sweetpacks and pricepeep

[twcinnh]

When clicking on a link in Outlook 2010 I got an error message. After googling some I just found sweet packs on my system. I ran Revo uninstaller and it offered to delete over 5000 registry entries (I decided to skip that.).

After running Malwarebyes it quantined pricepeep_130001_0101.exe and deleted it.

I don't find sweetpacks in either Revo uninsallers conrtol panel, or Microsofts CP 'Programs and Features'.

But, I'm very concerned there is more to be done. Any assistance will be appreciated.

Regards,

Tom C

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Tom at 12:01:30 on 2013-05-30

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16281.13966 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

H:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

h:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\IProsetMonitor.exe

h:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

h:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\WUDFHost.exe

H:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

h:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

H:\Program Files\COMODO\COMODO Internet Security\cistray.exe

C:\Windows\SysWOW64\HsMgr.exe

C:\Windows\system\HsMgr64.exe

C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

H:\Program Files\AVAST Software\Avast\AvastUI.exe

H:\Program Files\Spamihilator\spamihilator.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

H:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Users\Tom\AppData\Local\Temp\{1F6BA065-6176-4F3E-87A3-2AF7354DB08F}\adni18_Weather.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

H:\Program Files\Spamihilator\bridge\spamihilator_32bit_bridge.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

H:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe

H:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Tom\AppData\Local\Temp\{1F6BA065-6176-4F3E-87A3-2AF7354DB08F}\adni18_Weather.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ridma.com/links11.html

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - h:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} -

TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} -

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - h:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [avast] "h:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [bCSSync] "H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADNI18~1.LNK - C:\Users\Tom\Desktop\adni18_Weather.exe

StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINLE~1.LNK - H:\Program Files\Rainlendar2\Rainlendar2.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPAMIH~1.LNK - H:\Program Files\Spamihilator\spamihilator.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:221

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{05889F16-2C00-469F-9679-260997FFEA0C} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - h:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - h:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [COMODO Internet Security] H:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd

x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke

x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yfww76r5.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - ExtSQL: 2013-05-27 03:03; {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}; C:\Program Files\Updater By SweetPacks\Firefox

FF - ExtSQL: 2013-05-27 05:41; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-26 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-26 189936]

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-5-27 24880]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-26 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-26 378432]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 706560]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-26 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-26 80816]

R2 avast! Antivirus;avast! Antivirus;H:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-26 46808]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-12 190120]

R2 MBAMScheduler;MBAMScheduler;H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-15 418376]

R2 MBAMService;MBAMService;H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-15 701512]

R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-5-27 2726400]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-26 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-5-27 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-1-1 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2013-5-27 124176]

R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-9-2 75552]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 WiseBootAssistant;Wise Boot Assistant;H:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-5-22 580232]

S3 cmdvirth;COMODO Virtual Service Manager;H:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-25 158928]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-26 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-26 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-26 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-26 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\notepad++.exe="H:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-05-30 12:48:42 -------- d-----w- C:\Users\Tom\AppData\Local\Stardock

2013-05-30 10:04:56 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51A1EDAC-A30F-4A3B-B5EB-C41F85016759}\mpengine.dll

2013-05-30 00:04:02 -------- d-----w- C:\Users\Tom\AppData\Local\ElevatedDiagnostics

2013-05-29 16:10:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2013-05-29 13:21:33 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Games

2013-05-29 12:30:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-05-29 12:30:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-05-29 12:30:02 -------- d-----w- C:\Program Files (x86)\The Weather Channel

2013-05-29 12:29:41 -------- d-----w- C:\Users\Tom\AppData\Local\The Weather Channel

2013-05-28 18:06:46 456992 ----a-w- C:\Windows\System32\appinit_dll.dll

2013-05-28 18:06:46 411936 ----a-w- C:\Windows\SysWow64\appinit_dll.dll

2013-05-28 18:06:46 -------- d-----w- C:\Users\Tom\Lucidlogix

2013-05-28 13:26:48 -------- d-----w- C:\Users\Tom\.rainlendar2

2013-05-27 23:02:17 -------- d-----w- C:\Users\Tom\AppData\Roaming\Systweak

2013-05-27 23:02:16 20312 ----a-w- C:\Windows\System32\roboot64.exe

2013-05-27 21:57:18 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-05-27 21:57:18 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-27 21:57:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-27 21:49:58 -------- d-----w- C:\Users\Tom\AppData\Local\Macromedia

