CPU stays at 100% - virus / worm ? Pls Help!

**sanjupan** · 2011-11-27, 05:24

My CPU is going 100% with sometimes WMIPrvSE.exe and sometimes svchost.exe on 100%. Not sure whats happening. Some googling suggested worm / virus may be infecting.

Please help at your convenience.
Attaching DDS log and attach.log.zip

Thanks a lot..

Sanjupan

---------------------------------------------------------------
DDS LOG
---------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Sanjana at 23:16:18 on 2011-11-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2005 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\DllHost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Google Update] "c:\users\sanjana\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PDF Converter Elite Print Dispatcher] c:\program files\pdfconverter.com\pdf converter elite\2009\pcSONPrnDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: barcap.com\connect
Trusted Zone: google.com
Trusted Zone: google.com\local
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
Trusted Zone: google.com.sg\www
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.barcap.com/workplace/webifiers/wficat.cab
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-rd02.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
TCP: Interfaces\{4BD72912-5353-4380-BBB1-55120742B277} : DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E} : DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D203931313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D213031303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D213131313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\373735563657275646 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\75759514D485 : DhcpNameServer = 64.119.80.100 216.143.135.12 202.156.1.68
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\C696E6B6379737 : DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\E65647765616272333 : DhcpNameServer = 64.119.80.100 216.143.135.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sanjana\appdata\roaming\mozilla\firefox\profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-10-22 109168]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-31 260648]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 122368]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-31 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-31 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-31 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-31 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-12 52224]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-26 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-11-27 03:45:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0d04171c-f28b-4409-99df-70a74dd1b7bb}\offreg.dll
2011-11-27 03:45:18 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0d04171c-f28b-4409-99df-70a74dd1b7bb}\mpengine.dll
2011-11-09 14:14:00 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:13:58 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 14:13:58 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 17:04:32 -------- d-----w- c:\program files\iTunes
2011-11-01 17:04:32 -------- d-----w- c:\program files\iPod
2011-11-01 17:01:48 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-08 09:17:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-08 09:17:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-05 17:01:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 23:16:35.55 ===============

**ken545** · 2011-12-02, 15:42

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

**sanjupan** · 2011-12-04, 08:58

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 02:38:46
-----------------------------
02:38:46.738 OS Version: Windows 6.1.7601 Service Pack 1
02:38:46.738 Number of processors: 2 586 0x170A
02:38:46.739 ComputerName: SANJPC UserName:
02:39:09.479 Initialize success
02:41:42.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:41:42.084 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
02:41:42.111 Disk 0 MBR read successfully
02:41:42.117 Disk 0 MBR scan
02:41:42.124 Disk 0 Windows VISTA default MBR code
02:41:42.133 Disk 0 scanning sectors +488395120
02:41:42.203 Disk 0 scanning C:\Windows\system32\drivers
02:41:53.312 Service scanning
02:41:54.626 Modules scanning
02:42:07.836 Disk 0 trace - called modules:
02:42:07.873 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
02:42:07.877 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87054270]
02:42:07.880 3 CLASSPNP.SYS[8caec59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86659028]
02:42:07.884 Scan finished successfully
02:43:08.191 Disk 0 MBR has been saved successfully to "C:\Data\MalwareRemoval\26Nov2011\MBR.dat"
02:43:08.196 The log file has been saved successfully to "C:\Data\MalwareRemoval\26Nov2011\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 02:45:27
-----------------------------
02:45:27.754 OS Version: Windows 6.1.7601 Service Pack 1
02:45:27.755 Number of processors: 2 586 0x170A
02:45:27.755 ComputerName: SANJPC UserName:
02:45:28.611 Initialize success
02:45:36.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:45:36.373 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
02:45:36.410 Disk 0 MBR read successfully
02:45:36.413 Disk 0 MBR scan
02:45:36.415 Disk 0 Windows VISTA default MBR code
02:45:36.419 Disk 0 scanning sectors +488395120
02:45:36.504 Disk 0 scanning C:\Windows\system32\drivers
02:45:48.223 Service scanning
02:45:49.436 Modules scanning
02:46:02.224 Disk 0 trace - called modules:
02:46:02.261 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
02:46:02.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87054270]
02:46:02.283 3 CLASSPNP.SYS[8caec59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86659028]
02:46:02.295 Scan finished successfully
02:46:12.761 Disk 0 MBR has been saved successfully to "C:\Data\MalwareRemoval\26Nov2011\MBR.dat"
02:46:12.765 The log file has been saved successfully to "C:\Data\MalwareRemoval\26Nov2011\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 02:55:41
-----------------------------
02:55:41.462 OS Version: Windows 6.1.7601 Service Pack 1
02:55:41.462 Number of processors: 2 586 0x170A
02:55:41.463 ComputerName: SANJPC UserName:
02:56:07.425 Initialize success
02:56:13.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:56:13.541 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
02:56:13.578 Disk 0 MBR read successfully
02:56:13.580 Disk 0 MBR scan
02:56:13.582 Disk 0 Windows VISTA default MBR code
02:56:13.600 Disk 0 scanning sectors +488395120
02:56:13.746 Disk 0 scanning C:\Windows\system32\drivers
02:56:31.768 Service scanning
02:56:34.530 Modules scanning
02:57:11.832 Disk 0 trace - called modules:
02:57:11.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
02:57:11.864 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87058030]
02:57:11.875 3 CLASSPNP.SYS[8c9a059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861fd028]
02:57:11.887 Scan finished successfully
02:57:19.538 Disk 0 MBR has been saved successfully to "C:\Data\MalwareRemoval\26Nov2011\MBR.dat"
02:57:19.543 The log file has been saved successfully to "C:\Data\MalwareRemoval\26Nov2011\aswMBR.txt"

