Multiple svchost.exe taking up most resources. Random Windows disconnect sound.

[EvilRev]

I keep hearing the windows usb disconnect sound twice in a row once every hour or so. It will not stop even when i reinstall windows. The computer was not doing this when i first got it. Here are the logs...

DDS Log

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 22:30:44 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8143.5996 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Games\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AEB50B75-BCF4-46A5-B126-1F19924C3192} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.msn.com
x64-mDefault_Page_URL = hxxp://www.msn.com
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-12-2 565528]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-30 23832]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-31 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-31 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-31 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121106.001\IDSviA64.sys [2012-11-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-31 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-31 405624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-9-23 65192]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-31 138272]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-10-30 123320]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-30 1258856]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-10-30 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-30 138912]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-10-30 56600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-30 677480]
R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-05 17:52:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-01 05:47:16 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-11-01 05:47:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-11-01 05:47:16 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-11-01 02:18:00 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys
2012-11-01 02:18:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys
2012-11-01 02:18:00 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys
2012-11-01 02:18:00 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys
2012-11-01 02:18:00 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys
2012-11-01 02:18:00 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys
2012-11-01 02:18:00 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys
2012-11-01 02:17:54 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009
2012-10-31 17:29:06 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-10-31 17:29:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-10-31 17:29:06 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-10-31 17:29:05 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-10-31 17:29:05 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-10-31 07:50:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-31 07:49:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-10-31 07:48:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-10-31 07:48:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-10-31 07:48:10 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-10-31 07:48:10 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-10-31 07:48:07 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-10-31 07:48:07 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-10-31 07:48:07 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-10-31 07:48:07 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-10-31 07:48:01 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-10-31 07:46:56 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-10-31 07:46:55 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-10-31 07:46:36 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-10-31 07:46:28 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-10-31 07:46:28 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-10-31 07:46:20 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-10-31 07:46:20 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-10-31 07:45:57 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-10-31 07:45:50 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-10-31 07:45:39 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-10-31 07:45:39 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-10-31 07:45:39 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-10-31 07:45:39 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-10-31 07:45:32 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-10-31 07:45:32 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-10-31 07:44:07 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-10-31 07:44:07 67072 ----a-w- C:\Windows\splwow64.exe
2012-10-31 07:44:07 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-10-31 07:44:07 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-10-31 07:43:38 77312 ----a-w- C:\Windows\System32\packager.dll
2012-10-31 07:43:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-10-31 01:05:17 -------- d-----w- C:\Program Files (x86)\Datel
2012-10-31 00:40:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-10-31 00:39:58 54200 ----a-w- C:\Windows\System32\drivers\dsiarhwprog_x64.sys
2012-10-30 23:40:50 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-10-30 23:40:50 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-10-30 23:39:13 -------- d-----w- C:\ProgramData\Battle.net
2012-10-30 23:07:42 -------- d-----w- C:\Users\Brandon\AppData\Local\CrashDumps
2012-10-30 22:37:39 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-10-30 22:36:30 111960 ----a-w- C:\Windows\dxsdkuninst.exe
2012-10-30 22:36:30 -------- d-----w- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)
2012-10-30 21:53:10 -------- d-----w- C:\Users\Brandon\AppData\Local\Adobe
2012-10-30 21:52:28 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-10-30 21:48:56 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-10-30 21:48:53 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-10-30 21:10:43 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-10-30 20:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-10-30 20:09:15 -------- d-----r- C:\Games
2012-10-30 19:26:53 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-30 19:26:53 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-30 19:26:53 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-30 19:26:53 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-30 19:26:53 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-30 19:26:53 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-30 19:26:53 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-30 19:25:43 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2012-10-30 19:25:43 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-10-30 19:24:34 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-10-30 19:24:29 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-10-30 19:24:29 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-10-30 19:17:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-10-30 19:17:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-10-30 19:17:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-10-30 19:14:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-10-30 19:14:25 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-10-30 19:14:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-10-30 19:14:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-10-30 19:08:15 -------- d-----w- C:\Program Files (x86)\ASUS
2012-10-30 19:07:13 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-10-30 19:06:11 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-10-30 19:06:11 677480 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-10-30 19:06:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-10-30 19:05:21 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2012-10-30 19:05:08 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-10-30 19:04:58 56600 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-10-30 19:02:58 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Intel Corporation
2012-10-30 18:59:59 81248 ----a-w- C:\Windows\System32\SFCOM64.dll
2012-10-30 18:54:19 23832 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2012-10-30 18:51:19 -------- d-----w- C:\Windows\AsusInstAll
2012-10-30 18:49:24 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-10-30 18:47:59 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2012-10-30 18:43:53 -------- d-----w- C:\Users\Brandon\AppData\Local\Google
2012-10-30 18:42:23 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-10-30 18:42:23 -------- d-----w- C:\Program Files\Symantec
2012-10-30 18:42:23 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-10-30 18:41:25 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-10-30 18:41:24 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-10-30 18:39:09 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\02000F0.060
2012-10-30 18:39:09 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64
2012-10-30 18:39:08 -------- d-----w- C:\ProgramData\Norton
2012-10-30 18:39:08 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
2012-10-30 18:39:04 -------- d-----w- C:\ProgramData\NortonInstaller
2012-10-30 18:39:04 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-10-30 18:27:18 -------- d-----w- C:\Users\Brandon\AppData\Local\Diagnostics
2012-10-30 18:26:55 -------- d-----w- C:\Users\Brandon\AppData\Local\ElevatedDiagnostics
2012-10-30 18:19:04 -------- d-----w- C:\Users\Brandon\AppData\Local\VirtualStore
2012-10-16 23:03:05 -------- d-sh--w- C:\Recovery
2012-10-11 01:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 01:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 01:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 01:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 01:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 01:22:24 364904 ----a-w- C:\Windows\System32\nvEncodeAPI64.dll
2012-10-11 01:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 01:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 01:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
.
==================== Find3M ====================
.
2012-10-11 01:23:48 247144 ----a-w- C:\Windows\System32\nvinitx.dll
2012-10-02 17:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 22:31:06.65 ===============

