twcinnh Posted May 30, 2013 ID:685359 Share Posted May 30, 2013 When clicking on a link in Outlook 2010 I got an error message. After googling some I just found sweet packs on my system. I ran Revo uninstaller and it offered to delete over 5000 registry entries (I decided to skip that.).After running Malwarebyes it quantined pricepeep_130001_0101.exe and deleted it.I don't find sweetpacks in either Revo uninsallers conrtol panel, or Microsofts CP 'Programs and Features'.But, I'm very concerned there is more to be done. Any assistance will be appreciated.Regards,Tom CDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2Run by Tom at 12:01:30 on 2013-05-30Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16281.13966 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSH:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeh:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\IProsetMonitor.exeh:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeh:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\WUDFHost.exeH:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationh:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeH:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Windows\SysWOW64\HsMgr.exeC:\Windows\system\HsMgr64.exeC:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXEC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeH:\Program Files\AVAST Software\Avast\AvastUI.exeH:\Program Files\Spamihilator\spamihilator.exeC:\Program Files\Microsoft IntelliType Pro\dpupdchk.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeH:\Program Files\Rainlendar2\Rainlendar2.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Users\Tom\AppData\Local\Temp\{1F6BA065-6176-4F3E-87A3-2AF7354DB08F}\adni18_Weather.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\taskeng.exeH:\Program Files\Spamihilator\bridge\spamihilator_32bit_bridge.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetH:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exeH:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Users\Tom\AppData\Local\Temp\{1F6BA065-6176-4F3E-87A3-2AF7354DB08F}\adni18_Weather.exeC:\Windows\sysWow64\SearchProtocolHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.ridma.com/links11.htmluSearch Bar = PreservemWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - h:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - h:\Program Files\AVAST Software\Avast\aswWebRepIE.dllmRun: [avast] "h:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [bCSSync] "H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADNI18~1.LNK - C:\Users\Tom\Desktop\adni18_Weather.exeStartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINLE~1.LNK - H:\Program Files\Rainlendar2\Rainlendar2.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPAMIH~1.LNK - H:\Program Files\Spamihilator\spamihilator.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:221mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{05889F16-2C00-469F-9679-260997FFEA0C} : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLAppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dllSSODL: WebCheck - <orphaned>x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - h:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - h:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [COMODO Internet Security] H:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWndx64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envokex64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envokex64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yfww76r5.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - plugin: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - ExtSQL: 2013-05-27 03:03; {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}; C:\Program Files\Updater By SweetPacks\FirefoxFF - ExtSQL: 2013-05-27 05:41; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-26 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-26 189936]R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-5-27 24880]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-26 1025808]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-26 378432]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 706560]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-26 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-26 80816]R2 avast! Antivirus;avast! Antivirus;H:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-26 46808]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-12 190120]R2 MBAMScheduler;MBAMScheduler;H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-15 418376]R2 