PDA

View Full Version : Cleanup for SSD install: 3 trojans, snap.do, WTangent, etc.


nextari
2012-12-02, 20:02
10163

10164

Hi,
I'm trying to clean things up for an SSD install. (2nd drive on HP dv7t-6000 / Win7)

Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.

Using Chrome, I am having 3 trojan horses blocked by AVAST. The notification for all 3 happens together. This has slowed in frequency from every 10 mins to every hour or so. Avast scan says no malware on system. I cannot get Avast to provide the details but here is one of them
http://urlfilter.vmn.net/vmnsbf/data/121114080835-m.zip|1211...

Another odd thing is that using Win7 backup util, it says I've succesfully backed up to ext. HDD-Hitachi SDmini, but the HDD does not show a new backup file, only the previous one according to the date.

Spybot is updated, restarted in safemode, nothing in red appears. (nothing red in color that I could see).
In normal mode, I could not see anything listed as "cannot remove", but including .zip in case I missed it.

Known Malware:
-The 3 Trojans above are in the system somewhere (based on frequency & randomness, i.e. I'm not recurrently visiting a particular page that would cause it)
-Snap.do remains on Chrome startup page (removed from all chrome settings, add-ons, & hijackthis)
-magic desktop
-funmoods (mostly gone)
-Wildtangent: current size = 113/126 MB (tried installing and uninstalling - not working. saw a WTremoval tool somewhere but then read that tool is also malware?)

I had no problems for almost a year with AVG, switched to Avast 3months ago because I heard it was better, and now have all these. System is running fine otherwise. Any recommendations? disable 3rd party cookies?

Should I just go ahead with the SSD or get rid of this stuff first?

Thanks You very much!

============================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by wave at 10:38:19 on 2012-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2674 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe
C:\ColdFusion9DotNetService\CFDotNetsvc.exe
C:\JRun4\jre\bin\java.exe
C:\ColdFusion9DotNetService\JNBDotNetSide.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
C:\JRun4\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\wave\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\JRun4\verity\k2\_nti40\bin\k2server.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\JRun4\verity\k2\_nti40\bin\k2index.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskmgr.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\wave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [googletalk] C:\Users\wave\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: C:\Windows\System32\RSLSP.dll
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1F750F3B-7B35-4A24-AFF4-484A5896A2C1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\2456C6B696E6F574F505C65737F5D494D4F4F5738353030303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\77962756C6563737 : DHCPNameServer = 68.87.76.178 68.87.78.130
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\A41636B6965602B456277796E672370296D41636 : DHCPNameServer = 10.0.2.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\A41667162456163686F4E6C696E656 : DHCPNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\E4544574541425 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9A9CF931-2FA3-409F-9217-08A4E0D2FDD4} : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\3416665602D41646279646023223 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\35D464 : DHCPNameServer = 206.13.28.12 206.13.31.12
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\742716E64694D60756279616C684F64756C6 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\A41667162456163686F4E6C696E656 : DHCPNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\B496E64644F6C6078696E6 : DHCPNameServer = 192.168.0.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0EyDtD0BtCyB0AyE0EyByC0A0BzytN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1128619912
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-19 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-19 370288]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-27 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-19 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-19 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-6 44808]
R2 CF9Solr;ColdFusion 9 Solr Service;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe -zglaxservice CF9Solr --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;C:\ColdFusion9DotNetService\CFDotNetsvc.exe [2012-3-9 77824]
R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;C:\JRun4\verity\k2\_nti40\bin\k2admin.exe [2012-3-9 3677616]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-29 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-7-27 2413056]
R2 Macromedia JRun Admin Server;Macromedia JRun Admin Server;C:\JRun4\bin\jrunsvc.exe [2012-3-9 68096]
R2 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;C:\JRun4\bin\jrunsvc.exe [2012-3-9 68096]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-1 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-1 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-29 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-29 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-7-27 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-27 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-29 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-29 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\System32\drivers\arusb_win7x.sys [2011-10-5 769024]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-6-6 24176]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-02 09:24:13 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11A02364-231F-46FA-8C62-BC13C6CB7990}\offreg.dll
2012-12-02 09:21:48 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11A02364-231F-46FA-8C62-BC13C6CB7990}\mpengine.dll
2012-12-02 05:53:34 388096 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-02 05:53:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-12-02 05:05:14 -------- d-----w- C:\Users\wave\AppData\Roaming\GlarySoft
2012-12-02 05:05:13 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2012-12-02 04:16:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-02 04:15:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-12-02 04:15:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-02 02:56:14 -------- d-----w- C:\Program Files (x86)\Wild Tangent Removal Tool
2012-12-02 02:41:43 -------- d-----w- C:\Users\wave\AppData\Roaming\WildTangent
2012-12-02 01:50:31 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-02 01:49:23 -------- d-----w- C:\Program Files\iPod
2012-12-02 01:49:22 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-02 01:49:22 -------- d-----w- C:\Program Files\iTunes
2012-12-02 01:49:22 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-20 16:15:56 -------- d-----w- C:\Program Files\CCleaner
2012-11-20 06:15:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-20 06:15:43 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-20 06:15:43 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-20 06:15:43 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-20 06:08:24 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-20 06:07:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-20 06:07:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-20 06:07:53 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-20 06:07:53 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-20 06:07:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-20 06:07:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-20 06:07:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-20 06:07:11 385024 ----a-w- C:\Windows\System32\CNMLMAA.DLL
2012-11-20 06:05:32 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-20 06:05:32 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-20 06:05:32 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 06:05:32 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-20 06:05:31 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-20 06:05:31 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-20 06:05:31 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-20 06:05:31 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-20 06:05:31 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-20 01:00:00 -------- d-s---w- C:\Users\wave\Google Drive
2012-11-19 18:56:38 -------- d-----w- C:\Users\wave\AppData\Roaming\Malwarebytes
2012-11-19 18:56:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-19 18:55:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-19 18:55:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-15 23:35:09 -------- d-----w- C:\Users\wave\AppData\Roaming\NoteTab Light
2012-11-15 23:34:41 -------- d-----w- C:\Program Files (x86)\NoteTab Light
.
==================== Find3M ====================
.
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 22:02:34 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 22:02:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 22:02:22 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-20 07:05:34 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 07:05:33 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-20 07:05:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 10:38:45.44 ===============
nextari
2012-12-05, 22:26
Hi,
4 days waiting here. Solved some of the issues. Please read here for current, and reference link for the logs. http://forums.spybot.info/showthread.php?p=434167

