Spotty Internet

Charles W · June 17, 2013

Dear MBAM,

I've recently had spotty internet, including when I watch Youtube videos, when I game, and when I'm just on the web. I ran MBAM a couple days ago, and it found one item and told me I needed to restart the computer immediately. I did, and ran MBAM again, and this time it found nothing suspicious. However, my internet's still a bit problematic. Here are the DDS and Attach files.

Thanks,

Charles

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2

Run by Charles at 2:47:23 on 2013-06-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3013 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe

C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Charles\AppData\Roaming\WebCake\WebCakeDesktop.exe

C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Charles\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405}

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405}

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll

TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

uRun: [Google Update] "C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [WebCake Desktop] "C:\Users\Charles\AppData\Roaming\WebCake\WebCakeDesktop.exe"

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Charles\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

TCP: NameServer = 208.59.247.45 208.59.247.46

TCP: Interfaces\{732EB76E-6DDB-409D-8271-99B1731DBCD1} : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113} : DHCPNameServer = 208.59.247.45 208.59.247.46

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\14C62616E697D4564675966496 : DHCPNameServer = 66.109.38.250 66.109.38.251

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\245502822756175796275637026505E492 : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\3416C64756368602245616675627E45647 : DHCPNameServer = 131.215.254.100 131.215.139.100 131.215.9.49

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\3416C647563686027457563747 : DHCPNameServer = 131.215.254.100 131.215.139.100 131.215.9.49

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\353686164656E6662756574656 : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254

TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\5573848323 : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405}&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-06-13 23:10; plugin@getwebcake.com; C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\extensions\plugin@getwebcake.com

FF - ExtSQL: 2013-06-13 23:11; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: 2013-06-13 23:11; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; C:\Program Files\Updater By SweetPacks\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.webcake.installId - b643189d-d730-46e0-844e-f73cb7bd7e92

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSviA64.sys [2013-6-14 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-11 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-11 2375168]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-11 2538520]

R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-6-13 188760]

R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-6-13 23552]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-21 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-3 539240]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-11-11 1145960]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-11 338536]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-06-14 21:20:48 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys

2013-06-14 21:20:48 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys

2013-06-14 21:20:48 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys

2013-06-14 21:20:48 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys

2013-06-14 21:20:48 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys

2013-06-14 21:20:47 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys

2013-06-14 21:20:47 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys

2013-06-14 21:20:47 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys

2013-06-14 21:20:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028

2013-06-14 03:11:41 -------- d-----w- C:\Program Files\Updater By SweetPacks

2013-06-14 03:11:06 -------- d-----w- C:\Program Files (x86)\Jpg2Pdf

2013-06-14 03:10:52 -------- d-----w- C:\Program Files (x86)\SweetIM

2013-06-14 03:10:24 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll

2013-06-14 03:10:24 1447728 ----a-w- C:\Windows\System32\dmwu.exe

2013-06-14 03:10:24 -------- d-----w- C:\Windows\SysWow64\WNLT

2013-06-14 03:10:24 -------- d-----w- C:\Windows\SysWow64\jmdp

2013-06-14 03:10:24 -------- d-----w- C:\Windows\SysWow64\ARFC

2013-06-14 03:10:08 -------- d-----w- C:\Users\Charles\AppData\Roaming\WebCake

2013-06-14 03:10:08 -------- d-----w- C:\Program Files (x86)\WebCake

2013-06-14 03:10:00 -------- d-----w- C:\ProgramData\Tarma Installer

2013-06-11 18:24:58 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-22 04:09:34 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

.

==================== Find3M ====================

.

2013-06-11 20:17:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 20:17:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 07:03:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 21:09:38 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-04-04 21:09:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll

.

============= FINISH: 2:47:51.15 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/17/2011 1:11:08 PM

System Uptime: 6/16/2013 11:28:49 AM (15 hours ago)

.