**ken545** · 2011-12-04, 10:10

Good Morning,

aswMBR checks for a rootkit and it looks fine. Lets do this

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**sanjupan** · 2011-12-06, 19:41

Thanks.

----------------------------------

ComboFix 11-12-06.01 - Sanjana 12/06/2011 13:11:51.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2152 [GMT -5:00]
Running from: c:\data\MalwareRemoval\26Nov2011\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 18:25 . 2011-12-06 18:25 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-12-06 18:25 . 2011-12-06 18:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-06 18:25 . 2011-12-06 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 18:02 . 2011-12-06 18:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCCBF95-ABD7-4FA2-833D-95D2588EDCF8}\offreg.dll
2011-12-06 18:02 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCCBF95-ABD7-4FA2-833D-95D2588EDCF8}\mpengine.dll
2011-12-03 18:03 . 2011-12-03 18:03 -------- d-----w- c:\users\Sanjana\AppData\Local\IomegaStorageManager
2011-12-03 16:11 . 2011-12-03 16:13 -------- d-----w- c:\program files\Iomega Storage Manager
2011-12-03 16:11 . 2011-12-03 16:11 40960 ----a-r- c:\users\Sanjana\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
2011-12-03 16:11 . 2011-12-03 16:11 -------- d-----w- c:\program files\Iomega
2011-11-09 14:14 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:13 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 14:13 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 17:58 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-08 09:17 . 2006-08-14 16:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-08 09:17 . 2006-08-14 16:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-05 17:01 . 2011-07-27 17:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 16:44 . 2011-07-27 17:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PDF Converter Elite Print Dispatcher"="c:\program files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe" [2009-11-13 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-10-08 273528]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 PCloudd;PCloudd;c:\program files\Iomega Storage Manager\pCloudd.exe [2011-02-17 206336]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
.
2011-10-24 c:\windows\Tasks\Norton Security Scan for Sanjana.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: barcap.com\connect
Trusted Zone: google.com
Trusted Zone: google.com\local
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
Trusted Zone: google.com.sg\www
TCP: DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 12.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1180)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-12-06 13:28:33
ComboFix-quarantined-files.txt 2011-12-06 18:28
ComboFix2.txt 2011-02-06 23:01
ComboFix3.txt 2011-02-04 04:10
ComboFix4.txt 2010-09-25 05:31
.
Pre-Run: 105,962,242,048 bytes free
Post-Run: 107,599,912,960 bytes free
.
- - End Of File - - D2F69094DB2DBE5E540DF88FD5DEE621

**ken545** · 2011-12-06, 22:35

It looks like you have run Combofix many times before, its a very powerful tool, lets hope you did not damage anything.

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**ken545** · 2011-12-11, 13:22

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Edit
New topic:http://forums.spybot.info/showthread.php?t=64632

Thread: CPU stays at 100% - virus / worm ? Pls Help!

Thread Tools

Display

CPU stays at 100% - virus / worm ? Pls Help!

Logs attached

combofix logs

Posting Permissions