Browser redirect and hijacking/ cannot scan or remove folders

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Browser redirect and hijacking/ cannot scan or remove folders Not sure how to go about getting rid of this

#1 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 19 January 2012 - 03:03 PM

Hi, a program that I uninstalled two and a half years ago keeps creeping back into "Uninstall Programs". So, if I install a new program and end up not liking it and wanting to uninstall it, I'll go to "control panel, uninstall programs", and it will be there.. it's always there. Even after reformatting several times and using a program to wipe everything off of my HD. Also when I try to uninstall certain windows programs, I get an unknown publisher wants to access your computer. Ahh and lastly, Firefox keeps redirecting me to strange websites. Some times the become hijacked, "Leave page - Stay on page" video playing in the background, and I have to end process on the browser. Also norton AV and MBAM keep finding tracking cookies daily. Any and all help would be greatly appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by CoolStory at 14:31:37 on 2012-01-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4025 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{7147E6F5-DD4B-48C7-8EB0-3D54C2A9CE6F} : NameServer = 65.32.5.111,65.32.5.112
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CoolStory\AppData\Roaming\Mozilla\Firefox\Profiles\lwb00xq6.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120118.003\IDSviA64.sys [2012-1-18 488568]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-14 652872]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2012-1-8 117648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-10 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-8 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-1-10 665616]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-1-9 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-19 21:30:44 388096 ----a-r- C:\Users\CoolStory\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-19 21:30:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-19 20:37:27 -------- d-----w- C:\Users\CoolStory\AppData\Local\Symantec
2012-01-18 20:27:34 -------- d-----w- C:\Program Files\CCleaner
2012-01-18 20:21:23 -------- d-----w- C:\Windows\pss
2012-01-17 07:55:04 -------- d-----w- C:\Users\CoolStory\Misc. Recipes
2012-01-15 09:58:25 -------- d-----w- C:\Users\CoolStory\AppData\Local\Google
2012-01-15 06:41:00 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\Malwarebytes
2012-01-15 06:38:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-15 06:38:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-15 06:38:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-12 07:42:11 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\NVIDIA
2012-01-12 07:42:10 -------- d-----w- C:\Users\CoolStory\AppData\Local\ActionSoft
2012-01-12 07:29:39 -------- d-----w- C:\Program Files (x86)\Midnight Mansion HD
2012-01-11 07:52:55 -------- d-----w- C:\Program Files (x86)\ZD Soft
2012-01-10 15:47:18 665616 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-01-10 13:11:59 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-01-10 13:11:32 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-01-10 13:11:32 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-01-10 13:11:32 137536 ----a-w- C:\Windows\System32\nvshext.dll
2012-01-10 13:11:31 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2012-01-10 13:11:31 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-01-10 13:04:31 15693120 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-01-10 13:04:30 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
2012-01-10 13:00:02 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-01-10 12:59:40 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-01-10 12:57:51 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-01-10 12:57:51 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-01-10 12:48:48 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-01-10 12:48:21 -------- d-----w- C:\NVIDIA
2012-01-10 07:23:02 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-01-10 07:22:58 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-01-10 06:41:54 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-01-10 06:41:54 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-01-10 06:41:51 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-01-10 06:41:51 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-01-10 06:41:51 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-01-10 06:41:51 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-01-10 05:51:44 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-01-10 05:49:43 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\VistaCodecs
2012-01-10 05:49:42 -------- d-----w- C:\Program Files (x86)\VistaCodecPack
2012-01-10 05:48:37 -------- d-----w- C:\ProgramData\VistaCodecs
2012-01-10 05:24:22 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-10 05:23:35 -------- d-----w- C:\Users\CoolStory\AppData\Local\PunkBuster
2012-01-10 05:05:30 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-10 05:05:26 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-10 02:51:59 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-01-10 02:51:51 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-01-10 02:51:51 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-01-10 02:51:51 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-10 02:51:51 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-10 02:51:51 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-10 02:51:34 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-10 02:51:34 316928 ----a-w- C:\Windows\System32\msshsq.dll
2012-01-10 02:51:34 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2012-01-10 02:50:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-10 02:50:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-10 02:50:09 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2012-01-10 02:50:09 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2012-01-10 02:50:09 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-01-10 02:50:09 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2012-01-10 02:50:09 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2012-01-10 02:50:09 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2012-01-10 02:50:09 332288 ----a-w- C:\Windows\System32\oleacc.dll
