I have seen a Malware called Searce.Conduit.com please help

swat842 · July 11, 2013

I just did this today an I need help in this type of field I'm trying to get the Toshiba Laptop to go fast I know I need more ram for the memory so please don't say I need more ram

Psychotic · July 11, 2013

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

swat842 · July 12, 2013

Here is the report

Advanced SystemCare Diagnose Report v1.0

Date: 2013/07/11 00:06:35

----------------------------------

01 - Operating System

----------------------------------

0101 - Operating System : Windows 7 Professional 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.130318-1533)

0102 - Language : English (Regional Setting: English)

0103 - BIOS : BIOS Version 1.80

0104 - Processor : Intel® Pentium® Dual CPU T2330 @ 1.60GHz (2 CPUs), ~1.6GHz

0105 - Memory : 1024MB RAM

0106 - Available OS Memory : 1014MB RAM

0107 - Page File : 1336MB used, 894MB available

0108 - Windows Dir : C:\Windows

0109 - DirectX Version : DirectX 11

0110 - DX Setup Parameters : Not found

0111 - User DPI Setting : Using System DPI

0112 - System DPI Setting : 96 DPI (100 percent)

0113 - DWM DPI Scaling : Disabled

0114 - DxDiag Version : 6.01.7601.17514

----------------------------------

02 - Processor

----------------------------------

0201 - Caption : Intel® Pentium® Dual CPU T2330 @ 1.60GHz x2 ~1600MHz

0202 - Current Clock Speed : 1600MHz

0203 - L1 Cache : 64.00 KB

0204 - L2 Cache : 1.00 MB

----------------------------------

03 - Video Adapter

----------------------------------

0301 - Card Name : Mobile Intel® 965 Express Chipset Family

0302 - Manufacturer : Intel Corporation

0303 - Chip Type : Mobile Intel® 965 Express Chipset Family

0304 - DAC Type : Internal

0305 - Device Key : Enum\PCI\VEN_8086&DEV_2A02&SUBSYS_FF101179&REV_03

0306 - Display Memory : 251 MB

0307 - AdapterRAM : 256.00 MB

0308 - Current Mode : 1280 x 800 (32 bit) (60Hz)

0309 - Monitor Name : Generic PnP Monitor

0310 - Driver Name : igdumd64.dll,igd10umd64.dll,igdumdx32,igd10umd32

0311 - Driver Version : 8.14.0010.1930

0312 - Driver Language : English

0313 - DDI Version : 10

0314 - Driver Model : WDDM 1.1

0315 - Driver Beta : False

0316 - Driver Debug : False

0317 - Driver Date : 9/23/2009 19:22:58

0318 - Driver Size : 5472256

0319 - VDD : n/a

0320 - Mini VDD : n/a

0321 - Mini VDD Date : n/a

0322 - Mini VDD Size : 0

0323 - Device Identifier : {D7B78E66-6942-11CF-4375-1ADFA2C2C535}

0324 - Vendor ID : 0x8086

0325 - Device ID : 0x2A02

0326 - SubSys ID : 0xFF101179

0327 - Revision ID : 0x0003

0328 - Driver Strong Name : oem2.inf:Intel.Mfg.NTamd64:i965GM0:8.15.10.1930:pci\ven_8086&dev_2a02

0329 - Rank Of Driver : 00EC2001

0330 - Video Accel : ModeMPEG2_A ModeMPEG2_C ModeWMV9_B ModeVC1_B

0331 - Deinterlace Caps : {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

0332 - D3D9 Overlay : Not Supported

0333 - DXVA-HD : Not Supported

0334 - DDraw Status : Enabled

0335 - D3D Status : Enabled

0336 - AGP Status : Enabled

0337 - Notes : No problems found.

0338 - OpenGL : 6.1.7600.16385 (win7_rtm.090713-1255)

----------------------------------

04 - Memory

----------------------------------

0401 - Total Memory : 1014.40 MB

0402 - Free Memory : 192.43 MB

0403 - Total Pagefile : 2.18 GB

0404 - Free Pagefile : 882.07 MB

0405 - Bank Label : Bank 0

0406 - Speed : 667 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 512.00 MB

0405 - Bank Label : Bank 1

0406 - Speed : 667 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 512.00 MB

----------------------------------

05 - Network

----------------------------------

0501 - Description : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

0502 - Driver Date : 3-31-2010

0503 - Driver Version : 62.1182.331.2010

----------------------------------

06 - Motherboard

----------------------------------

0601 - Model : SANTA ROSA CRB

0602 - Manufacturer : Intel Corporation

----------------------------------

07 - Sound Device

----------------------------------

0701 - Description : Speakers (High Definition Audio Device)

0702 - Default Sound Playback : True

0703 - Default Voice Playback : True

0704 - Hardware ID : HDAUDIO\FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF14&REV_1000

