DougCox Posted October 22, 2013 ID:744747 Share Posted October 22, 2013 (edited) Immediate Email Notification to THANKS! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720Run by ephoebus at 19:48:08 on 2013-10-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.2565 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\svchost.exe -k apphostC:\Windows\system32\taskeng.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exeC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exeC:\Program Files (x86)\Application Updater\ApplicationUpdater.exeC:\Windows\system32\CISVC.EXEC:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\System32\tcpsvcs.exeC:\Windows\System32\snmp.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k iissvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exeC:\Users\ephoebus\AppData\Local\WebPlayer\AppsHat\WebPlayer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\ephoebus\AppData\Local\WebPlayer\FLV Player\WebPlayer.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exeC:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\System32\WUDFHost.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============. uProxyOverride = <local>uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dllmWinlogon: Userinit = userinit.exe,BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dllTB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartuRun: [AppsHat] C:\Users\ephoebus\AppData\Local\WebPlayer\AppsHat\WebPlayer.exeuRun: [Apps Hat] C:\Users\ephoebus\AppData\Local\WebPlayer\AppsHat\WebPlayer.exeuRun: [FLV Player] C:\Users\ephoebus\AppData\Local\WebPlayer\FLV Player\WebPlayer.exeuRun: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaffmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htmIE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{B691B94E-B8DC-48A6-B414-B63221F93350} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{B691B94E-B8DC-48A6-B414-B63221F93350}\14355535 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{B691B94E-B8DC-48A6-B414-B63221F93350}\35072796E64784F6473707F64707243473 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{B691B94E-B8DC-48A6-B414-B63221F93350}\35072796E64784F6473707F64724343535 : DHCPNameServer = 192.168.1.1SSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\ephoebus\AppData\Roaming\Mozilla\Firefox\Profiles\91mk640c.default-1381961567613\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - ExtSQL: 2013-09-15 19:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF - ExtSQL: 2013-09-22 22:41; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FFFF - ExtSQL: !HIDDEN! 2013-09-15 19:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-25 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-25 204880]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-7 16152]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-5 17720]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-25 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-25 378944]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-9-15 574272]R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-9-2 807800]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-25 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-25 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-22 46808]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-2 335168]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-10-2 23048]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-7 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-7 787736]R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-10-2 34336]R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2013-8-21 292968]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-15 883928]R3 swvspser;NETGEAR VSP using Ethernet;C:\Windows\System32\drivers\swvspser.sys [2009-8-13 34304]R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-10-2 23016]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-9-15 2298704]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-26 19456]S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]S3 swHSnet00;NETGEAR WMI USB-NDIS HS miniport device;C:\Windows\System32\drivers\swHSnet00.sys [2013-4-30 377616]S3 swHSser00;NETGEAR QMI USB Device for HS Legacy Serial Port Communication;C:\Windows\System32\drivers\swHSser00.sys [2012-12-17 269512]S3 swiwdmbx;NETGEAR USB Bus Service;C:\Windows\System32\drivers\swiwdmbx.sys [2012-12-4 114424]S3 swiwdmbxhs;NETGEAR HS USB Bus Service;C:\Windows\System32\drivers\swiwdmbxhs.sys [2012-12-4 114424]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-26 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-26 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-21 1255736].=============== File Associations ===============.FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -o "%1" [userChoice].=============== Created Last 30 ================.2013-10-21 21:55:26 -------- d-----w- C:\Users\ephoebus\AppData\Roaming\Malwarebytes2013-10-21 21:54:20 -------- d-----w- C:\ProgramData\Malwarebytes2013-10-21 21:54:19 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-10-21 21:54:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-16 21:33:59 -------- d-----w- C:\Users\ephoebus\AppData\Local\Conduit2013-10-16 21:33:59 -------- d-----w- C:\ProgramData\Conduit2013-10-16 21:33:42 -------- d-----w- C:\Users\ephoebus\AppData\Local\CRE2013-10-16 21:33:41 -------- d-----w- C:\Program Files (x86)\Conduit2013-10-16 21:32:02 -------- d-----w- C:\Windows\SysWow64\jmdp2013-10-16 21:32:02 -------- d-----w- C:\Windows\System32\ljkb2013-10-16 21:31:51 -------- d-----w- C:\Windows\SysWow64\ARFC2013-10-16 21:31:49 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll2013-10-16 21:31:49 1761584 ----a-w- C:\Windows\System32\dmwu.exe2013-10-16 21:31:47 -------- d-----w- C:\Windows\SysWow64\WNLT2013-10-15 13:04:20 883928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2013-10-15 13:04:20 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll2013-10-12 07:52:29 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D24038EE-1EFC-4EB3-8543-C5BC4FB808A8}\mpengine.dll2013-10-09 03:45:22 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-10-07 23:23:04 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe2013-10-05 12:49:43 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys2013-10-03 16:05:23 -------- d-----w- C:\Program Files (x86)\xHamster Video Downloader2013-10-02 18:31:06 -------- d-----w- C:\Users\ephoebus\AppData\Local\Bundled software uninstaller2013-10-02 18:30:48 -------- d-----w- C:\Users\ephoebus\AppData\Local\Wajam2013-10-02 18:30:41 -------- d-----w- C:\Users\ephoebus\AppData\Local\AppsHat Mobile Apps2013-10-02 18:30:38 -------- d-----w- C:\Users\ephoebus\AppData\Local\WebPlayer2013-10-02 18:30:22 -------- d-----w- C:\Program Files (x86)\Minibar2013-10-02 17:34:44 -------- d-----w- C:\history.