cpu usage 100% [Archive] - Safer-Networking Forums

yukukuhi

2013-06-03, 15:45

I think my pc is infected with malware. please help

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
Run by Sai SGK at 18:55:19 on 2013-06-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3255.2156 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Users\Sai SGK\AppData\Roaming\Adobe\Flash Player\SpeedCache\mpchc64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sai SGK\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tuvaro.com/ws/?source=536c75e7&tbp=homepage&toolbarid=base&u=64d260000000000000006c626d4939de
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [SpeedUpSystem] wscript "c:\users\sai sgk\appdata\roaming\adobe\flash player\speedcache\afile.vbs" "c:\users\sai sgk\appdata\roaming\adobe\flash player\speedcache\aso.bat"
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [BATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe
mRun: [HP Remote Solution] c:\program files\hewlett-packard\hp remote solution\HP_Remote_Solution.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averhi~1.lnk - c:\program files\common files\avermedia\averquick\AVerHIDReceiver.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{65761BBB-314C-497C-B341-7373BFF88A84} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{95278B9B-CEB4-41F9-8410-767709D61073} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\vc9kd8ly.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-05-18 16:51; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\vc9kd8ly.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-06-01 09:53; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\vc9kd8ly.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-06-03 17:26; fdm_ffext@freedownloadmanager.org; c:\program files\free download manager\firefox\Extension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 64d260000000000000006c626d4939de
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15843
FF - user.js: extensions.delta.vrsn - 1.8.21.0
FF - user.js: extensions.delta.vrsni - 1.8.21.0
FF - user.js: extensions.delta.vrsnTs - 1.8.21.018:05:38
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119816&tt=gc_170513_18210
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.tuvaro.hpOld0 -
FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=536c75e7&tbp=main&toolbarid=base&u=64d260000000000000006c626d4939de&q=
FF - user.js: extensions.tuvaro.id - 64d260000000000000006c626d4939de
FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
FF - user.js: extensions.tuvaro.instlDay - 15847
FF - user.js: extensions.tuvaro.vrsn - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsni - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.39:48:06
FF - user.js: extensions.tuvaro.prtnrId - tuvaro
FF - user.js: extensions.tuvaro.prdct - tuvaro
FF - user.js: extensions.tuvaro.aflt - orgnl
FF - user.js: extensions.tuvaro.smplGrp - none
FF - user.js: extensions.tuvaro.tlbrId - base
FF - user.js: extensions.tuvaro.instlRef - 536c75e7
FF - user.js: extensions.tuvaro.dfltLng -
FF - user.js: extensions.tuvaro.excTlbr - false
FF - user.js: extensions.tuvaro.ffxUnstlRst - false
FF - user.js: extensions.tuvaro.admin - false
FF - user.js: extensions.tuvaro.cam -
FF - user.js: extensions.tuvaro.autoRvrt - false
FF - user.js: extensions.tuvaro.rvrt - false
FF - user.js: extensions.tuvaro.hmpg - true
FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=536c75e7&tbp=homepage&toolbarid=base&u=64d260000000000000006c626d4939de
FF - user.js: extensions.tuvaro.dfltSrch - true
FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=536c75e7&tbp=url&toolbarid=base&u=64d260000000000000006c626d4939de&q=
FF - user.js: extensions.tuvaro.dnsErr - true
FF - user.js: extensions.tuvaro.newTab - true
FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=536c75e7&tbp=tab&u=64d260000000000000006c626d4939de
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2013-5-11 348160]
R2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2013-5-11 389120]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC.sys [2009-8-21 461952]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [2013-5-11 314752]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [2013-5-11 32896]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\drivers\AVer888RCIR.sys [2009-8-21 33280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-21 189440]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-5-20 599040]
S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-9-17 20848]
.
=============== Created Last 30 ================
.
2013-06-03 11:56:04 -------- d-----w- c:\users\sai sgk\appdata\roaming\Free Download Manager
2013-06-03 09:15:23 -------- d-----w- c:\users\sai sgk\appdata\roaming\Malwarebytes
2013-06-03 09:15:11 -------- d-----w- c:\programdata\Malwarebytes
2013-06-03 09:15:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-03 09:15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-01 04:12:30 -------- d-----w- c:\programdata\IDM
2013-06-01 04:12:29 -------- d-----w- c:\users\sai sgk\appdata\roaming\DMCache