2012-01-10 02:50:09 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-01-10 02:49:16 559616 ----a-w- C:\Windows\System32\EncDec.dll
2012-01-10 02:49:16 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-01-10 02:48:23 2764800 ----a-w- C:\Windows\System32\win32k.sys
2012-01-10 02:48:09 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-10 02:48:07 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-01-10 02:48:07 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-01-10 02:48:07 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2012-01-10 02:48:05 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-01-10 02:48:05 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-01-10 02:47:40 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2012-01-10 02:47:40 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-01-10 02:47:40 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2012-01-10 02:47:40 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-01-10 02:47:40 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-01-10 02:47:39 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-01-10 02:47:39 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-01-10 02:47:39 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-01-10 02:30:45 -------- d-----w- C:\Windows\SysWow64\spool
2012-01-10 02:13:36 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-01-10 02:10:19 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2012-01-10 01:57:59 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-01-10 01:57:59 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-01-10 01:57:59 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-01-10 01:57:59 -------- d-----w- C:\Windows\System32\eu-ES
2012-01-10 01:57:59 -------- d-----w- C:\Windows\System32\ca-ES
2012-01-10 01:57:55 -------- d-----w- C:\Windows\System32\vi-VN
2012-01-10 01:26:51 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2012-01-10 01:26:19 56320 ----a-w- C:\Windows\System32\compcln.exe
2012-01-10 01:26:15 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2012-01-10 01:24:59 856064 ----a-w- C:\Windows\SysWow64\mswdat10.dll
2012-01-10 01:23:59 446464 ----a-w- C:\Windows\System32\audiosrv.dll
2012-01-10 01:22:59 405504 ----a-w- C:\Windows\System32\winlogon.exe
2012-01-10 01:19:11 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-10 00:28:53 2048 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-01-10 00:28:53 2048 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-01-10 00:28:43 537088 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2012-01-10 00:28:43 358904 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2012-01-10 00:28:43 355832 ----a-w- C:\Program Files (x86)\Internet Explorer\pdm.dll
2012-01-10 00:28:43 265720 ----a-w- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
2012-01-09 12:54:30 -------- d-----w- C:\ProgramData\Symantec
2012-01-09 11:14:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 11:01:55 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-01-09 11:01:55 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-01-09 11:01:55 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-01-09 11:01:55 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-01-09 11:01:55 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-01-09 11:01:55 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-01-09 11:01:55 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-01-09 11:01:55 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-01-09 11:01:55 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-01-09 11:01:55 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-01-09 08:22:27 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-09 08:12:24 -------- d-----w- C:\Users\CoolStory\AppData\Local\Adobe
2012-01-09 07:58:21 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-09 07:58:21 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-09 07:58:18 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2012-01-09 07:57:58 -------- d-----w- C:\Users\CoolStory\AppData\Local\temp
2012-01-09 07:57:19 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-01-09 07:57:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2012-01-09 07:57:19 17920 ----a-w- C:\Windows\System32\netevent.dll
2012-01-09 07:57:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2012-01-09 07:57:18 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-01-09 07:52:26 31280 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-01-09 07:52:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-09 07:40:56 98816 ----a-w- C:\Windows\sed.exe
2012-01-09 07:40:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-09 07:40:56 256000 ----a-w- C:\Windows\PEV.exe
2012-01-09 07:40:56 208896 ----a-w- C:\Windows\MBR.exe
2012-01-09 06:57:01 279160 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symtdi.sys
2012-01-09 06:57:00 56952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys
2012-01-09 06:57:00 44152 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndis.sys
2012-01-09 06:57:00 43640 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symids.sys
2012-01-09 06:57:00 402992 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys
2012-01-09 06:57:00 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\srtspx64.sys
2012-01-09 06:57:00 120952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symfw.sys
2012-01-09 06:56:59 476720 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\srtsp64.sys
2012-01-09 06:56:57 334384 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys
2012-01-09 06:56:43 561800 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys
2012-01-09 06:56:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1008030.006
