PDA

View Full Version : Multiple svchost.exe taking up most resources. Random Windows disconnect sound.



EvilRev
2012-11-07, 05:47
I keep hearing the windows usb disconnect sound twice in a row once every hour or so. It will not stop even when i reinstall windows. The computer was not doing this when i first got it. Here are the logs...

:oreo: DDS Log

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 22:30:44 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8143.5996 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Games\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AEB50B75-BCF4-46A5-B126-1F19924C3192} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.msn.com
x64-mDefault_Page_URL = hxxp://www.msn.com
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-12-2 565528]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-30 23832]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-31 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-31 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-31 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121106.001\IDSviA64.sys [2012-11-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-31 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-31 405624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-9-23 65192]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-31 138272]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-10-30 123320]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-30 1258856]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-10-30 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-30 138912]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-10-30 56600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-30 677480]
R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-05 17:52:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-01 05:47:16 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-11-01 05:47:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-11-01 05:47:16 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-11-01 02:18:00 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys
2012-11-01 02:18:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys
2012-11-01 02:18:00 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys
2012-11-01 02:18:00 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys
2012-11-01 02:18:00 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys
2012-11-01 02:18:00 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys
2012-11-01 02:18:00 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys
2012-11-01 02:17:54 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009
2012-10-31 17:29:06 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-10-31 17:29:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-10-31 17:29:06 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-10-31 17:29:05 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-10-31 17:29:05 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-10-31 07:50:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-31 07:49:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-10-31 07:48:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-10-31 07:48:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-10-31 07:48:10 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-10-31 07:48:10 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-10-31 07:48:07 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-10-31 07:48:07 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-10-31 07:48:07 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-10-31 07:48:07 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-10-31 07:48:01 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-10-31 07:46:56 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-10-31 07:46:55 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-10-31 07:46:36 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-10-31 07:46:28 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-10-31 07:46:28 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-10-31 07:46:20 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-10-31 07:46:20 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-10-31 07:45:57 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-10-31 07:45:50 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-10-31 07:45:39 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-10-31 07:45:39 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-10-31 07:45:39 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-10-31 07:45:39 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-10-31 07:45:32 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-10-31 07:45:32 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-10-31 07:44:07 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-10-31 07:44:07 67072 ----a-w- C:\Windows\splwow64.exe
2012-10-31 07:44:07 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-10-31 07:44:07 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-10-31 07:43:38 77312 ----a-w- C:\Windows\System32\packager.dll
2012-10-31 07:43:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-10-31 01:05:17 -------- d-----w- C:\Program Files (x86)\Datel
2012-10-31 00:40:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-10-31 00:39:58 54200 ----a-w- C:\Windows\System32\drivers\dsiarhwprog_x64.sys
2012-10-30 23:40:50 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-10-30 23:40:50 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-10-30 23:39:13 -------- d-----w- C:\ProgramData\Battle.net
2012-10-30 23:07:42 -------- d-----w- C:\Users\Brandon\AppData\Local\CrashDumps
2012-10-30 22:37:39 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-10-30 22:36:30 111960 ----a-w- C:\Windows\dxsdkuninst.exe
2012-10-30 22:36:30 -------- d-----w- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)
2012-10-30 21:53:10 -------- d-----w- C:\Users\Brandon\AppData\Local\Adobe
2012-10-30 21:52:28 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-10-30 21:48:56 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-10-30 21:48:53 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-10-30 21:10:43 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-10-30 20:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-10-30 20:09:15 -------- d-----r- C:\Games
2012-10-30 19:26:53 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-30 19:26:53 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-30 19:26:53 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-30 19:26:53 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-30 19:26:53 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-30 19:26:53 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-30 19:26:53 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-30 19:25:43 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2012-10-30 19:25:43 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-10-30 19:24:34 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-10-30 19:24:29 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-10-30 19:24:29 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-10-30 19:17:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-10-30 19:17:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-10-30 19:17:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-10-30 19:14:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-10-30 19:14:25 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-10-30 19:14:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-10-30 19:14:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-10-30 19:08:15 -------- d-----w- C:\Program Files (x86)\ASUS
2012-10-30 19:07:13 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-10-30 19:06:11 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-10-30 19:06:11 677480 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-10-30 19:06:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-10-30 19:05:21 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2012-10-30 19:05:08 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-10-30 19:04:58 56600 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-10-30 19:02:58 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Intel Corporation
2012-10-30 18:59:59 81248 ----a-w- C:\Windows\System32\SFCOM64.dll
2012-10-30 18:54:19 23832 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2012-10-30 18:51:19 -------- d-----w- C:\Windows\AsusInstAll
2012-10-30 18:49:24 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-10-30 18:47:59 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2012-10-30 18:43:53 -------- d-----w- C:\Users\Brandon\AppData\Local\Google
2012-10-30 18:42:23 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-10-30 18:42:23 -------- d-----w- C:\Program Files\Symantec
2012-10-30 18:42:23 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-10-30 18:41:25 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-10-30 18:41:24 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-10-30 18:39:09 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\02000F0.060
2012-10-30 18:39:09 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64
2012-10-30 18:39:08 -------- d-----w- C:\ProgramData\Norton
2012-10-30 18:39:08 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
2012-10-30 18:39:04 -------- d-----w- C:\ProgramData\NortonInstaller
2012-10-30 18:39:04 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-10-30 18:27:18 -------- d-----w- C:\Users\Brandon\AppData\Local\Diagnostics
2012-10-30 18:26:55 -------- d-----w- C:\Users\Brandon\AppData\Local\ElevatedDiagnostics
2012-10-30 18:19:04 -------- d-----w- C:\Users\Brandon\AppData\Local\VirtualStore
2012-10-16 23:03:05 -------- d-sh--w- C:\Recovery
2012-10-11 01:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 01:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 01:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 01:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 01:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 01:22:24 364904 ----a-w- C:\Windows\System32\nvEncodeAPI64.dll
2012-10-11 01:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 01:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 01:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
.
==================== Find3M ====================
.
2012-10-11 01:23:48 247144 ----a-w- C:\Windows\System32\nvinitx.dll
2012-10-02 17:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 22:31:06.65 ===============

:oreo: aswMBR Log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 22:34:48
-----------------------------
22:34:48.980 OS Version: Windows x64 6.1.7601 Service Pack 1
22:34:48.980 Number of processors: 8 586 0x2D07
22:34:48.980 ComputerName: BLACKPEARL UserName: Brandon
22:34:50.241 Initialize success
22:36:48.678 AVAST engine defs: 12110602
22:36:57.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
22:36:57.947 Disk 0 Vendor: ATA_____ A610 Size: 953869MB BusType: 11
22:36:57.955 Disk 0 MBR read successfully
22:36:57.957 Disk 0 MBR scan
22:36:57.959 Disk 0 Windows 7 default MBR code
22:36:57.974 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:36:57.992 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:36:58.002 Disk 0 scanning C:\Windows\system32\drivers
22:37:03.934 Service scanning
22:37:18.151 Modules scanning
22:37:18.154 Disk 0 trace - called modules:
22:37:18.254 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
22:37:18.256 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007f1c790]
22:37:18.259 3 CLASSPNP.SYS[fffff8800465143f] -> nt!IofCallDriver -> [0xfffffa8007e24c50]
22:37:18.262 5 iaStorF.sys[fffff880048652fa] -> nt!IofCallDriver -> [0xfffffa8007b26040]
22:37:18.265 7 ACPI.sys[fffff88000f887a1] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa8007b17430]
22:37:19.516 AVAST engine scan C:\Windows
22:37:20.908 AVAST engine scan C:\Windows\system32
22:38:58.878 AVAST engine scan C:\Windows\system32\drivers
22:39:06.710 AVAST engine scan C:\Users\Brandon
22:39:38.500 AVAST engine scan C:\ProgramData
22:39:55.033 Scan finished successfully
22:40:09.349 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
22:40:09.352 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

Robybel
2012-11-09, 14:15
Hi and Welcome!! EvilRev :)

My name is Robybel. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! :bigthumb:

EvilRev
2012-11-10, 01:00
Ok. I'll keep watching this thread until you tell me what I need to do.

Robybel
2012-11-10, 08:21
Hi EvilRev ;)


AdwCleaner

Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

---------------------------

On your next reply please post :

AdwCleaner log
Combofix log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day! :bigthumb:

EvilRev
2012-11-11, 09:30
Here they are:

:fear: AdwCleaner

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 01:58:40
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brandon - BLACKPEARL
# Boot Mode : Normal
# Running from : C:\Users\Brandon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S4].txt - [676 octets] - [11/11/2012 01:58:40]

########## EOF - C:\AdwCleaner[S4].txt - [735 octets] ##########

:fear: Combofix

ComboFix 12-11-09.02 - Brandon 11/11/2012 2:20.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8143.6831 [GMT -5:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 07:24 . 2012-11-11 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-07 03:03 . 2012-11-07 03:04 -------- d-----w- c:\program files (x86)\ERUNT
2012-11-05 17:52 . 2012-11-05 17:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-01 06:26 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 05:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-01 05:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-01 05:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-31 17:29 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-31 17:29 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-31 17:29 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-31 17:29 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-31 17:29 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-31 07:51 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-31 07:50 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-31 07:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-10-31 07:48 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-31 07:48 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-10-31 07:48 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-10-31 07:48 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-10-31 07:48 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-31 07:48 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-31 07:48 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-31 07:48 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-31 07:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-31 07:46 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-31 07:46 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-31 07:46 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-10-31 07:46 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-10-31 07:46 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-10-31 07:46 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-31 07:46 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-31 07:45 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-31 07:45 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-10-31 07:45 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-31 07:45 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-31 07:45 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-31 07:45 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-31 07:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-10-31 07:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-10-31 07:44 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-10-31 07:44 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-10-31 07:44 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-10-31 07:44 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-10-31 07:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-31 07:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-31 01:05 . 2012-10-31 01:05 -------- d-----w- c:\program files (x86)\Datel
2012-10-31 00:41 . 2012-10-31 00:41 -------- d-----w- c:\program files\DIFX
2012-10-31 00:40 . 2012-10-31 00:40 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-31 00:39 . 2012-09-26 19:55 54200 ----a-w- c:\windows\system32\drivers\dsiarhwprog_x64.sys
2012-10-30 23:40 . 2012-10-30 23:40 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-30 23:40 . 2012-10-30 23:40 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-30 23:39 . 2012-10-30 23:39 -------- d-----w- c:\programdata\Battle.net
2012-10-30 22:37 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-10-30 22:36 . 2012-10-30 22:38 -------- d-----w- c:\program files (x86)\Microsoft DirectX SDK (June 2010)
2012-10-30 22:36 . 2012-10-30 22:36 111960 ----a-w- c:\windows\dxsdkuninst.exe
2012-10-30 22:03 . 2012-10-30 22:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-10-30 21:52 . 2012-10-30 21:52 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-10-30 21:48 . 2012-10-30 21:48 -------- d-----w- c:\programdata\McAfee Security Scan
2012-10-30 21:48 . 2012-10-30 21:48 -------- d-----w- c:\programdata\McAfee
2012-10-30 21:48 . 2012-11-02 23:19 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-10-30 21:48 . 2012-10-30 21:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-30 21:44 . 2012-10-30 21:44 -------- d-----w- c:\program files\WinRAR
2012-10-30 21:10 . 2012-10-30 21:10 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-30 20:12 . 2012-10-30 21:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-30 20:09 . 2012-10-31 00:39 -------- d-----r- C:\Games
2012-10-30 19:27 . 2012-11-11 07:17 -------- d-----w- c:\programdata\NVIDIA
2012-10-30 19:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-30 19:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-30 19:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-30 19:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-30 19:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-30 19:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-30 19:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-30 19:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-30 19:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-30 19:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-30 19:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-30 19:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-30 19:08 . 2012-10-30 19:08 -------- d-----w- c:\program files (x86)\ASUS
2012-10-30 19:07 . 2012-10-30 19:07 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-10-30 19:06 . 2012-02-03 13:01 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-10-30 19:06 . 2012-02-03 13:01 677480 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-10-30 19:06 . 2012-02-03 13:01 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-10-30 19:05 . 2012-10-30 19:05 -------- d-----w- c:\program files (x86)\ASM106xSATA
2012-10-30 19:05 . 2011-10-04 00:08 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-10-30 19:04 . 2011-09-22 13:49 56600 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-10-30 18:59 . 2011-12-20 07:32 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-10-30 18:54 . 2011-12-02 06:06 23832 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-10-30 18:51 . 2012-10-30 18:51 -------- d-----w- c:\windows\AsusInstAll
2012-10-30 18:49 . 2012-10-30 19:04 -------- d-----w- c:\program files (x86)\Intel
2012-10-30 18:49 . 2011-07-29 05:54 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-10-30 18:47 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-10-30 18:47 . 2012-10-30 18:47 -------- d-----w- c:\program files\Google
2012-10-30 18:43 . 2012-10-30 18:47 -------- d-----w- c:\program files (x86)\Google
2012-10-30 18:42 . 2012-11-01 02:18 -------- d-----w- c:\program files\Symantec
2012-10-30 18:42 . 2012-11-01 02:18 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-10-30 18:42 . 2012-10-30 18:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-30 18:41 . 2012-11-01 17:55 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-10-30 18:41 . 2012-10-30 18:41 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-10-30 18:39 . 2012-10-30 18:42 -------- d-----w- c:\programdata\Norton
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-30 18:18 . 2012-10-30 20:12 -------- d-----w- c:\users\Brandon
2012-10-16 23:03 . 2012-10-30 18:18 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:23 . 2012-10-11 01:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-10-11 01:23 . 2012-10-11 01:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 01:23 . 2012-10-11 01:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 01:23 . 2012-10-11 01:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 01:23 . 2012-10-11 01:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2012-10-11 01:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2012-10-11 01:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2012-10-11 01:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-20 17:38 . 2012-10-31 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\games\Steam\steam.exe" [2012-10-30 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-12-02 286720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 57135665;57135665; [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-12-02 565528]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-12-02 23832]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121109.001\IDSvia64.sys [2012-10-27 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-30 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 18:43]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-11 02:25:42
ComboFix-quarantined-files.txt 2012-11-11 07:25
ComboFix2.txt 2012-11-11 07:14
.
Pre-Run: 922,573,189,120 bytes free
Post-Run: 922,275,983,360 bytes free
.
- - End Of File - - EE6404BE2E36043A7942170675529D17