2013-05-30 11:16:37 -------- d-----w- c:\users\sai sgk\appdata\roaming\FlashgetSetup
2013-05-30 11:16:37 -------- d-----w- c:\users\sai sgk\appdata\roaming\BITS
2013-05-30 11:16:29 -------- d-----w- c:\program files\FlashGet Network
2013-05-30 11:11:29 -------- d-----w- C:\Downloads
2013-05-30 11:10:26 -------- d-----w- c:\program files\Free Download Manager
2013-05-26 11:49:39 -------- d-----w- C:\Recorded Videos
2013-05-24 13:43:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-05-24 13:43:19 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-05-24 13:38:01 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-05-24 13:38:01 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-05-24 13:38:01 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-05-24 13:38:01 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-05-24 13:38:01 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-05-24 13:26:06 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-24 13:26:06 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-24 13:26:06 158720 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-24 13:20:09 801792 ----a-w- c:\windows\system32\FntCache.dll
2013-05-24 13:20:09 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-24 13:20:09 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-05-24 13:20:09 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2013-05-24 13:20:09 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-05-24 13:20:08 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-24 13:20:08 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-24 13:20:08 3181568 ----a-w- c:\windows\system32\mf.dll
2013-05-24 13:20:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-24 13:20:08 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-05-24 13:20:08 107520 ----a-w- c:\windows\system32\cdd.dll
2013-05-24 13:12:46 -------- d-----w- c:\program files\MSXML 4.0
2013-05-24 12:55:10 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-05-24 12:54:54 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-05-24 12:54:52 285696 ----a-w- c:\windows\system32\winlogon.exe
2013-05-24 12:54:52 2614272 ----a-w- c:\windows\explorer.exe
2013-05-24 12:53:37 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-24 12:53:37 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-05-24 12:53:37 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-05-24 12:52:52 826368 ----a-w- c:\windows\system32\rdpcore.dll
2013-05-24 12:52:52 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-05-24 12:52:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-05-24 12:51:49 1034240 ----a-w- c:\windows\system32\mstsc.exe
2013-05-24 12:50:58 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-05-24 12:50:58 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-05-24 12:49:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-05-24 12:49:36 316928 ----a-w- c:\windows\system32\spoolsv.exe
2013-05-24 12:49:16 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-05-24 12:47:36 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-05-24 12:46:38 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-05-24 12:46:37 67584 ----a-w- c:\windows\system32\asycfilt.dll
2013-05-24 12:46:36 768512 ----a-w- c:\windows\system32\localspl.dll
2013-05-24 12:46:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-05-24 12:46:35 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-05-24 12:46:32 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-05-24 12:46:31 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2013-05-24 12:46:31 1413632 ----a-w- c:\windows\system32\ole32.dll
2013-05-24 12:46:30 516096 ----a-w- c:\program files\windows mail\wab.exe
2013-05-24 12:46:30 132608 ----a-w- c:\windows\system32\cabview.dll
2013-05-24 12:46:30 109056 ----a-w- c:\windows\system32\t2embed.dll
2013-05-24 12:46:29 82944 ----a-w- c:\windows\system32\iccvid.dll
2013-05-24 12:46:29 197632 ----a-w- c:\windows\system32\ir32_32.dll
2013-05-24 12:44:41 292864 ----a-w- c:\windows\system32\apphelp.dll
2013-05-24 12:42:34 850432 ----a-w- c:\windows\system32\sbe.dll
2013-05-24 12:42:34 642048 ----a-w- c:\windows\system32\CPFilters.dll
2013-05-24 12:42:34 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2013-05-24 12:42:04 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-05-24 12:42:04 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-24 12:41:52 541184 ----a-w- c:\windows\system32\kerberos.dll
2013-05-24 12:41:36 41472 ----a-w- c:\windows\system32\browcli.dll
2013-05-24 12:41:36 102912 ----a-w- c:\windows\system32\browser.dll
2013-05-24 12:41:35 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-05-24 12:41:35 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2013-05-24 12:41:35 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2013-05-24 12:41:35 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-05-24 12:41:34 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-05-24 12:41:34 67072 ----a-w- c:\windows\system32\packager.dll
2013-05-24 12:41:33 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-05-24 12:41:32 738816 ----a-w- c:\windows\system32\wmpmde.dll
2013-05-24 12:39:54 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-05-23 12:56:56 -------- d-----w- c:\users\sai sgk\appdata\roaming\Auslogics
2013-05-23 12:56:55 -------- d-----w- c:\program files\Auslogics
2013-05-23 04:25:29 -------- d-----w- c:\users\sai sgk\appdata\roaming\BitTorrent
2013-05-22 04:21:24 -------- d-----w- c:\users\sai sgk\appdata\roaming\uTorrent
2013-05-22 04:18:13 -------- d-----w- c:\users\sai sgk\appdata\local\CRE
2013-05-22 04:18:03 -------- d-----w- c:\program files\Conduit
2013-05-22 04:18:02 -------- d-----w- c:\users\sai sgk\appdata\local\Conduit
2013-05-22 04:15:10 -------- d-----w- c:\users\sai sgk\appdata\local\Google
2013-05-22 04:03:58 -------- d-----w- c:\users\sai sgk\appdata\local\sabnzbd
2013-05-21 13:21:41 -------- d-----w- c:\users\sai sgk\appdata\roaming\.BitTornado
2013-05-21 13:21:09 -------- d-----w- c:\program files\BitTornado
2013-05-20 13:15:41 -------- d-----w- c:\program files\MPC-HC
2013-05-20 05:21:13 -------- d-----w- c:\users\sai sgk\appdata\roaming\Visan
2013-05-20 05:18:08 -------- d-----w- c:\programdata\Visan
2013-05-20 04:50:48 -------- d-----w- c:\programdata\HP Photo Creations
2013-05-20 04:50:48 -------- d-----w- c:\program files\HP Photo Creations
2013-05-20 04:50:45 -------- d-----w- c:\program files\Coupons
2013-05-20 04:50:19 273256 ------w- c:\windows\system32\HPDiscoPM9311.dll
2013-05-20 04:48:51 -------- d-----w- c:\users\sai sgk\appdata\local\HP
2013-05-19 13:00:34 -------- d-----w- c:\users\sai sgk\appdata\local\Macromedia
2013-05-19 12:48:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 12:48:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-18 12:37:00 -------- d-----w- c:\users\sai sgk\appdata\local\Bundled software uninstaller
2013-05-18 12:34:47 -------- d-----w- c:\users\sai sgk\appdata\roaming\Babylon
2013-05-18 12:34:47 -------- d-----w- c:\programdata\Babylon
2013-05-18 11:26:47 -------- d-----w- c:\program files\VirtualDub
2013-05-17 11:29:02 -------- d-----w- c:\users\sai sgk\appdata\roaming\foobar2000
2013-05-17 11:28:57 -------- d-----w- c:\program files\foobar2000
2013-05-15 12:31:35 -------- d-----w- c:\users\sai sgk\appdata\roaming\VideoReDo-TVSuite4
2013-05-15 12:31:35 -------- d-----w- c:\program files\VideoReDoTVSuite4
2013-05-15 12:28:53 -------- d-----w- c:\users\sai sgk\appdata\roaming\AccurateRip
2013-05-15 12:27:57 4779592 ----a-w- c:\windows\system32\SpoonUninstall.exe
2013-05-15 12:27:46 -------- d-----w- c:\program files\Illustrate
2013-05-14 13:24:44 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-14 13:24:44 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-14 13:24:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-14 13:13:09 -------- d-----w- c:\program files\aMule
2013-05-14 12:59:05 -------- d-----w- c:\users\sai sgk\appdata\roaming\aMule
2013-05-14 03:55:18 -------- d-----w- c:\program files\AvsP
2013-05-14 03:54:35 -------- d-----w- c:\program files\AviSynth 2.5
2013-05-13 13:44:43 -------- d-----w- c:\users\sai sgk\appdata\roaming\AVG2013
2013-05-13 13:44:07 -------- d-----w- c:\users\sai sgk\appdata\roaming\TuneUp Software
2013-05-13 13:43:55 -------- d--h--w- C:\$AVG
2013-05-13 13:43:55 -------- d-----w- c:\programdata\AVG2013
2013-05-13 13:43:36 -------- d-----w- c:\program files\AVG
2013-05-13 13:35:15 -------- d--h--w- c:\programdata\Common Files
2013-05-13 13:35:15 -------- d-----w- c:\users\sai sgk\appdata\local\MFAData
2013-05-13 13:35:15 -------- d-----w- c:\users\sai sgk\appdata\local\Avg2013
2013-05-13 13:35:15 -------- d-----w- c:\programdata\MFAData
2013-05-13 13:34:33 -------- d-----w- c:\program files\VideoLAN
2013-05-13 13:33:09 178688 ----a-w- c:\windows\system32\unrar.dll
2013-05-13 12:26:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-05-13 12:26:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-05-13 12:26:13 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-05-13 12:26:13 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-12 10:55:31 -------- d-----w- c:\users\sai sgk\appdata\local\Microsoft Games
2013-05-12 10:20:48 -------- d-----w- c:\users\sai sgk\appdata\local\Programs
2013-05-12 06:01:37 22944 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
2013-05-12 06:00:41 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-05-12 06:00:29 -------- d-----w- c:\users\sai sgk\appdata\roaming\hpqLog
2013-05-12 06:00:16 -------- d-----w- C:\swsetup
2013-05-12 05:42:46 -------- d-----w- c:\users\sai sgk\appdata\roaming\HP Support Assistant
2013-05-12 05:42:45 -------- d-----w- c:\users\sai sgk\appdata\roaming\HpUpdate
2013-05-12 05:36:33 -------- d-----w- c:\users\sai sgk\appdata\local\Adobe
2013-05-12 05:35:07 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2013-05-11 10:44:12 -------- d-----w- c:\programdata\AVerTV
2013-05-11 10:44:05 -------- d-----w- c:\users\sai sgk\appdata\local\AVerMedia
2013-05-11 04:34:24 -------- d-----w- c:\users\sai sgk\appdata\local\CyberLink
2013-05-11 04:34:23 -------- d-----w- c:\users\sai sgk\appdata\local\PowerCinema
2013-05-11 04:28:13 -------- d-----w- C:\New Folder
2013-05-11 04:05:01 -------- d-----w- c:\program files\PowerISO
2013-05-11 00:22:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2013-05-11 00:22:54 507568 ----a-w- c:\windows\system32\winload.exe
2013-05-11 00:22:54 442920 ----a-w- c:\windows\system32\winresume.exe
2013-05-11 00:22:37 257024 ----a-w- c:\windows\system32\msv1_0.dll
2013-05-11 00:22:32 34816 ----a-w- c:\windows\system32\msasn1.dll
2013-05-11 00:22:13 -------- d--h--w- C:\hp
2013-05-11 00:22:12 -------- d-----w- c:\windows\system32\OEM
2013-05-11 00:22:12 -------- d-----w- c:\windows\Panther
2013-05-10 13:28:30 24576 ----a-w- c:\windows\system32\cxtvrate.dll
2013-05-10 13:28:30 18432 ----a-w- c:\windows\system32\cpnotify.ax
2013-05-10 13:28:30 -------- d-----w- c:\windows\Driver Cache
2013-05-10 13:17:10 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{606a50d8-1396-4aef-bf21-01baf06e2c2c}\mpengine.dll
2013-05-10 13:17:07 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-10 13:15:31 -------- d-----w- c:\users\sai sgk\appdata\local\Mozilla
2013-05-10 13:15:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-05-10 12:56:19 -------- d-----w- c:\users\sai sgk\appdata\local\Hewlett-Packard
2013-05-10 11:32:38 -------- d-----w- c:\programdata\Norton
2013-05-10 11:32:19 -------- d-----w- c:\programdata\NortonInstaller
2013-05-10 11:31:03 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-05-10 11:31:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-05-10 11:30:25 -------- d-----w- c:\program files\Microsoft
2013-05-10 11:30:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-05-10 11:29:45 -------- d-----w- c:\windows\PCHEALTH
2013-05-10 11:29:32 74520 ----a-w- c:\program files\common files\windows live\.cache\a49832d51ce4d71\DSETUP.dll
2013-05-10 11:29:32 484632 ----a-w- c:\program files\common files\windows live\.cache\a49832d51ce4d71\DXSETUP.exe
2013-05-10 11:29:32 1670936 ----a-w- c:\program files\common files\windows live\.cache\a49832d51ce4d71\dsetup32.dll
2013-05-10 11:29:16 141402440 ----a-w- c:\program files\common files\windows live\.cache\wlc16AB.tmp
2013-05-10 11:29:10 -------- d-----w- c:\program files\common files\Windows Live
2013-05-10 11:28:46 537248 ----a-w- c:\program files\online services\omnifone\MusicStation.exe
2013-05-10 11:26:14 -------- d-----w- c:\programdata\WildTangent
2013-05-10 11:26:14 -------- d-----w- c:\program files\HP Games
2013-05-10 11:26:13 -------- d-----r- c:\program files\Online Services
2013-05-10 11:21:57 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2013-05-10 11:21:57 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2013-05-10 11:21:57 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2013-05-10 11:21:57 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2013-05-10 11:21:57 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2013-05-10 11:21:57 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2013-05-10 11:21:57 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2013-05-10 11:16:59 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-10 11:16:47 -------- d-----w- c:\program files\PC-Doctor for Windows
2013-05-10 11:14:51 -------- d---a-w- c:\program files\common files\LS Getting Started
2013-05-10 11:08:01 -------- d-----w- c:\program files\PlayReady
2013-05-10 11:06:40 831488 ----a-w- c:\windows\RtlExUpd.dll
2013-05-10 11:06:40 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2013-05-10 11:06:40 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2013-05-10 11:06:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2013-05-10 11:06:40 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-05-10 11:06:40 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2013-05-10 11:06:40 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2013-05-10 11:06:40 -------- d--h--w- c:\program files\Temp
2013-05-10 11:06:39 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2013-05-10 11:06:39 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2013-05-10 11:05:48 -------- d-----w- c:\windows\system32\wbem\Performance
2013-05-10 11:05:37 -------- d-----w- c:\windows\system32\AGEIA
2013-05-10 11:05:34 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-05-10 11:04:14 -------- dc-h--w- c:\programdata\{D441869F-BEC4-446D-9888-C5CA29F160F9}
2013-05-10 11:02:36 -------- d-----w- c:\program files\hp
2013-05-10 11:01:38 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2013-05-10 10:59:58 -------- d-sh--w- c:\windows\Installer
2013-05-10 10:56:38 584296 ----a-w- c:\windows\system32\nvuninst.exe
2013-05-10 10:56:03 -------- d-----w- c:\program files\Realtek
2013-05-10 10:56:02 -------- d-----w- c:\windows\system32\RTCOM
.
==================== Find3M ====================
.
2013-04-25 15:00:16 5041848 ----a-w- c:\users\sai sgk\appdata\roaming\idman615f.exe
2013-04-12 13:58:11 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-28 21:23:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-20 21:38:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-19 05:06:09 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:54:22 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:50:03 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 18:55:40.49 ===============

shelf life

2013-06-17, 01:17

hi,

Sorry for the delay. If you still help simply reply back and we will check for any potential malware.

yukukuhi

2013-06-17, 14:35

thank you,
please help.

shelf life

2013-06-18, 00:03

Using explorer look in this path,

c:\users\sai sgk\appdata\roaming\adobe\flash player\speedcache\afile.vbs

or copy/paste: in the search Window after clicking on the start orb:
c:\users\sai sgk\appdata\roaming

Delete the entire adobe folder. If it gives you problems then you can try this;

During a computer restart tap the f8 key. At the options menu chose the first option: safe mode
Log into your normal account. Try deleting the above folder in Safe mode. Reboot normally afterwards.
---------------------------------------------------------

Next get a copy of Malwarebytes:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

-------------------------------------------------------------

Also you run Malwarebytes, get one more tool:

Please download JRT.exe (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Double Right click the icon and "run as admin"
The tool will open and start scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

Please post the Malwarebytes log and the JRT log in your reply.

yukukuhi

2013-06-20, 06:12

mbam log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.19.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Sai SGK :: SHIRDISAIBABA [administrator]

19-06-2013 17:26:54
mbam-log-2013-06-19 (17-26-54).txt

Scan type: Full scan (C:\|D:\|V:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354595
Time elapsed: 34 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Sai SGK on 19-06-2013 at 18:11:21.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289075
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{082228E7-1975-47D6-B393-56B10156AA55}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3D54E69F-98A9-46A5-ACEC-6CFED697A08D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{587A4289-5A0D-69FD-DF41-7205A86FD8F3}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\Sai SGK\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Sai SGK\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Sai SGK\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Sai SGK\AppData\Roaming\mozilla\firefox\profiles\hab2nhw4.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19-06-2013 at 18:12:31.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

shelf life

2013-06-20, 23:40

ok thanks for the info. Malwarebytes log cant look any better. Did you manage to get that adobe folder deleted? Hows the CPU usage? We will get two more downloads to use. The first is similar to JRT in what it does:

Please download Adwcleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Right click and select run as admin.
Click on the Search button. After the scan a log file will open.
Close the log file and click the delete button.
Machine will reboot and on start up show a log.
Copy and paste the contents of this log in your reply.
You can also find the logs at C:\AdwCleaner[R1].txt [R2].txt etc as well

After the above you can get combofix. It requires that you read a short guide first before you use it. Read through the guide then apply the directions on your own machine. Please post the adwcleaner log and the combofix log in your reply.
Guide to using: Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

yukukuhi

2013-06-22, 13:33

AdwCleaner logs

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 12:09:54
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Sai SGK - SHIRDISAIBABA
# Boot Mode : Normal
# Running from : C:\Users\Sai SGK\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\safe saave
Folder Found : C:\Users\Sai SGK\AppData\Local\Bundled software uninstaller
Folder Found : C:\Users\Sai SGK\AppData\Roaming\Mysearchdial

***** [Registry] *****

Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKLM\SOFTWARE\5d28adbb23cec41
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119816&tt=gc_170513_18210&babsrc=NT_ss&mntrId=64D26C626D4939DE
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir=

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2266 octets] - [22/06/2013 12:09:54]

########## EOF - C:\AdwCleaner[R1].txt - [2326 octets] ##########

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 12:11:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Sai SGK - SHIRDISAIBABA
# Boot Mode : Normal
# Running from : C:\Users\Sai SGK\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\safe saave
Folder Deleted : C:\Users\Sai SGK\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Sai SGK\AppData\Roaming\Mysearchdial

***** [Registry] *****

Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKLM\SOFTWARE\5d28adbb23cec41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119816&tt=gc_170513_18210&babsrc=NT_ss&mntrId=64D26C626D4939DE --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir= --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2395 octets] - [22/06/2013 12:09:54]
AdwCleaner[S1].txt - [2473 octets] - [22/06/2013 12:11:32]