==================== Find3M ====================.2013-10-15 13:04:20 108760 ----a-w- C:\Windows\System32\RTNUninst64.dll2013-10-09 03:45:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 03:45:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-09-16 20:06:04 20312 ----a-w- C:\Windows\System32\roboot64.exe2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-09-02 23:09:16 96208 ----a-w- C:\Windows\System32\WSMonEditor.dll2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-25 19:07:55 16896 ----a-w- C:\Windows\AsTaskSched.dll2013-08-25 18:53:05 220776 ----a-w- C:\Windows\System32\SFSS_APO.dll2013-08-25 18:41:21 4096000 ----a-w- C:\Program Files (x86)\GUT57A7.tmp2013-08-17 17:00:22 268435456 --sha-w- C:\swapfile.sys2013-08-15 21:31:14 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL.============= FINISH: 19:48:28.14 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 8/17/2013 12:47:56 AMSystem Uptime: 10/21/2013 7:16:25 PM (0 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | K55AProcessor: Intel® Core i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 186 GiB total, 122.656 GiB free.D: is FIXED (NTFS) - 259 GiB total, 104.893 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 6500 E709nDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet 6500 E709nPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Officejet 6500 E709nDevice ID: ROOT\IMAGE\0000Manufacturer: HPName: Officejet 6500 E709nPNP Device ID: ROOT\IMAGE\0000Service: StillCam.==== System Restore Points ===================.RP56: 10/6/2013 7:00:18 PM - Windows BackupRP57: 10/9/2013 3:00:12 AM - Windows UpdateRP58: 10/11/2013 3:00:12 AM - Windows UpdateRP59: 10/13/2013 7:00:16 PM - Windows BackupRP60: 10/14/2013 11:13:31 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161RP61: 10/14/2013 11:15:12 AM - Installed OpenOffice 4.0.1RP62: 10/15/2013 9:03:36 AM - Driver Booster : Realtek PCIe GBE Family ControllerRP63: 10/15/2013 3:19:22 PM - Installed OpenOffice 4.0.1RP64: 10/15/2013 3:20:58 PM - Installed OpenOffice 4.0.1RP65: 10/21/2013 4:59:23 PM - Windows Backup.==== Installed Programs ======================.64 Bit HP CIO Components Installer6500_E709_eDocs6500_E709_Help6500_E709n7-Zip 9.20AccelerateTabAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Advanced SystemCare 6Asmedia ASM104x USB 3.0 Host Controller DriverASUS RT-N16 Wireless Router UtilitiesASUS Wireless Router RT-N16 Manualsavast! Free Antivirusbpd_scanBPDSoftwareBPDSoftware_IniBufferChmBundled software uninstallerDestinationsDeviceDiscoveryDocMgrDocProcDriver BoosterFast Duplicate File Finder 3.7.0.1FaxFLV PlayerGoogle ChromeGoogle EarthGoogle Update HelperGPBaseService2HP Customer Participation Program 14.0HP Document Manager 2.0HP Imaging Device Functions 14.0HP Officejet 6500 E709 SeriesHP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPDiagnosticAlertHPProductAssistantHPSSupplyIntel PROSet WirelessIntel® Processor GraphicsIntel® USB 3.0 eXtensible Host Controller DriverIntel® PROSet/Wireless WiFi SoftwareIObit Apps Toolbar v7.6IObit Malware FighterMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 4 Client ProfileMicrosoft SilverlightMicrosoft Streets & Trips 2007Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 24.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NETGEAR Zing Mobile Hotspot Driver PackageNetwork64OCR Software by I.R.I.S. 14.0OpenOffice 4.0.1ProductContextQualcomm Atheros WiFi Driver InstallationQuickShareRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderRealUpgrade 1.1ScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Shop for HP SuppliesSmart Defrag 2SmartWebPrintingSolutionCenterStatusToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)WebRegWindows Live ID Sign-in AssistantWondershare PDF Editor(Build 3.2.1)xHamster Video Downloader 3.27.==== Event Viewer Messages From Past Week ========.10/21/2013 7:18:37 PM, Error: Service Control Manager [7034] - The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).10/21/2013 7:17:17 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.10/21/2013 5:27:50 PM, Error: Service Control Manager [7000] - The WajamUpdater service failed to start due to the following error: The system cannot find the file specified.10/17/2013 11:51:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.10/17/2013 11:50:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.10/17/2013 11:50:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.10/17/2013 11:49:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.10/17/2013 11:49:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.10/17/2013 11:48:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.10/15/2013 9:06:36 AM, Error: Service Control Manager [7034] - The WajamUpdater service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Edited October 22, 2013 by AdvancedSetup Removed email address to prevent harvesting by bots Link to post Share on other sites More sharing options...
MrCharlie Posted October 22, 2013 ID:744750 Share Posted October 22, 2013 Why do you have all these installed and running???Dangers of running 2 anti-virus programs AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please follow these instructions:Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
DougCox Posted October 22, 2013 Author ID:744919 Share Posted October 22, 2013 I did everything you said to do, and Malwarebytes says "No malicious items detected"! Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted October 22, 2013 ID:744948 Share Posted October 22, 2013 OK...... Take a look at My Preventive Maintenance to avoid being infected again. (also HERE) Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 23, 2013 Root Admin ID:745477 Share Posted October 23, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts