Hi
My systems CPU goes to 100% suddenly / randomly even though I would not be doing something( but browsers open).
After that it would be impossible to bring it down unless I do a hard reboot.
I think some malware is causing this. Please help.
Attach.zip and DDS log below.

DDS Log
-----------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Sanjana at 4:07:11 on 2012-04-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2142 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Iomega Storage Manager\pCloudd.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Sanjana\AppData\Roaming\Aventail\ewpca\ewpca.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRunOnce: [BetProxy] c:\users\sanjana\appdata\roaming\aventail\ewpca\ewpca.exe -cleanup
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PDF Converter Elite Print Dispatcher] c:\program files\pdfconverter.com\pdf converter elite\2009\pcSONPrnDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: barcap.com\connect
Trusted Zone: google.com
Trusted Zone: google.com\local
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
Trusted Zone: google.com.sg\www
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.barcap.com/workplace/webifiers/wficat.cab
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-rd02.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
TCP: Interfaces\{4BD72912-5353-4380-BBB1-55120742B277} : DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E} : DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D203931313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D213031303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D213131313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\373735563657275646 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\75759514D485 : DhcpNameServer = 64.119.80.100 216.143.135.12 202.156.1.68
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\C696E6B6379737 : DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\E65647765616272333 : DhcpNameServer = 64.119.80.100 216.143.135.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sanjana\appdata\roaming\mozilla\firefox\profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PCloudd;PCloudd;c:\program files\iomega storage manager\pCloudd.exe [2011-2-17 206336]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-10-22 109168]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-31 260648]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 122368]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-31 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253600]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-31 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-31 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-31 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-12 52224]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-26 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-09 06:56:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 03:08:33 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{796379e7-ad4c-4807-b789-901c3185abb1}\mpengine.dll
2012-03-14 18:54:28 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 18:54:26 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:37:31 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:37:29 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:36:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:36:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:36:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:36:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:36:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:36:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-09 07:22:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 4:08:34.06 ===============

Hello sanjupan,

Your topic Nov 26th, 2011 "My CPU is going 100" http://forums.spybot.info/showthread.php?p=417682#post417682

A helper responded but the topic was closed because you did not respond to his last instructions.

Please let us know why there was no follow up. Also, has combofix been used again?

It looks like you have run Combofix many times before, its a very powerful tool, lets hope you did not damage anything.Also of note, there was no follow up to this four page thread either: http://forums.spybot.info/showthread.php?p=398348#post398348


April 12th 2012

Apologies for earlier posts being archived / closed. The first post - 4 page - was initial one where i missed reading the 3 day rule (my bad) and it got archived. I restarted a new post indicating my earlier was archived but had to travel on unscheduled visit and that got archived too.

After that I had decided to wait and post only when I am fairly certain that I would be with my machine for long enough period of time to get the issues resolved.
I realize that you people spend considerable effort on the whole forum. Please consider my case. Not sure how I should make it up to you guys.

I havent used combo fix since those posts. There were some windows auto updates - not much has changed.

Thanks and regards
sanjupan

Hi,

Not really looking at anything earthshattering on your log, with the amount of times you have run Combofix, lets hope again that you didnt cause any damage.


If your going to be away and cant respond for a few days, let me know so that I wont close this thread


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Thanks. The aswMBR prompted for virus definition update - i clicked yes.

Posting both the logs below.
Thanks
sanjupan

------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sanjana :: SANJPC [administrator]

Protection: Enabled

4/26/2012 9:48:31 AM
mbam-log-2012-04-26 (09-48-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255785
Time elapsed: 16 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------------------------------------


aswMBR log
------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-26 10:07:14
-----------------------------
10:07:14.178 OS Version: Windows 6.1.7601 Service Pack 1
10:07:14.178 Number of processors: 2 586 0x170A
10:07:14.180 ComputerName: SANJPC UserName:
10:07:15.421 Initialize success
10:09:03.775 AVAST engine defs: 12042600
10:10:46.545 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:10:46.547 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
10:10:46.567 Disk 0 MBR read successfully
10:10:46.570 Disk 0 MBR scan
10:10:46.573 Disk 0 Windows VISTA default MBR code
10:10:46.576 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:10:46.589 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
10:10:46.603 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
10:10:46.608 Disk 0 scanning sectors +488395120
10:10:46.683 Disk 0 scanning C:\Windows\system32\drivers
10:11:04.519 Service scanning
10:11:46.872 Modules scanning
10:12:02.647 Disk 0 trace - called modules:
10:12:02.679 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
10:12:02.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87054648]
10:12:02.689 3 CLASSPNP.SYS[8cc9a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86200028]
10:12:03.714 AVAST engine scan C:\Windows
10:12:08.157 AVAST engine scan C:\Windows\system32
10:16:59.571 AVAST engine scan C:\Windows\system32\drivers
10:17:28.266 AVAST engine scan C:\Users\Sanjana
10:34:15.619 Disk 0 MBR has been saved successfully to "C:\Data\MalwareRemoval\9thApr2012\MBR.dat"
10:34:15.669 The log file has been saved successfully to "C:\Data\MalwareRemoval\9thApr2012\aswMBR.txt"