########## EOF - C:\AdwCleaner[S1].txt - [2533 octets] ##########

combofix logs

ComboFix 13-06-22.01 - Sai SGK 22-06-2013 16:43:57.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3255.2342 [GMT 5.5:30]
Running from: c:\users\Sai SGK\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-22 11:17 . 2013-06-22 11:17 -------- d-----w- c:\users\USER~1.AVE\AppData\Local\temp
2013-06-22 11:17 . 2013-06-22 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-19 12:41 . 2013-06-19 12:41 -------- d-----w- c:\windows\ERUNT
2013-06-19 12:40 . 2013-06-19 12:40 -------- d-----w- C:\JRT
2013-06-17 14:11 . 2013-06-17 14:11 -------- d-----w- c:\programdata\TuneUp Software
2013-06-17 14:11 . 2013-06-17 14:11 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-17 13:54 . 2013-06-18 06:02 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\uploading.com
2013-06-17 13:53 . 2013-06-17 13:53 -------- d-----w- c:\program files\UploadingDesktop
2013-06-17 06:13 . 2013-06-17 06:13 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-06-16 12:53 . 2013-06-16 12:53 -------- d-----w- c:\programdata\StarApp
2013-06-16 12:44 . 2013-06-16 12:44 -------- d-----w- c:\users\Sai SGK\AppData\Local\iexplorer
2013-06-15 05:14 . 2013-06-15 05:14 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\dBpoweramp
2013-06-15 05:01 . 2013-06-15 05:01 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Foxit Software
2013-06-15 05:01 . 2013-06-15 05:01 -------- d-----w- c:\program files\Foxit Software
2013-06-13 04:51 . 2013-06-13 04:51 -------- d-----w- c:\program files\Gabest
2013-06-12 13:00 . 2013-06-12 13:00 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Media Player Classic
2013-06-12 13:00 . 2013-06-12 13:00 -------- d-----w- c:\program files\MPC-HC
2013-06-12 05:49 . 2013-06-12 05:53 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\foobar2000
2013-06-12 05:49 . 2013-06-12 05:49 -------- d-----w- c:\program files\foobar2000
2013-06-11 08:39 . 2013-06-11 12:14 -------- d-----w- c:\program files\Alcohol Soft
2013-06-11 07:28 . 2013-06-11 08:37 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-10 14:14 . 2013-06-10 14:14 -------- d-----w- c:\users\Sai SGK\AppData\Local\Brak_Software
2013-06-10 14:11 . 2013-06-10 14:11 -------- d-----w- c:\program files\Brak Software
2013-06-10 14:11 . 2013-06-10 14:11 -------- d-----w- c:\programdata\Brak Software
2013-06-10 12:35 . 2013-06-10 12:35 -------- d-----w- c:\program files\MKVcleaver
2013-06-10 12:27 . 2013-06-13 04:34 -------- d-----w- c:\users\Sai SGK\MKVCleaver
2013-06-10 11:09 . 2013-06-10 12:34 -------- d-----w- c:\program files\MKVToolNix
2013-06-10 09:04 . 2013-06-10 09:04 -------- d-----w- c:\users\Sai SGK\AppData\Local\DVDVideoSoft_Ltd
2013-06-10 08:52 . 2013-06-10 09:02 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\DVDVideoSoft
2013-06-10 08:52 . 2013-06-10 08:54 -------- d-----w- c:\program files\DVDVideoSoft
2013-06-10 08:52 . 2013-06-10 08:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-06-08 10:46 . 2013-06-08 10:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2013-06-08 10:46 . 2013-06-08 10:51 -------- d-----w- c:\program files\Winamp
2013-06-08 03:17 . 2013-06-08 03:17 -------- d-----w- c:\program files\ConvertHelper
2013-06-07 15:14 . 2013-06-07 15:14 -------- d-----w- c:\users\Sai SGK\AppData\Local\Diagnostics
2013-06-07 11:11 . 2013-06-22 06:52 -------- d-----w- c:\users\Sai SGK\dwhelper
2013-06-05 08:57 . 2013-06-05 08:57 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\ProgSense
2013-06-05 08:57 . 2013-06-05 08:57 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\GrabPro
2013-06-05 08:55 . 2013-06-05 13:00 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Orbit
2013-06-03 13:24 . 2013-06-03 13:24 -------- d-----w- c:\program files\ERUNT
2013-06-03 13:18 . 2013-06-03 13:18 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\CyberLink
2013-06-03 13:17 . 2013-06-03 13:17 -------- d-----w- c:\users\Public\CyberLink
2013-06-03 11:56 . 2013-06-22 10:59 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Free Download Manager
2013-06-03 09:15 . 2013-06-03 09:15 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Malwarebytes
2013-06-03 09:15 . 2013-06-03 09:15 -------- d-----w- c:\programdata\Malwarebytes
2013-06-03 09:15 . 2013-06-03 09:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-03 09:15 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-02 04:57 . 2013-06-17 05:56 -------- d-----w- c:\program files\Google
2013-06-01 12:48 . 2013-06-01 12:48 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Template
2013-06-01 04:12 . 2013-06-01 04:12 -------- d-----w- c:\programdata\IDM
2013-06-01 04:12 . 2013-06-03 11:49 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\DMCache
2013-05-30 11:16 . 2013-06-05 07:25 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\FlashgetSetup
2013-05-30 11:16 . 2013-06-05 07:24 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\BITS
2013-05-30 11:16 . 2013-05-30 11:16 -------- d-----w- c:\program files\FlashGet Network
2013-05-30 11:11 . 2013-06-22 10:57 -------- d-----w- C:\Downloads
2013-05-30 11:10 . 2013-06-03 11:56 -------- d-----w- c:\program files\Free Download Manager
2013-05-26 11:49 . 2013-06-22 05:55 -------- d-----w- C:\Recorded Videos
2013-05-24 13:43 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-05-24 13:43 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-05-24 13:38 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-05-24 13:38 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-05-24 13:38 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-05-24 13:38 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-05-24 13:38 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-05-24 13:26 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-24 13:26 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-24 13:26 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-24 13:20 . 2013-05-24 13:20 801792 ----a-w- c:\windows\system32\FntCache.dll
2013-05-24 13:20 . 2013-05-24 13:20 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-24 13:20 . 2013-05-24 13:20 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-05-24 13:20 . 2013-05-24 13:20 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2013-05-24 13:20 . 2013-05-24 13:20 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-05-24 13:20 . 2013-05-24 13:20 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-24 13:20 . 2013-05-24 13:20 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-24 13:20 . 2013-05-24 13:20 3181568 ----a-w- c:\windows\system32\mf.dll
2013-05-24 13:20 . 2013-05-24 13:20 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-24 13:20 . 2013-05-24 13:20 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-05-24 13:20 . 2013-05-24 13:20 107520 ----a-w- c:\windows\system32\cdd.dll
2013-05-24 13:12 . 2013-05-24 13:12 -------- d-----w- c:\program files\MSXML 4.0