0705 - Manufacturer ID : 1

0706 - Product ID : 65535

0707 - Type : WDM

0708 - Driver Name : HdAudio.sys

0709 - Driver Version : 6.01.7601.17514

0710 - Driver attributes : Final Retail

0711 - Date and Size : 11/20/2010 20:23:47

0713 - Driver Provider : Microsoft

0714 - Min/Max Sample Rate : 4316782, 4316782

0715 - Static/Strm HW Mix Bufs : 4316782, 4316782

0716 - Static/Strm HW 3D Bufs : 4316782, 4316782

0717 - HW Memory : 4316790

0718 - Voice Management : False

0719 - EAX 2.0 Listen/Src : False, False

0720 - I3DL2 Listen/Src : False, False

0721 - Notes : No problems found.

----------------------------------

08 - Hard Disk

----------------------------------

0801 - Model : FUJITSU MHY2120BH ATA Device

0802 - Media Type : Fixed hard disk media

0803 - Size : 111.79 GB

0805 - Driver Date : 6-21-2006

0806 - Driver Version : 6.1.7600.16385

0807 - Caption : C:\

0808 - Capacity : 111.69 GB

0809 - Free Space : 78.57 GB

0810 - Drive Type : 3-Fixed

0811 - File System : NTFS

----------------------------------

09 - Process

----------------------------------

0901 - 0000 Idle 0 0 0

0901 - 0004 System 0 0 0

0901 - 0134 smss.exe 0 0 0 normal

0901 - 01ac csrss.exe 0 0 0 normal

0901 - 01dc csrss.exe 1 174 81 normal

0901 - 01e4 wininit.exe 0 0 0 high

0901 - 021c winlogon.exe 1 6 0 high

0901 - 0244 services.exe 0 0 0 normal

0901 - 024c lsass.exe 0 0 0 normal

0901 - 0254 lsm.exe 0 0 0 normal

0901 - 02b4 svchost.exe 0 0 0 normal

0901 - 02ec ASCService.exe 0 0 0 high C:\Program Files (x86)\IObit\Advanced SystemCare 6

0901 - 0330 svchost.exe 0 0 0 normal

0901 - 038c svchost.exe 0 0 0 normal

0901 - 03b8 svchost.exe 0 0 0 normal

0901 - 03d0 svchost.exe 0 0 0 normal

0901 - 03e8 svchost.exe 0 0 0 normal

0901 - 01b4 svchost.exe 0 0 0 normal

0901 - 040c svchost.exe 0 0 0 normal

0901 - 04a4 AvastSvc.exe 0 0 0 normal C:\Program Files\AVAST Software\Avast

0901 - 0580 spoolsv.exe 0 0 0 normal

0901 - 05b4 svchost.exe 0 0 0 normal

0901 - 05cc IMFsrv.exe 0 0 0 normal C:\Program Files (x86)\IObit\IObit Malware Fighter

0901 - 065c svchost.exe 0 0 0 normal

0901 - 0690 rndlresolversvc.exe 0 0 0 normal C:\Program Files (x86)\RealNetworks\RealDownloader

0901 - 06dc svchost.exe 0 0 0 normal

0901 - 0714 TeamViewer_Service.exe 0 0 0 normal C:\Program Files (x86)\TeamViewer\Version8

0901 - 0a2c taskhost.exe 1 26 20 normal

0901 - 0a70 explorer.exe 1 383 244 normal

0901 - 0b00 rundll32.exe 1 15 6 normal

0901 - 0b90 dwm.exe 1 17 2 high

0901 - 08b8 ASCTray.exe 1 89 37 normal C:\Program Files (x86)\IObit\Advanced SystemCare 6

0901 - 074c Suo10_SmartRAM.exe 1 206 39 normal C:\Program Files (x86)\IObit\Advanced SystemCare 6

0901 - 0a7c AvastUI.exe 1 147 43 normal C:\Program Files\AVAST Software\Avast

0901 - 016c SearchIndexer.exe 0 0 0 normal

0901 - 095c realsched.exe 1 9 11 normal C:\Program Files (x86)\Real\RealPlayer\Update

0901 - 0c40 jusched.exe 1 9 2 normal C:\Program Files (x86)\Common Files\Java\Java Update

0901 - 0c64 wmpnetwk.exe 0 0 0 normal

0901 - 0e18 svchost.exe 0 0 0 normal

0901 - 0e2c IMF.exe 1 167 93 normal C:\Program Files (x86)\IObit\IObit Malware Fighter