Logs look fine

If ESET doesn't find anything that I will link you to a windows forum for help

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Hi, whenever I try to run the online scan, it takes a long time(its scanning for viruses stage) my CPU goes 100% mid-way and I have to reboot the PC. I retried that 2 times without luck. :confused:

I was trying the alternative step for other browsers
"Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop."
...But was unable to locate it on the ESET webage. I m hoping it's an offline tool. Can you please let me know the link. Also should I run this by staring windows in safe mode or something? I m afraid if it takes a longer time my PC may again slip into the 100% CPU issue.

Thanks
Sanjupan

Good Morning,

You can try running ESET in Safemode with Networkworking


To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)


If it still give you problems you can try this other scanner
http://housecall.trendmicro.com/

Hi I was able to run the ESET Scanner successfully in safe mode.

It identified 4 threats but apparently also quarantined it.
I still have the ESET Window open.

Should I restore back files (identified as infected )by clicking on "Manage Quarantined files" --> "Restore" button on the ESET window?

The log is below

---------------------------------------------------

C:\Qoobox\Quarantine\C\Users\Sanjana\AppData\Local\ayetaciw.dll.vir a variant of Win32/Cimag.FT trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat probably a variant of Win32/Agent.JCVPCMR trojan cleaned by deleting - quarantined
C:\Users\Sanjana\Desktop\HSS-1.58-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Users\Sanjana\Downloads\cnet_TuneAid_3_76_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
----------------------------------------------------------




Also should I run the trend scanner too?

Please advise.

Thanks
Sanjupan

No, dont restore them, one was in Quarantine from what Combofix removed, one is a dat file and the other two look like they are something that you downloaded that could be infected.


No need for Trendmicro.

Still the same problem ?

Looks like the issue is resolved. I had my PC on the whole night with perfmon tracking.
Please let me know the next steps.
Thanks for all the help!
sanjupan

One thing we may want to check is your Master Boot Record, the latest threats are targeting it, aswMBR is showing its ok but lets make sure, now that your saying everything is ok I am sure its fine so this is a doublecheck.

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Logs below
Thanks
Sanjupan

-------------------------------------------------------------------
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E5500
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 203):
0x82E17000 \SystemRoot\system32\ntkrnlpa.exe
0x83229000 \SystemRoot\system32\halmacpi.dll
0x80B97000 \SystemRoot\system32\kdcom.dll
0x8C208000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C28D000 \SystemRoot\system32\PSHED.dll
0x8C29E000 \SystemRoot\system32\BOOTVID.dll
0x8C2A6000 \SystemRoot\system32\CLFS.SYS
0x8C2E8000 \SystemRoot\system32\CI.dll
0x8C417000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C488000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C496000 \SystemRoot\system32\drivers\ACPI.sys
0x8C4DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8C4E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x8C4EF000 \SystemRoot\system32\drivers\pci.sys
0x8C519000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8C524000 \SystemRoot\System32\drivers\partmgr.sys
0x8C535000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C53D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C548000 \SystemRoot\system32\drivers\volmgr.sys
0x8C558000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C5A3000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8C5D1000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C393000 \SystemRoot\system32\drivers\vmbus.sys
0x8C5E7000 \SystemRoot\system32\drivers\winhv.sys
0x8C637000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C711000 \SystemRoot\system32\drivers\amdxata.sys
0x8C71A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C74E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C75F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C833000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C962000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C98D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C9A0000 \SystemRoot\System32\Drivers\cng.sys
0x8C800000 \SystemRoot\System32\drivers\pcw.sys
0x8C80E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CA3D000 \SystemRoot\system32\drivers\ndis.sys
0x8CAF4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CB32000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC02000 \SystemRoot\System32\drivers\tcpip.sys
0x8CD4C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CD7D000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8CD86000 \SystemRoot\system32\drivers\volsnap.sys
0x8CDC5000 \SystemRoot\System32\Drivers\spldr.sys
0x8CDCD000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CB57000 \SystemRoot\system32\DRIVERS\PBADRV.sys
0x8CB62000 \SystemRoot\System32\Drivers\mup.sys
0x8CB72000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CB7A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CBAC000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CBBD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x91713000 \SystemRoot\system32\drivers\cdrom.sys
0x91732000 \SystemRoot\System32\Drivers\Null.SYS
0x91739000 \SystemRoot\System32\Drivers\Beep.SYS
0x91740000 \SystemRoot\System32\drivers\vga.sys
0x9174C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9176D000 \SystemRoot\System32\drivers\watchdog.sys
0x9177A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91782000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9178A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91792000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9179D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x917AB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x917C2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C769000 \SystemRoot\system32\drivers\afd.sys
0x917CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91600000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91607000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CBEF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CA0E000 \SystemRoot\system32\DRIVERS\serial.sys
0x8CA28000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C817000 \SystemRoot\system32\drivers\termdd.sys
0x8C3BD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C828000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C7C3000 \SystemRoot\system32\drivers\mssmbios.sys
0x8CDFA000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8C7CD000 \SystemRoot\System32\drivers\discache.sys
0x9203D000 \SystemRoot\system32\drivers\csc.sys
0x920A1000 \SystemRoot\System32\Drivers\dfsc.sys
0x920B9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x920C7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92C1B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x9323D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x932F4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9332D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93338000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x93383000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93392000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9481F000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x94800000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x933B1000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x920E8000 \SystemRoot\system32\drivers\1394ohci.sys
0x92C00000 \SystemRoot\system32\drivers\sdbus.sys
0x9480A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x92115000 \SystemRoot\system32\drivers\i8042prt.sys
0x9212D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x933F2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92166000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92173000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9217D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9481B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92183000 \SystemRoot\system32\drivers\wmiacpi.sys
0x921B5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x921C7000 \SystemRoot\system32\drivers\CompositeBus.sys
0x921D4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x921E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9200B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9218C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C7D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C600000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x921A4000 \SystemRoot\System32\Drivers\PdiPorts.sys
0x921A7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9202D000 \SystemRoot\system32\DRIVERS\VClone.sys
0x9580A000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x95830000 \SystemRoot\system32\drivers\swenum.sys
0x95832000 \SystemRoot\system32\drivers\ks.sys
0x95866000 \SystemRoot\system32\drivers\umbus.sys
0x95874000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x958B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x958C9000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x95931000 \SystemRoot\system32\DRIVERS\portcls.sys
0x95960000 \SystemRoot\system32\DRIVERS\drmk.sys
0x95979000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x81F60000 \SystemRoot\System32\win32k.sys
0x9599C000 \SystemRoot\System32\drivers\Dxapi.sys
0x959A6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91626000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x959B3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x959C4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x821C0000 \SystemRoot\System32\TSDDD.dll
0x81E00000 \SystemRoot\System32\cdd.dll
0x959CF000 \SystemRoot\system32\drivers\luafv.sys
0x92A32000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x92A69000 \SystemRoot\system32\drivers\WudfPf.sys
0x92A83000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92A8E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92AA1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92AA8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92AAA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92AB5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x92AC1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x92AD8000 \SystemRoot\system32\DRIVERS\acpials.sys
0x92AE0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x92B01000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92B11000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92B57000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92B67000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x92B71000 \SystemRoot\system32\DRIVERS\purendis.sys
0x92B7B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x92B8E000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x9D037000 \SystemRoot\system32\drivers\HTTP.sys
0x9D0BC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D0D5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D0E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D10A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D145000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D160000 \SystemRoot\system32\drivers\peauth.sys
0x9D000000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D00A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x92B97000 \SystemRoot\System32\drivers\tcpipreg.sys
0x92BA4000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB3A16000 \SystemRoot\System32\DRIVERS\srv.sys
0xB3A68000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77400000 \Windows\System32\ntdll.dll
0x479F0000 \Windows\System32\smss.exe
0x77640000 \Windows\System32\apisetschema.dll
0x00F30000 \Windows\System32\autochk.exe
0x775B0000 \Windows\System32\comdlg32.dll
0x77320000 \Windows\System32\kernel32.dll
0x77560000 \Windows\System32\gdi32.dll
0x77180000 \Windows\System32\setupapi.dll
0x76FC0000 \Windows\System32\iertutil.dll
0x76F60000 \Windows\System32\difxapi.dll
0x76EB0000 \Windows\System32\rpcrt4.dll
0x76E70000 \Windows\System32\ws2_32.dll
0x77550000 \Windows\System32\nsi.dll
0x76DD0000 \Windows\System32\advapi32.dll
0x76C70000 \Windows\System32\ole32.dll
0x76BE0000 \Windows\System32\oleaut32.dll
0x76B90000 \Windows\System32\Wldap32.dll
0x76B60000 \Windows\System32\imagehlp.dll
0x76B40000 \Windows\System32\imm32.dll
0x76AA0000 \Windows\System32\usp10.dll
0x769F0000 \Windows\System32\msvcrt.dll
0x768D0000 \Windows\System32\wininet.dll
0x76840000 \Windows\System32\clbcatq.dll
0x77540000 \Windows\System32\normaliz.dll
0x76720000 \Windows\System32\urlmon.dll
0x766C0000 \Windows\System32\shlwapi.dll
0x765F0000 \Windows\System32\user32.dll
0x76520000 \Windows\System32\msctf.dll
0x758D0000 \Windows\System32\shell32.dll
0x758C0000 \Windows\System32\lpk.dll
0x758B0000 \Windows\System32\psapi.dll
0x75890000 \Windows\System32\sechost.dll
0x75860000 \Windows\System32\cfgmgr32.dll
0x75840000 \Windows\System32\devobj.dll
0x75810000 \Windows\System32\wintrust.dll
0x75780000 \Windows\System32\comctl32.dll
0x75730000 \Windows\System32\KernelBase.dll
0x75610000 \Windows\System32\crypt32.dll
0x75600000 \Windows\System32\msasn1.dll