2012-01-09 02:48:22 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2012-01-09 02:48:22 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2012-01-09 02:48:21 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2012-01-09 02:48:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2012-01-09 01:47:35 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-09 01:26:29 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-01-09 01:26:29 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-01-09 01:26:27 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2012-01-09 01:26:26 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-01-09 01:26:26 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-01-08 15:39:14 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2012-01-08 15:38:59 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2012-01-08 15:37:43 600576 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2012-01-08 15:36:59 9728 ----a-w- C:\Windows\SysWow64\TCPSVCS.EXE
2012-01-08 15:35:59 72192 ----a-w- C:\Windows\System32\l3codeca.acm
2012-01-08 15:34:28 656896 ----a-w- C:\Windows\System32\kerberos.dll
2012-01-08 15:33:59 991104 ----a-w- C:\Windows\System32\winresume.efi
2012-01-08 15:33:59 979840 ----a-w- C:\Windows\System32\winresume.exe
2012-01-08 15:33:59 1076608 ----a-w- C:\Windows\System32\winload.efi
2012-01-08 15:33:59 1063296 ----a-w- C:\Windows\System32\winload.exe
2012-01-08 15:33:58 20864 ----a-w- C:\Windows\System32\kdusb.dll
2012-01-08 15:33:58 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-01-08 15:33:57 18816 ----a-w- C:\Windows\System32\kd1394.dll
2012-01-08 15:33:54 16361984 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.dll
2012-01-08 15:33:52 336896 ----a-w- C:\Program Files\Movie Maker\WMM2AE.dll
2012-01-08 15:33:52 26624 ----a-w- C:\Program Files\Movie Maker\WMM2EXT.dll
2012-01-08 15:33:52 150528 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.exe
2012-01-08 15:24:01 3765288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-08 15:23:55 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0212565-CE2E-4852-9DA6-72D22132F894}\mpengine.dll
2012-01-08 15:23:52 270720 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-08 08:17:57 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-01-08 08:17:08 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\uTorrent
2012-01-08 06:40:39 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2012-01-08 06:40:39 655872 ----a-w- C:\Windows\System32\taskschd.dll
2012-01-08 06:40:38 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-01-08 06:40:38 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2012-01-08 06:40:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2012-01-08 06:40:38 267776 ----a-w- C:\Windows\System32\taskeng.exe
2012-01-08 06:40:37 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2012-01-08 06:40:37 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2012-01-08 05:41:51 28504 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2012-01-08 05:41:51 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2012-01-08 05:41:51 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\IObit
2012-01-08 05:41:09 -------- d-----w- C:\ProgramData\IObit
2012-01-08 05:41:09 -------- d-----w- C:\Program Files (x86)\IObit
2012-01-08 04:58:47 -------- d-----w- C:\ProgramData\Nexon
2012-01-08 03:22:10 -------- d-----w- C:\Nexon
2012-01-08 03:22:09 -------- d-----w- C:\ProgramData\NexonUS
2012-01-08 02:45:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-08 02:41:21 1376094904 ----a-w- C:\Program Files\CombatArmsSetupV67.exe
2012-01-08 02:37:36 -------- d-----w- C:\Users\CoolStory\AppData\Local\PMB Files
2012-01-08 02:37:35 -------- d-----w- C:\ProgramData\PMB Files
2012-01-08 02:37:25 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-01-08 02:30:45 -------- d-----w- C:\Users\CoolStory\AppData\Local\Apple Computer
2012-01-08 02:30:33 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-08 02:30:33 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-01-08 02:30:33 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-08 02:30:16 -------- d-----w- C:\Program Files\iPod
2012-01-08 02:30:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-08 02:30:15 -------- d-----w- C:\Program Files\iTunes
2012-01-08 02:30:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-08 02:29:32 -------- d-----w- C:\Users\CoolStory\AppData\Local\Apple
2012-01-08 02:28:24 -------- d-----w- C:\Program Files\Bonjour
2012-01-08 02:28:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-08 02:06:09 -------- d-----w- C:\Program Files\Unlocker
2012-01-08 01:31:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-08 01:06:26 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-08 01:06:26 -------- d-----w- C:\Program Files\Symantec
2012-01-08 01:06:26 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-01-08 01:05:39 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\PictureMover
2012-01-08 01:05:32 -------- d-----w- C:\Users\CoolStory\AppData\Local\Hewlett-Packard
2012-01-08 01:05:15 -------- d-----w- C:\Users\CoolStory\AppData\Local\VirtualStore
2012-01-08 01:02:00 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-01-08 01:02:00 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-01-08 01:02:00 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-01-08 01:02:00 104960 ----a-w- C:\Windows\System32\cabview.dll
2012-01-08 00:59:34 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\HP TCS
2012-01-08 00:56:03 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2012-01-08 00:55:56 98816 ----a-w- C:\Windows\System32\wudriver.dll
2012-01-08 00:55:56 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-01-08 00:55:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-01-08 00:55:46 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-01-08 00:55:46 185416 ----a-w- C:\Windows\System32\wuwebv.dll
2012-01-08 00:55:46 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-01-08 00:54:57 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2012-01-10 02:13:36 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2012-01-10 02:10:18 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2011-11-28 20:25:46 763904 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-10-25 16:13:33 1570816 ----a-w- C:\Windows\System32\quartz.dll
2011-10-25 16:13:31 352256 ----a-w- C:\Windows\System32\qdvd.dll
2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 14:32:09.31 ===============