I'm cleaning up the system for an SSD install. (2nd drive on HP dv7t-6000 / Win7)

Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.

Snap.do has hijacked Chrome START UP homepage (only).
It's uninstalled, deleted, and deleted from all browser settings. Chrome - new tab- is no longer hijacked, only the start page when opening, but I wonder what else it's doing in the background.

There is just one csrss.exe processes: 2056k, no user, no description, will not reveal anything for properties. I've read one is normal, and I've read to delete any csrss.exe processes. Will it destabilize to delete? Suggestions?

Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda was bundled with something and installed. I was continually getting warnings that it was blocking 4 trojans >>
1) URL: xhttp://urlfilter.vmn.net/vmnsbf/data/121118112548-m.zip|121118112548-m.list (x added to disable the link)
PROCESS: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
INFECTION: JS:ScriptSH-inf [Trj]
also, 2 more same as above with, 121114080835, 121205002101
and one same as above with 121125002847 / INFECTION: HTML:Redirector-AE [Trj]

So I uninstalled visicom_antiphishing.exe by Panda and warnings stopped, as was suggested somewhere. But does this mean they are gone/ were never an actual threat?

Avast scan, Malwarebytes say no malware on system.

If I cannot remove Snap.do, should I go ahead with the SSD install?

Logs: http://forums.spybot.info/showthread.php?p=434167

Thank You!
nextari
2012-12-07, 02:56
After 4 days of progress with no reply, I posted an updated situation with new logs. I have learned alot, but at this point I have done what I can and will wait for a reply.

Thanks!

http://forums.spybot.info/showthread.php?p=434380#post434380
nextari
2012-12-07, 03:02
After 4 days of progress with no reply, I posted an updated situation with new logs. I have learned alot, but at this point I have done what I can and will wait for a reply.

Thanks!

http://forums.spybot.info/showthread.php?p=434380#post434380
nextari
2012-12-07, 06:16
admin: please remove this thread,
updated post appears as new thread with significant changes.
Thanks!
nextari
2012-12-07, 06:18
admin: please remove this thread,
after waiting 5 days, updated post appears as new thread with significant changes.
Thank You!
tashi
2012-12-07, 15:17
Please do not start more than one topic for the same computer during the same period. It will either be removed, closed or merged with your original thread.
Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it.

Please do not attempt to "do it yourself" while waiting for someone to respond to your topic.

http://forums.spybot.info/showthread.php?t=288

:lip:
tashi
2012-12-08, 03:25
Snipped from new topic in the waiting room. http://forums.spybot.info/showthread.php?t=67266

Repeated from link:

I'm cleaning up the system for an SSD install. (2nd drive on HP dv7t-6000 / Win7) Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.

Avast scan, Malwarebytes, and Kaspersky Virus Removal Tool 2011 (updated) found nothing even before I succeded in removing the threats.

Kaspersky Security Scan 2.0 says no malware on system, however lists 8 vulnerabilities, and 10 other issues. I will post them below after the requested logs.

I have sent the spybot scan results as an attached jpeg just in case, I hope that is not a waste of forum resources.

Should I go ahead with the SSD install at this point, or are there vulnerabilities remaining?

Thank You!

Malware removed:
process named: is-UEUMC.tmp 2128k (nothing on Google about that one)
MAsetupCleaner.exe 24kb in Windows\SysWOW84 (I deleted it, before it ever ran I believe)
Snap.do seems to be gone, terrible.
Easybits
WildTangent
magicdesktop
yontoo
"Wild search results",

and finally,
Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda was bundled with something and installed. I was continually getting warnings
that it was blocking 4 trojans >>
1) URL: xhttp://urlfilter.vmn.net/vmnsbf/data/121118112548-m.zip|121118112548-m.list (x added to disable the link)
PROCESS: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
INFECTION: JS:ScriptSH-inf [Trj]
also, 2 more same as above with, 121114080835, 121205002101
and one same as above with 121125002847 / INFECTION: HTML:Redirector-AE [Trj]

So I uninstalled visicom_antiphishing.exe by Panda and warnings stopped, as was suggested somewhere. But does this mean they are gone/ were never an actual threat?