Processes (total 100):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
472 csrss.exe
524 C:\Windows\System32\wininit.exe
536 csrss.exe
580 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\svchost.exe
816 C:\Program Files\Fingerprint Sensor\AtService.exe
852 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
1248 C:\Windows\System32\svchost.exe
1420 WUDFHost.exe
1488 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\spoolsv.exe
1744 C:\Windows\System32\svchost.exe
1932 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
1976 C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
2000 C:\Program Files\Bonjour\mDNSResponder.exe
2020 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
112 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
488 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
600 C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
944 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1360 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
396 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
1764 C:\Windows\System32\java.exe
708 C:\Windows\System32\conhost.exe
2136 C:\Program Files\Iomega Storage Manager\pCloudd.exe
2156 C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
2220 C:\Windows\System32\svchost.exe
2264 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
2328 dllhost.exe
2420 WmiPrvSE.exe
2488 unsecapp.exe
2576 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2940 WmiPrvSE.exe
3008 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3132 C:\Windows\System32\taskhost.exe
3184 C:\Windows\System32\dwm.exe
3484 C:\Windows\explorer.exe
3664 C:\Program Files\DellTPad\Apoint.exe
3676 C:\Program Files\IDT\WDM\sttray.exe
3704 C:\Windows\System32\hkcmd.exe
3724 C:\Windows\System32\igfxpers.exe
3732 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3740 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
3752 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
3788 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
3796 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
3808 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3816 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3824 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
4084 C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
1564 C:\Windows\System32\igfxsrvc.exe
2372 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3072 C:\Windows\System32\svchost.exe
3532 C:\Windows\System32\svchost.exe
3904 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
1416 C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
3556 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2364 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
4152 C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
4328 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4336 C:\Windows\System32\conhost.exe
4344 C:\Program Files\DellTPad\ApMsgFwd.exe
4404 C:\Program Files\DellTPad\hidfind.exe
4412 C:\Program Files\DellTPad\ApntEx.exe
4432 C:\Windows\System32\conhost.exe
4504 C:\Windows\System32\igfxext.exe
4852 C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
5112 C:\Windows\System32\svchost.exe
5300 C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
5316 C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
5516 C:\Program Files\Internet Explorer\iexplore.exe
5564 C:\Program Files\Internet Explorer\iexplore.exe
3696 C:\Windows\System32\taskmgr.exe
4140 dllhost.exe
5884 C:\Windows\System32\svchost.exe
5384 C:\Windows\System32\svchost.exe
4308 C:\Users\Sanjana\AppData\Roaming\Aventail\ewpca\ewpca.exe
4828 C:\Program Files\Internet Explorer\iexplore.exe
732 C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
5028 C:\Program Files\Java\jre6\bin\java.exe
572 C:\Windows\System32\conhost.exe
5372 C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
3020 C:\Program Files\Java\jre6\bin\java.exe
4072 C:\Windows\System32\conhost.exe
1740 C:\Windows\System32\audiodg.exe
2808 <unknown>
5916 dllhost.exe
924 dllhost.exe
3024 C:\Data\MalwareRemoval\9thApr2012\MBRCheck.exe
688 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Your fine. No infection in that area.

Sometimes when you have high CPU use and lockups, it could be either hardware or software related, can you think back if you installed any new software programs or a piece of hardware like a printer prior to you having this problem ? Let me know if it persists and if so I can link you to a windows forum to help you sort out anything that may be causing problems

Thanks Ken545. Will do. Until now no issues. Let me know if I need to run any other tests to detect hardware issues.
Thanks
Sanjupan

Good Morning,

Looks like your good to go :bigthumb:


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png



Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

I spoke too soon. My CPU went to 100 requiring a reboot one time today. Is there anything else I can look at ?
Thanks
Sanjupan

Lets go ahead and get a fresh copy of Combofix, make sure to run it from your desktop

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

ComboFix 12-05-03.01 - Sanjana 05/03/2012 5:15.6.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2689 [GMT -4:00]
Running from: c:\data\MalwareRemoval\9thApr2012\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sanjana\AppData\Local\assembly\tmp
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 09:24 . 2012-05-03 09:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-05-03 09:24 . 2012-05-03 09:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-03 09:24 . 2012-05-03 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 05:31 . 2012-05-03 05:31 -------- d-----w- c:\program files\ESET
2012-05-02 04:06 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8698DCAD-E1DE-4492-B0F1-8FAB9B1EBDCC}\mpengine.dll
2012-04-19 17:28 . 2012-04-19 17:28 -------- d-----w- c:\program files\SDA
2012-04-19 17:27 . 2012-04-19 17:27 -------- d-----w- c:\users\Sanjana\AppData\Local\Downloaded Installations
2012-04-19 14:51 . 2012-03-13 23:18 2469760 ----a-w- c:\windows\system32\BootMan.exe
2012-04-19 14:51 . 2011-07-29 17:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-19 14:51 . 2011-07-29 17:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-19 14:51 . 2011-07-29 17:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-19 14:51 . 2011-07-29 17:54 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-19 14:51 . 2012-04-19 14:51 -------- d-----w- c:\program files\EASEUS
2012-04-12 17:03 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 17:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 06:56 . 2012-04-16 11:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 02:38 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
2012-04-16 11:22 . 2011-07-27 17:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 19:00 . 2010-05-15 21:41 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-23 14:18 . 2010-02-05 02:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 13:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 13:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 13:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 13:37 1077248 ----a-w- c:\windows\system32\DWrite.dll
2011-08-23 16:44 . 2011-07-27 17:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"PDF Converter Elite Print Dispatcher"="c:\program files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe" [2009-11-13 53248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
.
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PCloudd;PCloudd;c:\program files\Iomega Storage Manager\pCloudd.exe [2011-02-17 206336]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:22]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
.
2012-04-29 c:\windows\Tasks\Norton Security Scan for Sanjana.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: barcap.com\connect
Trusted Zone: google.com
Trusted Zone: google.com\local
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
Trusted Zone: google.com.sg\www
TCP: DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3244)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
Completion time: 2012-05-03 05:27:47
ComboFix-quarantined-files.txt 2012-05-03 09:27
ComboFix2.txt 2011-12-06 18:28
ComboFix3.txt 2011-02-06 23:01
ComboFix4.txt 2011-02-04 04:10
ComboFix5.txt 2012-05-03 09:14
.
Pre-Run: 86,896,922,624 bytes free
Post-Run: 88,273,031,168 bytes free
.
- - End Of File - - A9F5E6F35A6862276648A3D1D9C555A9

Hi,

Nothing bad on your log, lets do this, post in this windows forum for help, explain exactly whats going on with your system, link them to this thread so they can see what we have done and that we believe that malware is not the problem.

This site is free but you will need to register and post in there Windows Forum

http://forums.whatthetech.com/index.php?showforum=119


Good Luck

Ken :)