Bump!

EDIT: Please be patient. There are over 110 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~Budapest

This post has been edited by Budapest: 22 January 2012 - 05:30 PM

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 25 January 2012 - 03:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/438956 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 25 January 2012 - 05:06 PM

Ok well here is the DDS scan log you requested. My computer is very slow, It has a lot of lag. All programs run incredibly slow and at certain times my FF browser becomes hijacked. Also when I'm in the control panel, trying to uninstall a program, the admin window will come up and ask, a unknown program wants to access your computer which cannot be normal. This thing keeps messing with my update settings and even downloads on it's own after windows update has been disabled. I also installed microsoft visual c++ about 2 and a half years ago and I still cannot get rid of it, along with debugger. They keep showing up in widows update and I've tracked it to this location C:\Windows\servicing Trusted Installer and a bunch of other crap in the folder mainly dll files and application files. Please help! This is driving me INSANE IN THE MEMBRANE!!!

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by CoolStory at 16:44:14 on 2012-01-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.3758 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{7147E6F5-DD4B-48C7-8EB0-3D54C2A9CE6F} : NameServer = 65.32.5.111,65.32.5.112
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CoolStory\AppData\Roaming\Mozilla\Firefox\Profiles\lwb00xq6.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120124.005\IDSviA64.sys [2011-12-15 488568]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-15 652872]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2012-1-9 117648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-10 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-8 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-1-10 665616]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-1-9 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-25 00:32:31 -------- d-----w- C:\Program Files (x86)\PeerBlock
2012-01-23 18:38:51 39192 ----a-w- C:\Windows\SysWow64\Partizan.exe
2012-01-23 18:38:51 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2012-01-23 18:37:34 2 --shatr- C:\Windows\winstart.bat
2012-01-23 18:37:29 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2012-01-23 18:37:24 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-01-19 21:30:44 388096 ----a-r- C:\Users\CoolStory\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-19 21:30:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-19 20:37:27 -------- d-----w- C:\Users\CoolStory\AppData\Local\Symantec
2012-01-18 20:27:34 -------- d-----w- C:\Program Files\CCleaner
2012-01-18 20:21:23 -------- d-----w- C:\Windows\pss
2012-01-17 07:55:04 -------- d-----w- C:\Users\CoolStory\Misc. Recipes
2012-01-15 09:58:25 -------- d-----w- C:\Users\CoolStory\AppData\Local\Google
2012-01-15 06:41:00 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\Malwarebytes
2012-01-15 06:38:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-15 06:38:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-15 06:38:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-12 07:42:11 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\NVIDIA
2012-01-12 07:42:10 -------- d-----w- C:\Users\CoolStory\AppData\Local\ActionSoft
2012-01-12 07:29:39 -------- d-----w- C:\Program Files (x86)\Midnight Mansion HD
2012-01-11 07:52:55 -------- d-----w- C:\Program Files (x86)\ZD Soft
2012-01-10 15:47:18 665616 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-01-10 13:11:59 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-01-10 13:11:32 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-01-10 13:11:32 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-01-10 13:11:32 137536 ----a-w- C:\Windows\System32\nvshext.dll
2012-01-10 13:11:31 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2012-01-10 13:11:31 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-01-10 13:04:31 15693120 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-01-10 13:04:30 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
2012-01-10 13:00:02 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-01-10 12:59:40 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-01-10 12:57:51 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-01-10 12:57:51 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-01-10 12:48:48 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-01-10 12:48:21 -------- d-----w- C:\NVIDIA