2013-05-27 21:49:01 -------- d-----w- C:\Users\Tom\AppData\Local\Mozilla

2013-05-27 16:58:29 -------- d-----w- C:\Program Files\SystemRequirementsLab

2013-05-27 15:53:34 -------- d-----w- C:\Users\Tom\AppData\Local\Adobe

2013-05-27 15:19:54 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2013-05-27 14:54:59 200800 ----a-w- C:\Windows\System32\AERTAC64.dll

2013-05-27 14:41:06 -------- d-----w- C:\Program Files\Realtek

2013-05-27 14:40:53 -------- d--h--w- C:\Program Files (x86)\Temp

2013-05-27 14:22:19 80384 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys

2013-05-27 14:18:37 24880 ----a-w- C:\Windows\System32\drivers\mv91cons.sys

2013-05-27 14:07:47 971680 ----a-w- C:\Windows\System32\deployJava1.dll

2013-05-27 14:07:47 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-05-27 14:07:45 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-05-27 14:03:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2013-05-27 12:22:57 4038592 ----a-w- C:\Windows\PE_Rom.dll

2013-05-27 12:22:54 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys

2013-05-27 12:10:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-05-27 10:30:47 -------- d-----w- C:\Windows\SysWow64\STRING

2013-05-27 09:47:43 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL

2013-05-27 09:47:43 366592 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL

2013-05-27 09:47:43 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL

2013-05-27 09:47:43 -------- d-----w- C:\Windows\System32\STRING

2013-05-27 09:45:41 -------- d--h--w- C:\ProgramData\CanonIJETV

2013-05-27 09:45:28 -------- d-----w- C:\Program Files (x86)\Canon

2013-05-27 09:42:33 53248 ----a-r- C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2013-05-27 09:42:30 -------- d-----w- C:\Users\Tom\AppData\Local\Logishrd

2013-05-27 09:42:16 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAZ.DLL

2013-05-27 09:42:16 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAZ.DLL

2013-05-27 09:42:10 385024 ----a-w- C:\Windows\System32\CNMLMAZ.DLL

2013-05-27 09:42:06 -------- d--h--w- C:\ProgramData\CanonIJFAX

2013-05-27 09:42:04 302592 ----a-w- C:\Windows\System32\CNCALAZ.DLL

2013-05-27 09:41:59 487424 ----a-w- C:\Windows\System32\CNC_AZL.dll

2013-05-27 09:41:59 424448 ----a-w- C:\Windows\SysWow64\CNC_AZL.dll

2013-05-27 09:41:59 367616 ----a-w- C:\Windows\System32\CNC_AZC.dll

2013-05-27 09:41:59 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll

2013-05-27 09:41:59 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll

2013-05-27 09:41:59 122880 ----a-w- C:\Windows\SysWow64\CNC_AZU.dll

2013-05-27 09:41:59 119296 ----a-w- C:\Windows\System32\CNC_AZI.dll

2013-05-27 07:04:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-05-27 07:04:14 -------- d-----w- C:\Users\Tom\AppData\Roaming\Logishrd

2013-05-27 06:48:32 -------- d-----w- C:\Users\Tom\AppData\Roaming\Wise Care 365

2013-05-27 06:14:45 124176 ----a-w- C:\Windows\System32\drivers\TotRec8.sys

2013-05-27 06:12:53 -------- d-----w- C:\Users\Tom\AppData\Roaming\TotalRecorder

2013-05-27 05:18:02 -------- d-----w- C:\ProgramData\Babylon

2013-05-27 05:18:01 -------- d-----w- C:\Users\Tom\AppData\Roaming\Babylon

2013-05-27 05:06:39 -------- d-----w- C:\Users\Tom\AppData\Roaming\Spamihilator

2013-05-27 05:06:07 829264 ----a-w- C:\Windows\System32\msvcr100.dll

2013-05-27 05:06:06 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2013-05-27 05:06:06 608080 ----a-w- C:\Windows\System32\msvcp100.dll

2013-05-27 05:06:06 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2013-05-27 05:01:32 -------- d-----w- C:\Windows\System32\appmgmt

2013-05-27 05:01:27 -------- d-----w- C:\ProgramData\Spamihilator

2013-05-27 04:45:38 -------- d-----w- C:\Users\Tom\AppData\Roaming\Glarysoft

2013-05-27 04:43:27 -------- d-----w- C:\Users\Tom\AppData\Roaming\IrfanView

2013-05-27 04:37:10 -------- d-----w- C:\Program Files\Microsoft Games

2013-05-27 03:52:50 -------- d-----w- C:\Windows\SysWow64\NV

2013-05-27 03:52:50 -------- d-----w- C:\Windows\System32\NV

2013-05-27 03:42:41 -------- d-----w- C:\NVIDIA

2013-05-27 03:37:49 -------- d-----w- C:\Users\Tom\AppData\Local\NVIDIA

2013-05-27 01:33:33 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-05-27 01:33:33 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-05-27 01:33:33 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-05-27 01:33:33 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-05-27 01:29:24 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-05-27 01:29:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-05-27 01:29:24 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-05-27 01:29:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-05-27 01:29:24 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-05-26 23:24:06 -------- d-----w- C:\Windows\Panther

2013-05-26 22:43:22 339144 ----a-w- C:\Windows\System32\PROUnstl.exe

2013-05-26 22:42:29 99520 ----a-w- C:\Windows\System32\NicInstC.dll

2013-05-26 22:42:29 72360 ----a-w- C:\Windows\System32\e1cmsg.dll

2013-05-26 22:42:29 514736 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys

2013-05-26 22:42:29 36472 ----a-w- C:\Windows\System32\NicCo36.dll

2013-05-26 22:42:29 -------- d-sh--w- C:\Windows\Installer

2013-05-26 22:31:10 -------- d-sh--w- C:\Recovery

2013-05-26 22:15:47 -------- d-----w- C:\Users\Tom\AppData\Local\Programs

2013-05-26 22:14:47 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes

2013-05-26 22:14:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-26 22:14:38 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-26 22:13:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2013-05-26 21:58:22 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll

2013-05-26 21:58:22 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-05-26 21:58:22 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-05-26 21:58:22 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2013-05-26 21:58:22 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll

2013-05-26 21:58:22 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2013-05-26 21:58:21 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-05-26 21:43:25 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-05-26 21:41:43 -------- d-----w- C:\Program Files\NVIDIA Corporation

2013-05-26 21:39:38 -------- d-----w- C:\Intel

2013-05-26 21:07:59 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-26 21:06:39 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2013-05-26 21:06:39 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2013-05-26 21:06:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-05-26 21:06:28 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-05-26 21:06:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2013-05-26 21:06:09 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2013-05-26 21:06:09 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2013-05-26 21:06:09 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2013-05-26 21:04:50 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-05-26 21:03:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-05-26 21:02:34 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2013-05-26 21:01:45 956928 ----a-w- C:\Windows\System32\localspl.dll

2013-05-26 21:01:35 67072 ----a-w- C:\Windows\splwow64.exe

2013-05-26 21:01:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-05-26 21:01:33 77312 ----a-w- C:\Windows\System32\packager.dll

2013-05-26 21:01:33 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-05-26 20:57:02 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-05-26 20:47:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-05-26 20:47:12 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-05-26 20:47:11 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-05-26 20:47:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-05-26 20:39:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-05-26 20:39:49 -------- d-----w- C:\Windows\PCHEALTH

2013-05-26 20:39:49 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-05-26 20:39:14 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Help

2013-05-26 20:36:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-26 20:36:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-26 20:32:23 -------- d-----w- C:\Users\Tom\AppData\Roaming\Moonchild Productions

2013-05-26 20:32:23 -------- d-----w- C:\Users\Tom\AppData\Local\Moonchild Productions

2013-05-26 20:24:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-26 20:24:58 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-26 20:24:10 -------- d--h--w- C:\VTRoot

2013-05-26 20:16:56 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-26 20:16:56 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-26 20:16:56 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-26 20:16:50 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-26 20:09:50 -------- d-----w- C:\ProgramData\Comodo Downloader

2013-05-26 20:09:50 -------- d-----w- C:\ProgramData\Comodo

2013-05-26 20:06:44 -------- d-----w- C:\Users\Tom\hProgram FilesCOMODOCOMODO Internet Security

2013-05-26 19:57:10 -------- d-----w- C:\Users\Tom\AppData\Local\Google

2013-05-26 19:56:54 -------- d-----w- C:\ProgramData\AVAST Software

.

==================== Find3M ====================

.

2013-05-27 12:14:33 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-05-27 12:14:33 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-05-27 12:14:33 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-05-27 12:14:33 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-05-12 21:42:27 925648 ----a-w- C:\Windows\SysWow64\nvumdshim.dll

2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll

2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-23 14:04:10 437176 ----a-w- C:\Windows\System32\guard64.dll

2013-04-23 14:04:10 348048 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-04-15 17:38:52 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-04-15 17:38:51 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-04-15 17:38:51 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-04-15 17:38:38 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-04-15 17:38:29 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-04-15 17:38:28 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-04-15 17:38:25 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-04-15 17:38:24 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 12:01:56.05 ===============

Attach.txt

[Maurice Naggar]

Hello Tom and welcome to MalwareBytes forums.

I will be helping you. Please follow my guidance and do not run tools or fixes nor do changes on your own.

Please confirm for me that you are the owner of this system.

If it is owned by someone else, or if it belongs to a company or an organization, please Stop and tell me that.

As a reminder, please just only Copy & Paste all log contents directly into main-body of reply box.

Use 1 reply per each log as needed. IF you hit some log that is way too huge, then you may attach.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %ALLUSERSPROFILE%\Application Data\*.dll /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  c:|crossride;true;true;true; /FP
  c:|conduit;true;true;true; /FP
  c:|sweetpack;true;true;true; /FP
  c:|pricepeep;true;true;true; /FP
  c:|Fun4IM;true;true;true; /FP
  c:|Bandoo;true;true;true; /FP
  c:|Searchn;true;true;true; /FP
  c:|Searchq;true;true;true; /FP
  c:|datamngr;true;true;true; /FP
  c:|iLivid;true;true;true; /FP
  c:|whitesmoke;true;true;true; /FP
  c:|services.ex;true;true;true; /FP
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %systemroot%\*. /mp /s
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on Run Scan.
  
• The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  These are saved in the same location as OTL.
  
• Please Attach the OTL log(s) .

[twcinnh]

I have windows on a SSD drive, and documents on a separate Hard Drive. Is the risk to the C (windows) drive, or should I be backing up the regular HD?

Thanks,

Tom C

[Maurice Naggar]

Any risk (though not anticipated ) would be on the windows drive.

Go forward and run the tools and Task I outlined.

[twcinnh]

At Step 2 I open Windows exploere.exe and there is no tool option displayed. I'm searching for a solution but haven't found anything yet.

Tom C

[twcinnh]

Here are the OTL log files (OTL.txt and Extras.txt)

Thanks,

Tom C

Extras.Txt

OTL.Txt

[Maurice Naggar]

At Step 2 I open Windows exploere.exe and there is no tool option displayed. I'm searching for a solution but haven't found anything yet.

Tom C

Look again carefully at my instructions. I meant for you to use the Menu on Windows Explorer, and the sub-menus.

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member twcinnh only. If you are a casual viewer, do NOT try this on your system!

If you are not twcinnh and have a similar problem, do NOT post here; start your own topic

• Temporarily disable your antivirus program and close any programs that you started.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Download the attached file TwcOTL.txt and SAVE to your DESKTOP
  
• Start NOTEPAD
  Start NOTEPAD. Check and make sure "word wrap" is off.
  From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
  IF it -is- checkmarked, click that one time so that it is un-checked.
  
• Open the TwcOTL.txt that you saved
  
• Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

TwcOTL.txt

[twcinnh]

I owe you an apology. I hadn't realized how malwarebytes procedures worked and had opened a discussion with another staff member not through this forum. I took a little bit to get started but I have been working on the problem the past day and half and the system seems to be well healed.

Thank you for your time and effort.

Regards,

Tom C

[Maurice Naggar]

I appreciate your letting me know. It is always the practice to only be seeking help in one and only one venue.

Since you are getting help elsewhere, I will close this now.

I wish you well.