Motherboard: Hewlett-Packard | | 1693

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 680 GiB total, 605.562 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.586 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP200: 6/7/2013 11:38:59 AM - Removed Hacknet

RP201: 6/12/2013 3:00:22 AM - Windows Update

RP202: 6/15/2013 3:00:14 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) MUI

Adobe Shockwave Player 11.6

Agatha Christie - Peril at End House

Aleks 3.18

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 3

Blackhawk Striker 2

Blasterball 3

Blio

Bonjour

Bounce Symphony

Cake Mania

Canon MP490 series MP Drivers

Chronicles of Albian

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Cradle of Rome 2

CyberLink YouCam

D3DX10

Dropbox

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Farm Frenzy

FATE

File Type Assistant

FirstClass Client

Google Chrome Canary

Google Talk Plugin

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.2.1.1

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Internet Explorer Toolbar 4.8 by SweetPacks

iTunes

Java 7 Update 21

Java Auto Updater

Jewel Quest: The Sleepless Star - Collector's Edition

Jpg2Pdf version 1.2

Junk Mail filter update

Mah Jong Medley

Malwarebytes Anti-Malware version 1.75.0.1300

MapleStory

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Mitosis and Meiosis demystified

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Nexon Game Manager

Norton Internet Security

Pando Media Booster

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Project64 1.7

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Skype™ 6.3

Slingo Supreme

SweetPacks Updater Service

swMSM

Synaptics TouchPad Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Updater By SweetPacks 2.0.0.586

Vacation Quest - The Hawaiian Islands

Virtual Villagers 5 - New Believers

WebCake 3.00

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Zuma Deluxe

.

==== End Of File ===========================

Psychotic · June 17, 2013

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Uninstall the following programs:

SweetPacks Updater Service

swMSM

WebCake 3.00

Internet Explorer Toolbar 4.8 by SweetPacks

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
[*]Leave everything else as it is.
[*]Close all other running programs as well as your Browser.
[*]Click the Scan button & wait for it to finish.
[*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
[*]Save it where you can easily find it, such as your desktop.
[*]Please post the content of the ark.txt here.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Charles W · June 17, 2013

Hi Marius,

I've been able to uninstall "SweetPacks Updater Service" and "WebCake 3.00". However, I could not find "swMSM" on my list of programs. I see it listed among the programs in my earlier post, but it didn't show up on the "Uninstall a Program" page. I also noticed that "Slingo Supreme" doesn't show up on the "Uninstall a Program" page either, even though it's also listed in my earlier post. And I also tried to uninstall "Internet Explorer Toolbar 4.8 by SweetPacks", but it gave me the message: "Please wait until the current program is finished uninstalling or being changed". I actually tried to uninstall this one second and found that I couldn't. I then uninstalled "WebCake 3.00" and then tried to uninstall the Toolbar 4.8 again, but got the same message.

Charles

Psychotic · June 17, 2013

Then we remove it the hard way:

Scan with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

When finished, run gmer as instructed within my last repy and post its log as well.

Charles W · June 17, 2013

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 03:21:36

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Charles - CHARLES-HP

# Boot Mode : Normal

# Running from : C:\Users\Charles\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Updater By SweetPacks

File Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Deleted : C:\Program Files (x86)\SweetIM

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843

Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843

Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook

Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405} --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\prefs.js

C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\user.js ... Deleted !

Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={EFB888[...]

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

*************************

AdwCleaner[s1].txt - [324 octets] - [17/06/2013 03:21:06]

AdwCleaner[s2].txt - [6327 octets] - [17/06/2013 03:21:36]

########## EOF - C:\AdwCleaner[s2].txt - [6387 octets] ##########

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-06-17 03:35:54

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB

Running: e9rioqk6.exe; Driver: C:\Users\Charles\AppData\Local\Temp\pwtirkob.sys

---- Threads - GMER 2.1 ----

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:3356] 0000000077b73e45

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:3364] 0000000077b73e45

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:5076] 0000000075f17587

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:5072] 000000006e470cb3

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:2284] 0000000077b72e25

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:3916] 0000000077b73e45

---- EOF - GMER 2.1 ----

Psychotic · June 17, 2013

Run DDS by double clicking on it.

When finished, DDS will create two logfiles:
1. DDS.txt
2. Attach.txt
[*]save both files to your desktop. [*]Post the content of DDS.txt here into your thread. [*] Attach Attach.txt

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

The logs can be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Zip any and all of these logs and attach the file to your next reply.

Charles W · June 17, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2

Run by Charles at 3:48:01 on 2013-06-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3987 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll