2011

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X6

CorelDRAW Graphics Suite X6 - Capture

CorelDRAW Graphics Suite X6 - Common

CorelDRAW Graphics Suite X6 - Connect

CorelDRAW Graphics Suite X6 - Custom Data

CorelDRAW Graphics Suite X6 - Draw

CorelDRAW Graphics Suite X6 - EN

CorelDRAW Graphics Suite X6 - Filters

CorelDRAW Graphics Suite X6 - FontNav

CorelDRAW Graphics Suite X6 - IPM

CorelDRAW Graphics Suite X6 - PHOTO-PAINT

CorelDRAW Graphics Suite X6 - Photozoom Plugin

CorelDRAW Graphics Suite X6 - Redist

CorelDRAW Graphics Suite X6 - Setup Files

CorelDRAW Graphics Suite X6 - VBA

CorelDRAW Graphics Suite X6 - VideoBrowser

CorelDRAW Graphics Suite X6 - VSTA

CorelDRAW Graphics Suite X6 - Writing Tools

Cozi

Dell AIO Printer A920

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Wireless WLAN Card Utility

DELL0604

EDocs

ESET Online Scanner v3

FileASSASSIN

Floriani

Free 3GP Video Converter version 5.0.22.128

Google Chrome

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Intel® Matrix Storage Manager

Java 7 Update 21

Java Auto Updater

Java 6 Update 7

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Microsoft Visual Basic for Applications 7.1 (x86)

Microsoft Visual Basic for Applications 7.1 (x86) English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Microsoft Works

MSVCRT

PowerDVD

QuickSet

ROBLOX Player for Owner

ROBLOX Studio 2013 for Owner

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Spelling Dictionaries Support For Adobe Reader 9

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Windows 7 Upgrade Advisor

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== End Of File ===========================

[Maniac]

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• RogueKiller log

[robins]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.06.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

5/6/2013 2:52:15 PM

mbam-log-2013-05-06 (14-52-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215290

Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

¤¤¤ Registry Entries : 7 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> E:\windows\system32\config\SOFTWARE

-> E:\windows\system32\config\SYSTEM

-> E:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++

--- User ---

[MBR] 7bd589b10848bb4a5ffc75fc5e416551

[bSP] 640587d7031558c7209b429084fd25cf : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05062013_02d1541.txt >>

RKreport[1]_S_05062013_02d1541.txt

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[robins]

It ran....5 hours....it found nothing and there is no file? I cant find it anywhere.

[robins]

I am running it again just in case. I just did control, alt, delete as I have been doing the last year to see what is running and the same programs are still there...so not sure if what I was thinking was a virus svc.host.exe or not. If it is or isn't, its still there running and hogging all the memory.

I cannot find a log from eset online scanner so I am running again, its halfway done and I am off to bed. will check in morning.

[Maniac]

No, I don't need it if there is nothing detected. Please proceed:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[robins]

ComboFix 13-05-07.02 - Owner 05/07/2013 7:38.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1910 [GMT -4:00]

Running from: c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBEUPU50\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-07 to 2013-05-07 )))))))))))))))))))))))))))))))

.

.

2013-05-07 11:54 . 2013-05-07 11:54 -------- d-----w- c:\users\Owner\AppData\Local\temp

2013-05-07 11:54 . 2013-05-07 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-06 02:43 . 2013-05-06 02:43 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-05 20:58 . 2013-05-05 20:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-05-05 20:27 . 2013-05-05 20:27 -------- d-----w- c:\programdata\McAfee

2013-05-05 19:21 . 2013-05-05 19:21 -------- d-----w- C:\cbd04c7d00bba4ab9ce0b644

2013-05-04 06:10 . 2013-05-05 06:30 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9983179C-D639-4815-9A63-1E849BC0B106}\offreg.dll

2013-05-04 04:39 . 2013-05-04 04:39 -------- d-----w- c:\program files\FileASSASSIN

2013-05-04 04:06 . 2013-05-04 04:06 -------- d-----w- c:\users\Owner\AppData\Roaming\EUROSYSTEMS

2013-05-04 04:06 . 2013-05-04 04:06 -------- d-----w- c:\programdata\EUROXYSTEMS

2013-05-03 13:42 . 2013-05-03 13:42 -------- d-----w- C:\components

2013-05-03 06:22 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9983179C-D639-4815-9A63-1E849BC0B106}\mpengine.dll

2013-05-03 04:25 . 1996-05-08 05:59 47104 ----a-w- c:\windows\system32\D2htls32.dll

2013-05-03 04:25 . 1996-02-28 22:47 28976 ----a-w- c:\windows\system32\D2HTOOLS.DLL

2013-05-03 04:23 . 2013-05-03 04:23 -------- d-----w- c:\program files\EUROSYSTEMS

2013-05-03 02:17 . 2013-05-03 13:41 -------- d-----w- c:\program files\MyPC Backup

2013-05-03 02:13 . 2013-05-05 20:57 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-05-03 02:13 . 2013-05-05 20:57 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-03 02:10 . 2013-05-03 02:10 -------- d-----w- c:\users\Owner\AppData\Roaming\Conduit

2013-05-03 02:09 . 2013-05-03 02:09 -------- d-----w- c:\users\Owner\AppData\Local\CRE

2013-04-13 07:01 . 2013-02-22 03:46 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-04-13 07:01 . 2013-02-22 04:10 757376 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-04-13 07:01 . 2013-02-22 03:38 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2013-04-13 07:01 . 2013-02-22 03:39 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2013-04-13 07:01 . 2013-02-22 03:37 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-12 21:03 . 2013-04-12 21:03 -------- d-----w- C:\0906c087265c5a109b04

2013-04-10 18:25 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 18:25 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 18:25 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 18:25 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe

2013-04-10 18:25 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 18:25 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 18:25 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-04-10 18:25 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-04-08 16:42 . 2013-05-02 14:52 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-04-08 16:42 . 2013-05-01 23:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-02 06:06 . 2012-09-12 20:41 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 23:34 . 2012-11-25 05:03 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-05-01 23:34 . 2012-11-25 05:03 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-01 23:34 . 2012-11-25 05:03 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-01 23:34 . 2012-11-25 05:03 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-05-01 23:34 . 2012-11-25 05:03 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-01 23:34 . 2012-11-25 05:03 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-01 23:33 . 2012-11-25 05:02 41664 ----a-w- c:\windows\avastSS.scr

2013-05-01 23:33 . 2012-11-25 05:02 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-04-11 22:11 . 2012-10-02 18:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-11 22:11 . 2012-10-02 18:59 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-04 18:50 . 2012-09-15 03:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-20 21:12 . 2013-03-20 21:12 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2013-03-20 21:11 . 2013-03-20 21:11 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-03-20 21:11 . 2013-03-20 21:11 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

2013-03-01 02:33 . 2009-02-20 12:18 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-03-01 02:33 . 2009-02-20 12:18 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-02-12 01:57 . 2013-03-17 21:56 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-01 23:33 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-02-20 12:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

backup=c:\windows\pss\Dell Dock.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 22:11]

.

2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584686645-3003716604-2262587235-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 15:13]

.

2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584686645-3003716604-2262587235-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 15:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={B1B8F380-AFF6-11E2-91B9-0023AE1E50D1}

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{53FAF299-2101-492C-B2A9-14F03B4AADC7}: NameServer = 8.8.8.8,4.2.2.4

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-07 07:54

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{11111111-1111-1111-1111-110211621178}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,

15,23,5f,7f,54,6e,07,52,42,14,3c,55,6c

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,

a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"=hex:51,66,7a,6c,4c,1d,3b,1b,e3,15,3d,

81,48,70,d3,39,96,99,8d,11,66,db,ca,81

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:60,41,e6,7d,6e,34,ce,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-05-07 07:59:24

ComboFix-quarantined-files.txt 2013-05-07 11:59

.

Pre-Run: 78,376,132,608 bytes free

Post-Run: 80,673,669,120 bytes free

.

- - End Of File - - 56FCAD5312E20D38C8F29E61F9A2FA24

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 2

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• AdwCleaner log

[robins]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Home Premium x86

Ran by Owner on Tue 05/07/2013 at 22:10:10.47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{461FC32C-B616-4A83-93BD-DC29E6DE00D8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\conduit"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\incredibar.com"

Successfully deleted: [Folder] "C:\Program Files\aol toolbar"

Successfully deleted: [Folder] "C:\Program Files\perion"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/07/2013 at 22:15:09.65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Users\Owner\AppData\Local\APN

***** [Registry] *****

Key Deleted : HKCU\Software\524dd8fb668bf10

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2338 octets] - [07/05/2013 22:20:48]

AdwCleaner[s1].txt - [2305 octets] - [07/05/2013 22:21:44]

########## EOF - C:\AdwCleaner[s1].txt - [2365 octets] ##########

[Maniac]

Any progress?

[robins]

Cant tell for sure if it is gone. It hasn't been breathing heavy today....so maybe.

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

[robins]

No threats found.

[robins]

Off subject. I am doing my other laptop while doing this one and I am at the point of running eset scanner for the first time (in instructions in this post) and there was 6 threats at 40% and it keeps locking down. So I stopped it and ran the next step and it deleted 20 or so viruses and then I was planning on trying the eset scanner again. Looks like the same virus on that computer but that computer it is much more evolved.

The laptop I am on now (the one this post is about) does still get slow and I click ctrl alt dlt to see what is running and I see that same program svchost.exe windows media player but its no longer 100% usuage now its 60%. Not sure if that is normal, but when I click end it the computer runs fine again.

[Maniac]

Off subject. I am doing my other laptop while doing this one and I am at the point of running eset scanner for the first time (in instructions in this post) and there was 6 threats at 40% and it keeps locking down. So I stopped it and ran the next step and it deleted 20 or so viruses and then I was planning on trying the eset scanner again. Looks like the same virus on that computer but that computer it is much more evolved.

My instructions are for this machine. For another one, start a new thread and follow the first instructions again. Everything is different, so do not apply my fixes for another machine.

The laptop I am on now (the one this post is about) does still get slow and I click ctrl alt dlt to see what is running and I see that same program svchost.exe windows media player but its no longer 100% usuage now its 60%. Not sure if that is normal, but when I click end it the computer runs fine again.

This system seems to be clean. I suggest you to do some optimizations:

http://forums.malwarebytes.org/index.php?showtopic=81990

Now, let's clean these tools. First:

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Second:

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Uninstall
  
• Confirm with Yes
  

Third:

Please uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!