2013-05-24 12:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-05-24 12:54 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-05-24 12:54 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2013-05-24 12:54 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2013-05-24 12:53 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-05-24 12:53 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-05-24 12:53 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-24 12:52 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2013-05-24 12:52 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-05-24 12:52 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-05-24 12:51 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2013-05-24 12:50 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-05-24 12:50 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-05-24 12:49 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-05-24 12:49 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2013-05-24 12:49 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-05-24 12:47 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-05-24 12:46 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-05-24 12:46 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2013-05-24 12:46 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-05-24 12:46 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2013-05-24 12:46 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-05-24 12:46 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-05-24 12:46 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2013-05-24 12:46 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2013-05-24 12:46 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2013-05-24 12:46 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2013-05-24 12:46 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2013-05-24 12:46 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2013-05-24 12:46 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2013-05-24 12:44 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2013-05-24 12:42 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2013-05-24 12:42 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2013-05-24 12:42 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2013-05-24 12:42 . 2013-01-04 04:55 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-24 12:42 . 2013-01-04 04:55 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-05-24 12:41 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll
2013-05-24 12:41 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2013-05-24 12:41 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2013-05-24 12:41 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2013-05-24 12:41 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-05-24 12:41 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-05-24 12:41 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2013-05-24 12:41 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2013-05-24 12:41 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-05-24 12:41 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 06:58 . 2013-05-15 12:27 485240 ----a-w- c:\windows\system32\SpoonUninstall.exe
2013-05-19 12:48 . 2013-05-19 12:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 12:48 . 2013-05-19 12:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 13:24 . 2013-05-14 13:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-14 13:24 . 2013-05-14 13:24 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-14 13:24 . 2013-05-14 13:24 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-01 20:36 . 2013-05-10 13:17 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 15:00 . 2013-04-25 15:00 5041848 ----a-w- c:\users\Sai SGK\AppData\Roaming\idman615f.exe
2013-04-17 01:01 . 2013-05-10 13:17 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{606A50D8-1396-4AEF-BF21-01BAF06E2C2C}\mpengine.dll
2013-03-28 21:23 . 2013-03-28 21:23 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 13797992]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 567864]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 78832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
c:\users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
bm.lnk - c:\users\Sai SGK\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [2013-5-29 74075]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2013-5-11 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2013-5-11 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-05-13 4937264]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-05-19 599040]
R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-09-17 20848]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-02-07 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-02-07 245048]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-02-07 39224]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-03-28 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-02-07 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-20 182072]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-22 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-04-17 283136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC.sys [2009-08-21 461952]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2009-08-05 314752]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2009-08-05 32896]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR.sys [2009-08-21 33280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-21 189440]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-20 05:19]
.
2013-06-17 c:\windows\Tasks\HPCeeScheduleForSai SGK.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 16:45]
.
2013-05-10 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 06:58]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\
FF - ExtSQL: 2013-06-17 17:06; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-06-22 12:21; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpeedUpSystem - wscript c:\users\Sai SGK\AppData\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-{A65B9658-9F5E-E221-B44E-55FD548E6EEB} - c:\progra~2\INSTAL~1\{C225C~1\Setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5600)
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
Completion time: 2013-06-22 16:48:17
ComboFix-quarantined-files.txt 2013-06-22 11:18
.
Pre-Run: 114,598,416,384 bytes free
Post-Run: 114,812,633,088 bytes free
.
- - End Of File - - 545E663555270865D2613219A9B5A895
18820D9F5CA638E16DD9D90D1B1041C3

shelf life

2013-06-23, 01:21

JRT and Adwcleaner removed a lot of garbage, namely toolbars which can be resource hogs. Hows the CPU usage now?

yukukuhi

2013-06-25, 15:38

the cpu usage is normal now, but sometimes the mouse pointer slows a bit and becomes normal after few seconds. please help.

shelf life

2013-06-25, 23:19

Take a look at this. (http://www.helpwithpcs.com/maintenance/mouse_problem_maintenance.htm)
Also read (http://www.pcdecrapifier.com/) this and see if its something you want to try. Its free for personal use.
Also rescan and post a new DDS log.