0901 - 0f0c svchost.exe 0 0 0 normal

0901 - 0ed0 SynTPEnh.exe 1 64 33 above normal

0901 - 0610 igfxpers.exe 1 9 4 normal

0901 - 0d84 hkcmd.exe 1 9 16 normal

0901 - 0b58 igfxsrvc.exe 1 9 2 normal

0901 - 0e34 igfxtray.exe 1 11 5 normal

0901 - 0d38 SynTPHelper.exe 1 9 3 above normal

0901 - 0ab8 wuauclt.exe 1 12 5 normal

0901 - 05dc Asc.exe 1 2898 200 normal C:\Program Files (x86)\IObit\Advanced SystemCare 6

0901 - 087c taskhost.exe 1 9 4 normal

0901 - 1448 mscorsvw.exe 0 0 0 normal

0901 - 1030 mscorsvw.exe 0 0 0 normal C:\Windows\Microsoft.NET\Framework\v4.0.30319

0901 - 17ec TrustedInstaller.exe 0 0 0 normal

0901 - 1bcc Sus10_SysExplorer.exe 1 102 47 normal C:\Program Files (x86)\IObit\Advanced SystemCare 6

0901 - 1c6c WmiPrvSE.exe 0 0 0 normal

0901 - 1e70 audiodg.exe 0 0 0

----------------------------------

10 - Service

----------------------------------

1001 - Advanced SystemCare Service 6 - [C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe]

1001 - Application Experience - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Application Information - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Windows Audio Endpoint Builder - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Audio - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - avast! Antivirus - ["C:\Program Files\AVAST Software\Avast\AvastSvc.exe"]

1001 - Base Filtering Engine - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Background Intelligent Transfer Service - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Computer Browser - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Microsoft .NET Framework NGEN v4.0.30319_X86 - [C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]

1001 - Microsoft .NET Framework NGEN v4.0.30319_X64 - [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe]

1001 - Cryptographic Services - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - DHCP Client - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - DNS Client - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - Extensible Authentication Protocol - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Windows Event Log - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - COM+ Event System - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Function Discovery Provider Host - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Function Discovery Resource Publication - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Font Cache Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - HomeGroup Listener - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - HomeGroup Provider - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - IMF Service - [C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe]

1001 - CNG Key Isolation - [C:\Windows\system32\lsass.exe]

1001 - Server - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Workstation - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - TCP/IP NetBIOS Helper - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Windows Firewall - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Network Connections - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Network List Service - [C:\Windows\System32\svchost.exe -k LocalService]

1001 - Network Location Awareness - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Network Store Interface Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Peer Networking Identity Manager - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Peer Networking Grouping - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Program Compatibility Assistant Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Plug and Play - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - Peer Name Resolution Protocol - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Power - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - User Profile Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - RealNetworks Downloader Resolver Service - ["C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"]

1001 - Security Accounts Manager - [C:\Windows\system32\lsass.exe]

1001 - System Event Notification Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Shell Hardware Detection - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Print Spooler - [C:\Windows\System32\spoolsv.exe]

1001 - SSDP Discovery - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Image Acquisition (WIA) - [C:\Windows\system32\svchost.exe -k imgsvc]

1001 - Superfetch - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - TeamViewer 8 - ["C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"]

1001 - Themes - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Distributed Link Tracking Client - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Desktop Window Manager Session Manager - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Defender - [C:\Windows\System32\svchost.exe -k secsvcs]

1001 - Windows Management Instrumentation - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - WLAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Media Player Network Sharing Service - ["C:\Program Files\Windows Media Player\wmpnetwk.exe"]

1001 - Security Center - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Windows Search - [C:\Windows\system32\SearchIndexer.exe /Embedding]

1001 - Windows Update - [C:\Windows\system32\svchost.exe -k netsvcs]

----------------------------------

11 - Windows Express

----------------------------------

1101 - System Score : 3

1102 - Memory Score : 4.5

1103 - CPU Score : 4.5

1104 - Graphics Score : 3.1

1105 - Gaming Score : 3

1106 - Disk Score : 5

----------------------------------

12 - Event Log

----------------------------------

1201 - Time : 7/11/2013 1:12:50 PM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

1201 - Time : 7/11/2013 1:12:07 PM

1202 - Source : ESENT

1203 - Description : taskhost (2604) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Anthony\AppData\Local\Microsoft\Windows\WebCache\V0100019.log.

1201 - Time : 7/11/2013 6:00:18 AM

1202 - Source : SideBySide

1203 - Description : Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

1201 - Time : 7/11/2013 2:15:22 AM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

1201 - Time : 7/9/2013 4:59:42 AM

1202 - Source : SideBySide

1203 - Description : Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

1201 - Time : 7/9/2013 3:04:05 AM

1202 - Source : SideBySide

1203 - Description : Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

1201 - Time : 7/9/2013 1:38:42 AM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

1201 - Time : 7/11/2013 1:17:29 PM

1202 - Source : Service Control Manager

1203 - Description : The Windows Update service hung on starting.

