Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help please


  • This topic is locked This topic is locked
6 replies to this topic

#1 BrySwy

BrySwy

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 13 October 2014 - 04:05 PM

I recently download malewarebytes, super antispyware, adware removal tool and switched my antivirus protection from microsoft security essentials to avira. I've had issues with this computer for a while now and have only been putting little band aids on the problems instead of actually fixing them. I'm not too sure what but something is eating up my CPU usage up to 80 to 100%. On the processes tab of task manager internet explorer seems to be running multiple times, I use chrome and thought I had disabled IE. I've been running scans with all 4 programs and malwarebytes pulls up bad cookies all the time i recently adjusted my cookie settings in chrome hoping that will stop that issue. Avira is going crazy popping up a security alert that reads... Type: Detection  Access to file 'C:\users\hayley\appdata\roaming\...\AcorIEHelper.dll' containing the virus or unwanted program 'TR/Trash.Gen' was blocked.... Then it says i can remove it or get more info. I've tried to remove it the program does a scan then say it was removed but the same alert keeps popping up on me. I kind of figured the programs that i downloaded was supposed to help get rid of all these types of problems not sure if its the computer is really screwed or if im just screwing something up some where down the line of doing these things please if you got any ideas for me let me know id really appreciate any info

 

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 13 October 2014 - 04:18 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 13 October 2014 - 04:46 PM

.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader 9.5.5
Adobe Shockwave Player 12.1
Ask Toolbar
Avira
Avira Free Antivirus
BearShare
Browser Address Error Redirector
Conexant D850 PCI V.92 Modem
D3DX10
Dell AIO 810
Dell PC Fax
Digital Line Detect
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Junk Mail filter update
kikin plugin 2.11
LeapFrog Connect
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
NVIDIANetworkDiagnostic
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player
Weather Exchange
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WiseConvert Toolbar
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16575
Run by Hayley at 17:38:25 on 2014-10-13
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\dlcgcoms.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyOverride = <-loopback>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Ovhics] regsvr32.exe
uRun: [YZRPack] c:\windows\system32\regsvr32.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9293B492-D60F-4FA0-84C9-4ACC2965E569} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? cbouncsq;cbouncsq
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FlyUsb;FLY Fusion
R? Free Download Manager Controller;Free Download Manager Controller
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? mwluhhvr;mwluhhvr
R? ngyeijnu;ngyeijnu
R? otujrtpi;otujrtpi
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? AERTFilters;Andrea RT Filters Service
S? amacpi;Microsoft Away Mode System
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Real-Time Protection
S? avgntflt;avgntflt
S? Avira.OE.ServiceHost;Avira Service Host
S? avkmgr;avkmgr
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? iWinTrusted;iWinTrusted
S? MpFilter;Microsoft Malware Protection Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-10-11 22:42:21 -------- dc----w- C:\inetpub
2014-10-11 08:32:17 -------- d-----w- c:\users\hayley\appdata\roaming\Avira
2014-10-11 07:42:31 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-11 07:42:27 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-11 07:25:22 -------- d-----w- c:\program files\Avira
2014-10-11 07:25:18 -------- d-----w- c:\programdata\Avira
2014-10-11 07:24:22 -------- d-----w- c:\programdata\Package Cache
2014-10-11 07:19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-10-11 07:14:16 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-11 07:13:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-11 07:13:40 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-11 07:13:40 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-11 07:13:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-11 05:22:44 8806800 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26f8809e-104c-46fa-8e3a-05e295c2bf24}\mpengine.dll
2014-10-11 02:07:57 269480 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp8323.exe
2014-10-11 01:03:31 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-10-11 01:03:29 -------- d-----w- c:\program files\common files\Microsoft
2014-10-11 01:03:29 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-10-10 18:42:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-10-10 18:01:41 -------- d-----w- c:\users\hayley\appdata\roaming\Systweak
2014-10-09 03:37:18 -------- d-----w- c:\users\hayley\appdata\local\Temp
2014-10-09 01:58:53 244632 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp7FAB.exe
2014-10-09 01:37:14 73728 ----a-w- c:\windows\system32\tasks.dll
2014-10-06 18:54:13 -------- d-----w- c:\program files\Bench
2014-10-05 02:08:37 -------- d-----w- c:\program files\VideoLAN
2014-10-05 02:00:09 -------- d-----w- c:\users\hayley\appdata\local\Ovhics
2014-10-05 01:58:25 -------- d-----w- c:\users\hayley\appdata\local\YzkfPack
2014-10-05 01:24:47 1821184 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-05 00:03:37 19384 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-05 00:00:54 -------- d-----w- c:\users\hayley\appdata\local\globalUpdate
2014-10-05 00:00:54 -------- d-----w- c:\program files\globalUpdate
2014-10-01 09:39:44 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da5be9a0-13d1-4fb2-b076-8b2436970ddb}\gapaengine.dll
2014-09-24 05:33:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-07 22:49:06 17712 ----a-w- c:\windows\system32\roboot.exe
2014-09-26 05:09:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-26 05:09:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26:28 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 22:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:41:14.73 ===============
 