MBAMService;MBAMService;H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-15 701512]R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-5-27 2726400]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-26 25928]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-5-27 80384]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-1-1 181248]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2013-5-27 124176]R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-9-2 75552]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 WiseBootAssistant;Wise Boot Assistant;H:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-5-22 580232]S3 cmdvirth;COMODO Virtual Service Manager;H:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-25 158928]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-26 19456]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-26 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-26 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-26 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088].=============== File Associations ===============.FileExt: .txt: Applications\notepad++.exe="H:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice].=============== Created Last 30 ================.2013-05-30 12:48:42 -------- d-----w- C:\Users\Tom\AppData\Local\Stardock2013-05-30 10:04:56 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51A1EDAC-A30F-4A3B-B5EB-C41F85016759}\mpengine.dll2013-05-30 00:04:02 -------- d-----w- C:\Users\Tom\AppData\Local\ElevatedDiagnostics2013-05-29 16:10:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe2013-05-29 13:21:33 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Games2013-05-29 12:30:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-05-29 12:30:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-05-29 12:30:02 -------- d-----w- C:\Program Files (x86)\The Weather Channel2013-05-29 12:29:41 -------- d-----w- C:\Users\Tom\AppData\Local\The Weather Channel2013-05-28 18:06:46 456992 ----a-w- C:\Windows\System32\appinit_dll.dll2013-05-28 18:06:46 411936 ----a-w- C:\Windows\SysWow64\appinit_dll.dll2013-05-28 18:06:46 -------- d-----w- C:\Users\Tom\Lucidlogix2013-05-28 13:26:48 -------- d-----w- C:\Users\Tom\.rainlendar22013-05-27 23:02:17 -------- d-----w- C:\Users\Tom\AppData\Roaming\Systweak2013-05-27 23:02:16 20312 ----a-w- C:\Windows\System32\roboot64.exe2013-05-27 21:57:18 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-05-27 21:57:18 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-05-27 21:57:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-05-27 21:49:58 -------- d-----w- C:\Users\Tom\AppData\Local\Macromedia2013-05-27 21:49:01 -------- d-----w- C:\Users\Tom\AppData\Local\Mozilla2013-05-27 16:58:29 -------- d-----w- C:\Program Files\SystemRequirementsLab2013-05-27 15:53:34 -------- d-----w- C:\Users\Tom\AppData\Local\Adobe2013-05-27 15:19:54 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro2013-05-27 14:54:59 200800 ----a-w- C:\Windows\System32\AERTAC64.dll2013-05-27 14:41:06 -------- d-----w- C:\Program Files\Realtek2013-05-27 14:40:53 -------- d--h--w- C:\Program Files (x86)\Temp2013-05-27 14:22:19 80384 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys2013-05-27 14:18:37 24880 ----a-w- C:\Windows\System32\drivers\mv91cons.sys2013-05-27 14:07:47 971680 ----a-w- C:\Windows\System32\deployJava1.dll2013-05-27 14:07:47 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-05-27 14:07:45 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-05-27 14:03:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab2013-05-27 12:22:57 4038592 ----a-w- C:\Windows\PE_Rom.dll2013-05-27 12:22:54 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys2013-05-27 12:10:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll2013-05-27 10:30:47 -------- d-----w- C:\Windows\SysWow64\STRING2013-05-27 09:47:43 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL2013-05-27 09:47:43 366592 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL2013-05-27 09:47:43 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL2013-05-27 09:47:43 -------- d-----w- C:\Windows\System32\STRING2013-05-27 09:45:41 -------- d--h--w- C:\ProgramData\CanonIJETV2013-05-27 09:45:28 -------- d-----w- C:\Program Files (x86)\Canon2013-05-27 09:42:33 53248 ----a-r- C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2013-05-27 09:42:30 -------- d-----w- C:\Users\Tom\AppData\Local\Logishrd2013-05-27 09:42:16 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAZ.DLL2013-05-27 09:42:16 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAZ.DLL2013-05-27 09:42:10 385024 ----a-w- C:\Windows\System32\CNMLMAZ.DLL2013-05-27 09:42:06 -------- d--h--w- C:\ProgramData\CanonIJFAX2013-05-27 09:42:04 302592 ----a-w- C:\Windows\System32\CNCALAZ.DLL2013-05-27 09:41:59 487424 ----a-w- C:\Windows\System32\CNC_AZL.dll2013-05-27 09:41:59 424448 ----a-w- C:\Windows\SysWow64\CNC_AZL.dll2013-05-27 09:41:59 367616 ----a-w- C:\Windows\System32\CNC_AZC.dll2013-05-27 09:41:59 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll2013-05-27 09:41:59 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll2013-05-27 09:41:59 122880 ----a-w- C:\Windows\SysWow64\CNC_AZU.dll2013-05-27 09:41:59 119296 ----a-w- C:\Windows\System32\CNC_AZI.dll2013-05-27 07:04:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys2013-05-27 07:04:14 -------- d-----w- C:\Users\Tom\AppData\Roaming\Logishrd2013-05-27 06:48:32 -------- d-----w- C:\Users\Tom\AppData\Roaming\Wise Care 3652013-05-27 06:14:45 124176 ----a-w- C:\Windows\System32\drivers\TotRec8.sys2013-05-27 06:12:53 -------- d-----w- C:\Users\Tom\AppData\Roaming\TotalRecorder2013-05-27 05:18:02 -------- d-----w- C:\ProgramData\Babylon2013-05-27 05:18:01 -------- d-----w- C:\Users\Tom\AppData\Roaming\Babylon2013-05-27 05:06:39 -------- d-----w- C:\Users\Tom\AppData\Roaming\Spamihilator2013-05-27 05:06:07 829264 ----a-w- C:\Windows\System32\msvcr100.dll2013-05-27 05:06:06 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll2013-05-27 05:06:06 608080 ----a-w- C:\Windows\System32\msvcp100.dll2013-05-27 05:06:06 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll2013-05-27 05:01:32 -------- d-----w- C:\Windows\System32\appmgmt2013-05-27 05:01:27 -------- d-----w- C:\ProgramData\Spamihilator2013-05-27 04:45:38 -------- d-----w- C:\Users\Tom\AppData\Roaming\Glarysoft2013-05-27 04:43:27 -------- d-----w- C:\Users\Tom\AppData\Roaming\IrfanView2013-05-27 04:37:10 -------- d-----w- C:\Program Files\Microsoft Games2013-05-27 03:52:50 -------- d-----w- C:\Windows\SysWow64\NV2013-05-27 03:52:50 -------- d-----w- C:\Windows\System32\NV2013-05-27 03:42:41 -------- d-----w- C:\NVIDIA2013-05-27 03:37:49 -------- d-----w- C:\Users\Tom\AppData\Local\NVIDIA2013-05-27 01:33:33 9728 ----a-w- C:\Windows\System32\Wdfres.dll2013-05-27 01:33:33 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2013-05-27 01:33:33 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2013-05-27 01:33:33 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2013-05-27 01:29:24 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-05-27 01:29:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2013-05-27 01:29:24 5120 ----a-w- C:\Windows\System32\wmi.dll2013-05-27 01:29:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2013-05-27 01:29:24 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-05-26 23:24:06 -------- d-----w- C:\Windows\Panther2013-05-26 22:43:22 339144 ----a-w- C:\Windows\System32\PROUnstl.exe2013-05-26 22:42:29 99520 ----a-w- C:\Windows\System32\NicInstC.dll2013-05-26 22:42:29 72360 ----a-w- C:\Windows\System32\e1cmsg.dll2013-05-26 22:42:29 514736 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys2013-05-26 22:42:29 36472 ----a-w- C:\Windows\System32\NicCo36.dll2013-05-26 22:42:29 -------- d-sh--w- C:\Windows\Installer2013-05-26 22:31:10 -------- d-sh--w- C:\Recovery2013-05-26 22:15:47 -------- d-----w- C:\Users\Tom\AppData\Local\Programs2013-05-26 22:14:47 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes2013-05-26 22:14:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-05-26 22:14:38 -------- d-----w- C:\ProgramData\Malwarebytes2013-05-26 22:13:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation2013-05-26 21:58:22 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll2013-05-26 21:58:22 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll2013-05-26 21:58:22 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll2013-05-26 21:58:22 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll2013-05-26 21:58:22 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll2013-05-26 21:58:22 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe2013-05-26 21:58:21 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-05-26 21:43:25 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-05-26 21:41:43 -------- d-----w- C:\Program Files\NVIDIA Corporation2013-05-26 21:39:38 -------- d-----w- C:\Intel2013-05-26 21:07:59 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-05-26 21:06:39 509952 ----a-w- C:\Windows\System32\ntshrui.dll2013-05-26 21:06:39 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll2013-05-26 21:06:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-05-26 21:06:28 2048 ----a-w- C:\Windows\System32\tzres.dll2013-05-26 21:06:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll2013-05-26 