Robybel
2012-11-13, 06:45
Hi EvilRev ;)

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner-popup/)
Click the ESET on Line scan button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

=============================== Next =======================================


Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://whatthetech.com/ldtate/Images/MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


Please let me know, how your computer is running now

On your next reply please post :

Eset report
Malwarebytes log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

EvilRev
2012-11-14, 20:55
The ESET Scanner found no problems and did not provide a log. Mbam found no threats but did provide a log. After these scans there are still svchost.exe programs taking up my resources...

Here is the MBAM log :oreo:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brandon :: BLACKPEARL [administrator]

Protection: Enabled

11/14/2012 1:42:03 PM
mbam-log-2012-11-14 (13-42-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221593
Time elapsed: 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Robybel
2012-11-16, 22:17
Hi EvilRev ;)


After these scans there are still svchost.exe programs taking up my resources...
Please download Windows Repair (all in one) from here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe)

Install the program then run it

Go to step 2 and allow it to run Disk check

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif

On the the Start Repairs tab => Click the Start

http://i.imgur.com/7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure


Next

Please let me know how your computer is running and if there are any outstanding issues.

Robybel
2012-11-19, 05:07
Still with me?

EvilRev
2012-11-19, 09:08
I am still with you. Sorry for the long time between posts. I did the tweaking.com windows repair and still no changes. The svchost.exe is still there.

Robybel
2012-11-20, 08:58
Hi Evilrev :)

Svchost is a generic process, and high usage here doesn't mean anything in and of itself.

To identify what is causing svchost to use so much resource:
Open Task Manager using the keyboard sequence: Ctrl+Alt+Canc.
On the Process tab: select 'Show Processes from All Users' on the lower left.
there, you'll see a listing of all processes, including a number of svchost.exe. Right Click the instance you want to examine, and choose "Go To Service /s". That will jump to the services tab: The services running that svchost.exe process will be highlighted.

EvilRev
2012-11-22, 00:08
The Problem that bought me here was the random windows sound and I think some kind of interference was causing it, not a virus. The processes linked to the svchost seem to be normal ones. I guess this thread is no longer needed.

:thanks:

Robybel
2012-11-24, 14:09
Hi Evilrev ;)

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png


Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.



Unistall AdwCleaner

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.


Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)


2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)


5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)

6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.