2012-01-10 07:23:02 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-01-10 07:22:58 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-01-10 06:41:54 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-01-10 06:41:54 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-01-10 06:41:51 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-01-10 06:41:51 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-01-10 06:41:51 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-01-10 06:41:51 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-01-10 05:51:44 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-01-10 05:49:43 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\VistaCodecs
2012-01-10 05:49:42 -------- d-----w- C:\Program Files (x86)\VistaCodecPack
2012-01-10 05:48:37 -------- d-----w- C:\ProgramData\VistaCodecs
2012-01-10 05:24:22 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-10 05:23:35 -------- d-----w- C:\Users\CoolStory\AppData\Local\PunkBuster
2012-01-10 05:05:30 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-10 05:05:26 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-10 02:51:59 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-01-10 02:51:51 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-01-10 02:51:51 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-01-10 02:51:51 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-10 02:51:51 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-10 02:51:51 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-10 02:51:34 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-10 02:51:34 316928 ----a-w- C:\Windows\System32\msshsq.dll
2012-01-10 02:51:34 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2012-01-10 02:50:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-10 02:50:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-10 02:50:09 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2012-01-10 02:50:09 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2012-01-10 02:50:09 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-01-10 02:50:09 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2012-01-10 02:50:09 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2012-01-10 02:50:09 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2012-01-10 02:50:09 332288 ----a-w- C:\Windows\System32\oleacc.dll
2012-01-10 02:50:09 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-01-10 02:49:16 559616 ----a-w- C:\Windows\System32\EncDec.dll
2012-01-10 02:49:16 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-01-10 02:48:23 2764800 ----a-w- C:\Windows\System32\win32k.sys
2012-01-10 02:48:09 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-10 02:48:07 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-01-10 02:48:07 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-01-10 02:48:07 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2012-01-10 02:48:05 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-01-10 02:48:05 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-01-10 02:47:40 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2012-01-10 02:47:40 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-01-10 02:47:40 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2012-01-10 02:47:40 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-01-10 02:47:40 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-01-10 02:47:39 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-01-10 02:47:39 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-01-10 02:47:39 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-01-10 02:30:45 -------- d-----w- C:\Windows\SysWow64\spool
2012-01-10 02:13:36 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-01-10 02:10:19 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2012-01-10 01:57:59 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-01-10 01:57:59 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-01-10 01:57:59 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-01-10 01:57:59 -------- d-----w- C:\Windows\System32\eu-ES
2012-01-10 01:57:59 -------- d-----w- C:\Windows\System32\ca-ES
2012-01-10 01:57:55 -------- d-----w- C:\Windows\System32\vi-VN
2012-01-10 01:26:51 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2012-01-10 01:26:19 56320 ----a-w- C:\Windows\System32\compcln.exe
2012-01-10 01:26:15 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2012-01-10 01:24:59 856064 ----a-w- C:\Windows\SysWow64\mswdat10.dll
2012-01-10 01:23:59 446464 ----a-w- C:\Windows\System32\audiosrv.dll
2012-01-10 01:22:59 405504 ----a-w- C:\Windows\System32\winlogon.exe
2012-01-10 01:19:11 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-10 00:28:53 2048 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-01-10 00:28:53 2048 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-01-10 00:28:43 537088 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2012-01-10 00:28:43 358904 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2012-01-10 00:28:43 355832 ----a-w- C:\Program Files (x86)\Internet Explorer\pdm.dll
2012-01-10 00:28:43 265720 ----a-w- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
2012-01-09 12:54:30 -------- d-----w- C:\ProgramData\Symantec
2012-01-09 11:14:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 11:01:55 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-01-09 11:01:55 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-01-09 11:01:55 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-01-09 11:01:55 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-01-09 11:01:55 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-01-09 11:01:55 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-01-09 11:01:55 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-01-09 11:01:55 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-01-09 11:01:55 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-01-09 11:01:55 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-01-09 08:22:27 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-09 08:12:24 -------- d-----w- C:\Users\CoolStory\AppData\Local\Adobe
2012-01-09 07:58:21 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-09 07:58:21 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-09 07:58:18 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2012-01-09 07:57:58 -------- d-----w- C:\Users\CoolStory\AppData\Local\temp
2012-01-09 07:57:19 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-01-09 07:57:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2012-01-09 07:57:19 17920 ----a-w- C:\Windows\System32\netevent.dll
2012-01-09 07:57:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2012-01-09 07:57:18 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-01-09 07:52:26 31280 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-01-09 07:52:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-09 07:40:56 98816 ----a-w- C:\Windows\sed.exe
2012-01-09 07:40:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-09 07:40:56 256000 ----a-w- C:\Windows\PEV.exe
2012-01-09 07:40:56 208896 ----a-w- C:\Windows\MBR.exe
2012-01-09 06:57:01 279160 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symtdi.sys
2012-01-09 06:57:00 56952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys
2012-01-09 06:57:00 44152 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndis.sys
2012-01-09 06:57:00 43640 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symids.sys
2012-01-09 06:57:00 402992 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys
2012-01-09 06:57:00 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\srtspx64.sys
2012-01-09 06:57:00 120952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symfw.sys
2012-01-09 06:56:59 476720 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\srtsp64.sys
2012-01-09 06:56:57 334384 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys
2012-01-09 06:56:43 561800 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys
2012-01-09 06:56:42 -------- d-----w- C:\Windows\System32\drivers\NISx64\1008030.006
2012-01-09 02:48:22 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2012-01-09 02:48:22 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2012-01-09 02:48:21 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2012-01-09 02:48:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2012-01-09 01:47:35 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-09 01:26:29 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-01-09 01:26:29 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-01-09 01:26:27 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2012-01-09 01:26:26 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-01-09 01:26:26 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-01-08 15:39:14 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2012-01-08 15:38:59 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2012-01-08 15:37:43 600576 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2012-01-08 15:36:59 9728 ----a-w- C:\Windows\SysWow64\TCPSVCS.EXE
2012-01-08 15:35:59 72192 ----a-w- C:\Windows\System32\l3codeca.acm
2012-01-08 15:34:28 656896 ----a-w- C:\Windows\System32\kerberos.dll
2012-01-08 15:33:59 991104 ----a-w- C:\Windows\System32\winresume.efi
2012-01-08 15:33:59 979840 ----a-w- C:\Windows\System32\winresume.exe
2012-01-08 15:33:59 1076608 ----a-w- C:\Windows\System32\winload.efi
2012-01-08 15:33:59 1063296 ----a-w- C:\Windows\System32\winload.exe
2012-01-08 15:33:58 20864 ----a-w- C:\Windows\System32\kdusb.dll