1201 - Time : 7/11/2013 1:12:29 PM

1202 - Source : Service Control Manager

1203 - Description : A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

1201 - Time : 7/11/2013 1:11:59 PM

1202 - Source : Service Control Manager

1203 - Description : A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

1201 - Time : 7/11/2013 1:11:26 PM

1202 - Source : Service Control Manager

1203 - Description : A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

1201 - Time : 7/11/2013 1:08:45 PM

1202 - Source : EventLog

1203 - Description : The previous system shutdown at 6:35:01 PM on ‎7/‎10/‎2013 was unexpected.

1201 - Time : 7/11/2013 2:20:01 AM

1202 - Source : Service Control Manager

1203 - Description : A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

1201 - Time : 7/11/2013 2:18:58 AM

1202 - Source : Service Control Manager

1203 - Description : The Windows Defender service hung on starting.

1201 - Time : 7/9/2013 1:22:32 PM

1202 - Source : Service Control Manager

1203 - Description : The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1201 - Time : 7/9/2013 1:22:32 PM

1202 - Source : Service Control Manager

1203 - Description : A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

1201 - Time : 7/9/2013 6:37:55 AM

1202 - Source : yukonw7

1203 - Description : Driver status 1

----------------------------------

End of file - 27304 Bytes

swat842 · July 12, 2013

More Info below

swat842 · July 12, 2013

The Log

Psychotic · July 12, 2013

Scan with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

swat842 · July 12, 2013

I was going to do a Before an after but i kinda delete the Before so here is the After Report

# AdwCleaner v2.305 - Logfile created 07/12/2013 at 11:28:18

# Updated 11/07/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Anthony - ANTHONY-PC

# Boot Mode : Normal

# Running from : C:\Users\Anthony\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.71

File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R4].txt - [667 octets] - [12/07/2013 11:28:18]

########## EOF - C:\AdwCleaner[R4].txt - [726 octets] ##########

Psychotic · July 12, 2013

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

swat842 · July 12, 2013

How do i turn off Avast?

swat842 · July 12, 2013

How do i turn off Avast?

Never mind i found out how to turn it off

swat842 · July 12, 2013

Here is that Report

Psychotic · July 14, 2013

Looks good!

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

swat842 · July 14, 2013

C:\Users\Anthony\Downloads\7zip-setup.exe multiple threats

Psychotic · July 15, 2013

Delete this file.

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

Save it to your desktop, start it and follow the instructions in the window.
After the scan finished the (checkup.txt) will open. Copy its content to your thread.

swat842 · July 15, 2013

AdwCleaner

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 13:36:16

# Updated 11/07/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Anthony - ANTHONY-PC

# Boot Mode : Normal

# Running from : C:\Users\Anthony\Downloads\IT Stuff\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R4].txt - [794 octets] - [12/07/2013 11:28:18]

AdwCleaner[R5].txt - [862 octets] - [15/07/2013 13:34:31]

AdwCleaner[R6].txt - [794 octets] - [15/07/2013 13:36:16]

########## EOF - C:\AdwCleaner[R6].txt - [853 octets] ##########

SecurityCheck

Results of screen317's Security Check version 0.99.69

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 5.0

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 25

Google Chrome 28.0.1500.71

Google Chrome 28.0.1500.72

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

IObit IObit Malware Fighter IMFsrv.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Psychotic · July 16, 2013

Your system is all clean now!

Please uninstall IObit Malware Fighter - use Malwarebytes Antimalware instead.

Uninstall our tools using delfix

Please follow these steps in order:

In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
In any case please download delfix to your desktop.
- Close all other programms and start delfix.
- Please check all the boxes and run the tool.
- delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

How to protect yourself

System Updates
Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Windows XP | Windows Vista |
Windows 7 | windows 8
Protection
What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
Up to date Software
Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
- Secunia Online Software Inspector - Checks if your software has updates available.
- Filehippo Update Checkere - This tool also scans your computer for outdated software.
- Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
[*] Backups
There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

swat842 · July 16, 2013

Im sorry i don't know how to do the steps up there but the second part I do....

swat842 · July 16, 2013

Im sorry i don't know how to do the steps up there but the second part I do....

Never mind I found it.

swat842 · July 16, 2013

The Final TOSHIBA Advanced SystemCare Diagnose Report v1.0

Advanced SystemCare Diagnose Report v1.0

Date: 2013/07/16 17:56:28

----------------------------------

01 - Operating System

----------------------------------

0101 - Operating System : Windows 7 Professional 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.130318-1533)

0102 - Language : English (Regional Setting: English)

0103 - BIOS : BIOS Version 1.80

0104 - Processor : Intel® Pentium® Dual CPU T2330 @ 1.60GHz (2 CPUs), ~1.6GHz

0105 - Memory : 1024MB RAM

0106 - Available OS Memory : 1014MB RAM

0107 - Page File : 1896MB used, 708MB available