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#4 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 13 October 2014 - 07:11 PM

not sure if i did that right really so heres a second go at it........

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16575
Run by Hayley at 17:38:25 on 2014-10-13
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\dlcgcoms.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyOverride = <-loopback>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Ovhics] regsvr32.exe
uRun: [YZRPack] c:\windows\system32\regsvr32.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9293B492-D60F-4FA0-84C9-4ACC2965E569} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? cbouncsq;cbouncsq
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FlyUsb;FLY Fusion
R? Free Download Manager Controller;Free Download Manager Controller
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? mwluhhvr;mwluhhvr
R? ngyeijnu;ngyeijnu
R? otujrtpi;otujrtpi
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? AERTFilters;Andrea RT Filters Service
S? amacpi;Microsoft Away Mode System
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Real-Time Protection
S? avgntflt;avgntflt
S? Avira.OE.ServiceHost;Avira Service Host
S? avkmgr;avkmgr
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? iWinTrusted;iWinTrusted
S? MpFilter;Microsoft Malware Protection Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-10-11 22:42:21 -------- dc----w- C:\inetpub
2014-10-11 08:32:17 -------- d-----w- c:\users\hayley\appdata\roaming\Avira
2014-10-11 07:42:31 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-11 07:42:27 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-11 07:25:22 -------- d-----w- c:\program files\Avira
2014-10-11 07:25:18 -------- d-----w- c:\programdata\Avira
2014-10-11 07:24:22 -------- d-----w- c:\programdata\Package Cache
2014-10-11 07:19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-10-11 07:14:16 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-11 07:13:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-11 07:13:40 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-11 07:13:40 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-11 07:13:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-11 05:22:44 8806800 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26f8809e-104c-46fa-8e3a-05e295c2bf24}\mpengine.dll
2014-10-11 02:07:57 269480 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp8323.exe
2014-10-11 01:03:31 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-10-11 01:03:29 -------- d-----w- c:\program files\common files\Microsoft
2014-10-11 01:03:29 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-10-10 18:42:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-10-10 18:01:41 -------- d-----w- c:\users\hayley\appdata\roaming\Systweak
2014-10-09 03:37:18 -------- d-----w- c:\users\hayley\appdata\local\Temp
2014-10-09 01:58:53 244632 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp7FAB.exe
2014-10-09 01:37:14 73728 ----a-w- c:\windows\system32\tasks.dll
2014-10-06 18:54:13 -------- d-----w- c:\program files\Bench
2014-10-05 02:08:37 -------- d-----w- c:\program files\VideoLAN
2014-10-05 02:00:09 -------- d-----w- c:\users\hayley\appdata\local\Ovhics
2014-10-05 01:58:25 -------- d-----w- c:\users\hayley\appdata\local\YzkfPack
2014-10-05 01:24:47 1821184 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-05 00:03:37 19384 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-05 00:00:54 -------- d-----w- c:\users\hayley\appdata\local\globalUpdate
2014-10-05 00:00:54 -------- d-----w- c:\program files\globalUpdate
2014-10-01 09:39:44 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da5be9a0-13d1-4fb2-b076-8b2436970ddb}\gapaengine.dll
2014-09-24 05:33:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-07 22:49:06 17712 ----a-w- c:\windows\system32\roboot.exe
2014-09-26 05:09:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-26 05:09:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26:28 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 22:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:41:14.73 ===============
 

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#5 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 13 October 2014 - 07:11 PM

not sure if i did that right really so heres a second go at it........