2012-01-08 15:33:58 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-01-08 15:33:57 18816 ----a-w- C:\Windows\System32\kd1394.dll
2012-01-08 15:33:54 16361984 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.dll
2012-01-08 15:33:52 336896 ----a-w- C:\Program Files\Movie Maker\WMM2AE.dll
2012-01-08 15:33:52 26624 ----a-w- C:\Program Files\Movie Maker\WMM2EXT.dll
2012-01-08 15:33:52 150528 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.exe
2012-01-08 15:24:01 3765288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-08 15:23:55 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0212565-CE2E-4852-9DA6-72D22132F894}\mpengine.dll
2012-01-08 15:23:52 270720 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-08 08:17:57 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-01-08 08:17:08 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\uTorrent
2012-01-08 06:40:39 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2012-01-08 06:40:39 655872 ----a-w- C:\Windows\System32\taskschd.dll
2012-01-08 06:40:38 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-01-08 06:40:38 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2012-01-08 06:40:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2012-01-08 06:40:38 267776 ----a-w- C:\Windows\System32\taskeng.exe
2012-01-08 06:40:37 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2012-01-08 06:40:37 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2012-01-08 05:41:51 28504 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2012-01-08 05:41:51 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2012-01-08 05:41:51 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\IObit
2012-01-08 05:41:09 -------- d-----w- C:\ProgramData\IObit
2012-01-08 05:41:09 -------- d-----w- C:\Program Files (x86)\IObit
2012-01-08 04:58:47 -------- d-----w- C:\ProgramData\Nexon
2012-01-08 03:22:10 -------- d-----w- C:\Nexon
2012-01-08 03:22:09 -------- d-----w- C:\ProgramData\NexonUS
2012-01-08 02:45:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-08 02:41:21 1376094904 ----a-w- C:\Program Files\CombatArmsSetupV67.exe
2012-01-08 02:37:36 -------- d-----w- C:\Users\CoolStory\AppData\Local\PMB Files
2012-01-08 02:37:35 -------- d-----w- C:\ProgramData\PMB Files
2012-01-08 02:37:25 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-01-08 02:30:45 -------- d-----w- C:\Users\CoolStory\AppData\Local\Apple Computer
2012-01-08 02:30:33 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-08 02:30:33 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-01-08 02:30:33 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-08 02:30:16 -------- d-----w- C:\Program Files\iPod
2012-01-08 02:30:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-08 02:30:15 -------- d-----w- C:\Program Files\iTunes
2012-01-08 02:30:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-08 02:29:32 -------- d-----w- C:\Users\CoolStory\AppData\Local\Apple
2012-01-08 02:28:24 -------- d-----w- C:\Program Files\Bonjour
2012-01-08 02:28:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-08 02:06:09 -------- d-----w- C:\Program Files\Unlocker
2012-01-08 01:31:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-08 01:06:26 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-08 01:06:26 -------- d-----w- C:\Program Files\Symantec
2012-01-08 01:06:26 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-01-08 01:05:39 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\PictureMover
2012-01-08 01:05:32 -------- d-----w- C:\Users\CoolStory\AppData\Local\Hewlett-Packard
2012-01-08 01:05:15 -------- d-----w- C:\Users\CoolStory\AppData\Local\VirtualStore
2012-01-08 01:02:00 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-01-08 01:02:00 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-01-08 01:02:00 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-01-08 01:02:00 104960 ----a-w- C:\Windows\System32\cabview.dll
2012-01-08 00:59:34 -------- d-----w- C:\Users\CoolStory\AppData\Roaming\HP TCS
2012-01-08 00:56:03 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2012-01-08 00:55:56 98816 ----a-w- C:\Windows\System32\wudriver.dll
2012-01-08 00:55:56 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-01-08 00:55:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-01-08 00:55:46 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-01-08 00:55:46 185416 ----a-w- C:\Windows\System32\wuwebv.dll
2012-01-08 00:55:46 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-01-08 00:54:57 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2012-01-10 02:13:36 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2012-01-10 02:10:18 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2011-11-28 20:25:46 763904 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 16:45:22.56 ===============