21:06:09 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll2013-05-26 21:06:09 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll2013-05-26 21:06:09 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll2013-05-26 21:04:50 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-05-26 21:03:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2013-05-26 21:02:34 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2013-05-26 21:01:45 956928 ----a-w- C:\Windows\System32\localspl.dll2013-05-26 21:01:35 67072 ----a-w- C:\Windows\splwow64.exe2013-05-26 21:01:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe2013-05-26 21:01:33 77312 ----a-w- C:\Windows\System32\packager.dll2013-05-26 21:01:33 67072 ----a-w- C:\Windows\SysWow64\packager.dll2013-05-26 20:57:02 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2013-05-26 20:47:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll2013-05-26 20:47:12 99840 ----a-w- C:\Windows\System32\wudriver.dll2013-05-26 20:47:11 36864 ----a-w- C:\Windows\System32\wuapp.exe2013-05-26 20:47:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll2013-05-26 20:39:54 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services2013-05-26 20:39:49 -------- d-----w- C:\Windows\PCHEALTH2013-05-26 20:39:49 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-05-26 20:39:14 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Help2013-05-26 20:36:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-26 20:36:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-05-26 20:32:23 -------- d-----w- C:\Users\Tom\AppData\Roaming\Moonchild Productions2013-05-26 20:32:23 -------- d-----w- C:\Users\Tom\AppData\Local\Moonchild Productions2013-05-26 20:24:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-05-26 20:24:58 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-05-26 20:24:10 -------- d--h--w- C:\VTRoot2013-05-26 20:16:56 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-05-26 20:16:56 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-05-26 20:16:56 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-05-26 20:16:50 41664 ----a-w- C:\Windows\avastSS.scr2013-05-26 20:09:50 -------- d-----w- C:\ProgramData\Comodo Downloader2013-05-26 20:09:50 -------- d-----w- C:\ProgramData\Comodo2013-05-26 20:06:44 -------- d-----w- C:\Users\Tom\hProgram FilesCOMODOCOMODO Internet Security2013-05-26 19:57:10 -------- d-----w- C:\Users\Tom\AppData\Local\Google2013-05-26 19:56:54 -------- d-----w- C:\ProgramData\AVAST Software.==================== Find3M ====================.2013-05-27 12:14:33 466520 ----a-w- C:\Windows\System32\wrap_oal.dll2013-05-27 12:14:33 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll2013-05-27 12:14:33 123480 ----a-w- C:\Windows\System32\OpenAL32.dll2013-05-27 12:14:33 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll2013-05-12 21:42:27 925648 ----a-w- C:\Windows\SysWow64\nvumdshim.dll2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-23 14:04:10 437176 ----a-w- C:\Windows\System32\guard64.dll2013-04-23 14:04:10 348048 ----a-w- C:\Windows\SysWow64\guard32.dll2013-04-15 17:38:52 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-04-15 17:38:51 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-04-15 17:38:51 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-04-15 17:38:38 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-04-15 17:38:29 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-04-15 17:38:28 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-04-15 17:38:25 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll2013-04-15 17:38:24 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe.============= FINISH: 12:01:56.05 ===============Attach.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2013 ID:685371 Share Posted May 30, 2013 Hello Tom and welcome to MalwareBytes forums.I will be helping you. Please follow my guidance and do not run tools or fixes nor do changes on your own.Please confirm for me that you are the owner of this system.If it is owned by someone else, or if it belongs to a company or an organization, please Stop and tell me that.As a reminder, please just only Copy & Paste all log contents directly into main-body of reply box.Use 1 reply per each log as needed. IF you hit some log that is way too huge, then you may attach.Please do a backup of any documents/personal files that you cannot afford to lose.Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2To show all files: Press Windows-key +R key on your keyboard to get RUN option.Type in explorer.exe and press Enter to start Windows Explorer. From the menu options, Select Tools, then Folder Options. Next click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders and drives. Click Apply > OK. Step 3Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exePlease close any of your open windows/programs and exit; saving any open work you have.Go slow and careful. This is a Custom scan. Have infinite patience while it runs.Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall onFor a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsI'd like to have you do a special run of OTL to generate some searches & a new log-report. Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%ALLUSERSPROFILE%\Application Data\*.%ALLUSERSPROFILE%\Application Data\*.exe /s%ALLUSERSPROFILE%\Application Data\*.dll /s%APPDATA%\*.%APPDATA%\*.exe /s%SYSTEMDRIVE%\*.exec:|crossride;true;true;true; /FPc:|conduit;true;true;true; /FPc:|sweetpack;true;true;true; /FPc:|pricepeep;true;true;true; /FPc:|Fun4IM;true;true;true; /FPc:|Bandoo;true;true;true; /FPc:|Searchn;true;true;true; /FPc:|Searchq;true;true;true; /FPc:|datamngr;true;true;true; /FPc:|iLivid;true;true;true; /FPc:|whitesmoke;true;true;true; /FPc:|services.ex;true;true;true; /FP%USERPROFILE%\..|smtmp;true;true;true /FP %systemroot%\*. /mp /s*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste. Close any browser(s) windows that may be open.Using your mouse, click on Run Scan.The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please Attach the OTL log(s) . Link to post Share on other sites More sharing options...
twcinnh Posted May 30, 2013 Author ID:685375 Share Posted May 30, 2013 I have windows on a SSD drive, and documents on a separate Hard Drive. Is the risk to the C (windows) drive, or should I be backing up the regular HD?Thanks,Tom C Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2013 ID:685460 Share Posted May 30, 2013 Any risk (though not anticipated ) would be on the windows drive.Go forward and run the tools and Task I outlined. Link to post Share on other sites More sharing options...
twcinnh Posted May 31, 2013 Author ID:685646 Share Posted May 31, 2013 At Step 2 I open Windows exploere.exe and there is no tool option displayed. I'm searching for a solution but haven't found anything yet.Tom C Link to post Share on other sites More sharing options...
twcinnh Posted May 31, 2013 Author ID:685651 Share Posted May 31, 2013 Here are the OTL log files (OTL.txt and Extras.txt)Thanks,Tom CExtras.TxtOTL.Txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2013 ID:686278 Share Posted June 2, 2013 At Step 2 I open Windows exploere.exe and there is no tool option displayed. I'm searching for a solution but haven't found anything yet.Tom CLook again carefully at my instructions. I meant for you to use the Menu on Windows Explorer, and the sub-menus. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2013 ID:686284 Share Posted June 2, 2013 You will want to print out or copy these instructions to Notepad for offline reference!These steps are for member twcinnh only. If you are a casual viewer, do NOT try this on your system! If you are not twcinnh and have a similar problem, do NOT post here; start your own topicTemporarily disable your antivirus program and close any programs that you started.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDownload the attached file TwcOTL.txt and SAVE to your DESKTOP Start NOTEPADStart NOTEPAD. Check and make sure "word wrap" is off. From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.IF it -is- checkmarked, click that one time so that it is un-checked. Open the TwcOTL.txt that you savedCopy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator). Right click in the window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on the red-lettered button .Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.TwcOTL.txt Link to post Share on other sites More sharing options...
twcinnh Posted June 2, 2013 Author ID:686308 Share Posted June 2, 2013 I owe you an apology. I hadn't realized how malwarebytes procedures worked and had opened a discussion with another staff member not through this forum. I took a little bit to get started but I have been working on the problem the past day and half and the system seems to be well healed.Thank you for your time and effort.Regards,Tom C Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2013 ID:686419 Share Posted June 2, 2013 I appreciate your letting me know. It is always the practice to only be seeking help in one and only one venue.Since you are getting help elsewhere, I will close this now.I wish you well. Link to post Share on other sites More sharing options...
Recommended Posts