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16575
Run by Hayley at 17:38:25 on 2014-10-13
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\dlcgcoms.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyOverride = <-loopback>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Ovhics] regsvr32.exe
uRun: [YZRPack] c:\windows\system32\regsvr32.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9293B492-D60F-4FA0-84C9-4ACC2965E569} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? cbouncsq;cbouncsq
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FlyUsb;FLY Fusion
R? Free Download Manager Controller;Free Download Manager Controller
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? mwluhhvr;mwluhhvr
R? ngyeijnu;ngyeijnu
R? otujrtpi;otujrtpi
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? AERTFilters;Andrea RT Filters Service
S? amacpi;Microsoft Away Mode System
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Real-Time Protection
S? avgntflt;avgntflt
S? Avira.OE.ServiceHost;Avira Service Host
S? avkmgr;avkmgr
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? iWinTrusted;iWinTrusted
S? MpFilter;Microsoft Malware Protection Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-10-11 22:42:21 -------- dc----w- C:\inetpub
2014-10-11 08:32:17 -------- d-----w- c:\users\hayley\appdata\roaming\Avira
2014-10-11 07:42:31 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-11 07:42:27 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-11 07:25:22 -------- d-----w- c:\program files\Avira
2014-10-11 07:25:18 -------- d-----w- c:\programdata\Avira
2014-10-11 07:24:22 -------- d-----w- c:\programdata\Package Cache
2014-10-11 07:19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-10-11 07:14:16 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-11 07:13:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-11 07:13:40 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-11 07:13:40 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-11 07:13:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-11 05:22:44 8806800 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26f8809e-104c-46fa-8e3a-05e295c2bf24}\mpengine.dll
2014-10-11 02:07:57 269480 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp8323.exe
2014-10-11 01:03:31 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-10-11 01:03:29 -------- d-----w- c:\program files\common files\Microsoft
2014-10-11 01:03:29 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-10-10 18:42:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-10-10 18:01:41 -------- d-----w- c:\users\hayley\appdata\roaming\Systweak
2014-10-09 03:37:18 -------- d-----w- c:\users\hayley\appdata\local\Temp
2014-10-09 01:58:53 244632 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp7FAB.exe
2014-10-09 01:37:14 73728 ----a-w- c:\windows\system32\tasks.dll
2014-10-06 18:54:13 -------- d-----w- c:\program files\Bench
2014-10-05 02:08:37 -------- d-----w- c:\program files\VideoLAN
2014-10-05 02:00:09 -------- d-----w- c:\users\hayley\appdata\local\Ovhics
2014-10-05 01:58:25 -------- d-----w- c:\users\hayley\appdata\local\YzkfPack
2014-10-05 01:24:47 1821184 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-05 00:03:37 19384 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-05 00:00:54 -------- d-----w- c:\users\hayley\appdata\local\globalUpdate
2014-10-05 00:00:54 -------- d-----w- c:\program files\globalUpdate
2014-10-01 09:39:44 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da5be9a0-13d1-4fb2-b076-8b2436970ddb}\gapaengine.dll
2014-09-24 05:33:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-07 22:49:06 17712 ----a-w- c:\windows\system32\roboot.exe
2014-09-26 05:09:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-26 05:09:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26:28 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 22:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:41:14.73 ===============
 

Attached Files


"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#6 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 15 October 2014 - 01:23 PM

pretty sure i finally figured the issue out for myself im not sure how to get this topic to be closed tho 


"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 15 October 2014 - 05:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users