Attached File(s)

Attach.txt (17.94K)
Number of downloads: 0

#4 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,133
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 25 January 2012 - 08:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you tell me the name of the program which keeps returning?

Next please run Combofix

Please download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Comfix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#5 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 25 January 2012 - 10:12 PM

Hello m0le, thanks for the reply. To answer your question about the programs that keep coming back, their names are Debugger and Microsoft Visual Studio 2008. It appears there's an installer that keeps downloading it. It's located in C:\windows\servicing "trusted installer". I have yet to destroy it... Here is the combofix log as requested in attachments.

Attached File(s)

ComboFix.txt.zip (70.43K)
Number of downloads: 2

#6 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,133
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 26 January 2012 - 02:42 PM

Quote

Also when I'm in the control panel, trying to uninstall a program, the admin window will come up and ask, a unknown program wants to access your computer which cannot be normal.

This is normal. This is your UAC.

Quote

Debugger and Microsoft Visual Studio 2008

These are legitimate programs and are probably being recreated by the system. They aren't connected to this problem.

Combofix was clean so really the occasional redirects are the only thing out of the ordinary. When the browser redirects, where does it usually go?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 26 January 2012 - 03:29 PM

Hello m0le. When I'm in the control panel, I highlight "program" then click uninstall. I'm asked if I'm sure I want to uninstall, I click yes. Then UAC appears stating an unidentified program or unidentified publisher want's to access my computer. All I want to do is get rid of it for good, and Debug. Every time I uninstall it it comes back. Hmm what could be doing this? I've included 3 SS. When I'm redirected in a tab in my browser it's usually to some kind of site marketing something... It will keep asking me to leave page or stay but then ends up freezing when I try to exit the tab. Hope this helps some.

Attached File(s)

Untitled.jpg (143.85K)
Number of downloads: 2
Untitled1.jpg (95.68K)
Number of downloads: 2
Untitled2.jpg (82.67K)
Number of downloads: 2

This post has been edited by CoolStory: 26 January 2012 - 03:32 PM

#8 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,133
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 26 January 2012 - 08:53 PM

Why do you want to get rid of these programs?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 26 January 2012 - 10:40 PM

Because I have no more use for them. I've tried reformatting but it still won't go away...

#10 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,133
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 27 January 2012 - 05:14 PM

They are part of the Windows structure and should be left where they are. If you try and remove them they will always return.

Apart from that we need to look for adware so please run MBAM and SAS

Please download

Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then SAS

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#11 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 28 January 2012 - 04:53 PM

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
CoolStory :: COOLSTORY-PC [administrator]

Protection: Enabled

1/27/2012 10:20:15 PM
mbam-log-2012-01-27 (22-20-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410057
Time elapsed: 1 hour(s), 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached File(s)

SUPERAntiSpyware Scan Log - 01-28-2012 - 00-32-56.log (10.88K)
Number of downloads: 2

#12 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,133
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 29 January 2012 - 08:10 PM

Can you now run the ESET online scan

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#13 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 31 January 2012 - 02:00 PM

Eset didn't find anything. Also microsoft visual c++ is still in the control panel/ uninstall and Debug is in it's same spot in the C:windows folder. I'm at a loss.. also I'm having this problem here.. usually there are 2 svchost.exes' running, one is 200,000k the other 150,000k but I ended the process on the one.

Attached File(s)

Untitled.jpg (77.89K)
Number of downloads: 1

#14 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,133
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 31 January 2012 - 08:47 PM

Quote

Also microsoft visual c++ is still in the control panel/ uninstall and Debug is in it's same spot in the C:windows folder.

They will be, we've covered this already they are Windows programs and don't need to be moved.

Quote

usually there are 2 svchost.exes' running, one is 200,000k the other 150,000k but I ended the process on the one

svchost could be running numerous times and all quite legitimately. We can run something which can show the processes

Please download and when the instance occurs again run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

Copy and paste the log into your next reply

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#15 CoolStory

New Member

Group: Members
Posts: 11
Joined: 19-January 12

Posted 03 February 2012 - 11:51 AM

Hey m0le, microsoft visual c++ and debug are used to build games and applications, these programs did not come with my computer when I purchased it. So if you can.. please explain why they would still be located on my HD after I removed them over 2 years ago? I'm about to run process explorer right now.