aswMBR Log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 22:34:48
-----------------------------
22:34:48.980 OS Version: Windows x64 6.1.7601 Service Pack 1
22:34:48.980 Number of processors: 8 586 0x2D07
22:34:48.980 ComputerName: BLACKPEARL UserName: Brandon
22:34:50.241 Initialize success
22:36:48.678 AVAST engine defs: 12110602
22:36:57.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
22:36:57.947 Disk 0 Vendor: ATA_____ A610 Size: 953869MB BusType: 11
22:36:57.955 Disk 0 MBR read successfully
22:36:57.957 Disk 0 MBR scan
22:36:57.959 Disk 0 Windows 7 default MBR code
22:36:57.974 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:36:57.992 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:36:58.002 Disk 0 scanning C:\Windows\system32\drivers
22:37:03.934 Service scanning
22:37:18.151 Modules scanning
22:37:18.154 Disk 0 trace - called modules:
22:37:18.254 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
22:37:18.256 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007f1c790]
22:37:18.259 3 CLASSPNP.SYS[fffff8800465143f] -> nt!IofCallDriver -> [0xfffffa8007e24c50]
22:37:18.262 5 iaStorF.sys[fffff880048652fa] -> nt!IofCallDriver -> [0xfffffa8007b26040]
22:37:18.265 7 ACPI.sys[fffff88000f887a1] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa8007b17430]
22:37:19.516 AVAST engine scan C:\Windows
22:37:20.908 AVAST engine scan C:\Windows\system32
22:38:58.878 AVAST engine scan C:\Windows\system32\drivers
22:39:06.710 AVAST engine scan C:\Users\Brandon
22:39:38.500 AVAST engine scan C:\ProgramData
22:39:55.033 Scan finished successfully
22:40:09.349 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
22:40:09.352 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

[Robybel]

Hi and Welcome!! EvilRev

My name is Robybel. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!!

[EvilRev]

Ok. I'll keep watching this thread until you tell me what I need to do.

[Robybel]

Hi EvilRev


AdwCleaner

• Please download AdwCleaner by Xplode onto your desktop.
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

---------------------------

On your next reply please post :

• AdwCleaner log
• Combofix log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

[EvilRev]

Here they are:

AdwCleaner

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 01:58:40
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brandon - BLACKPEARL
# Boot Mode : Normal
# Running from : C:\Users\Brandon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S4].txt - [676 octets] - [11/11/2012 01:58:40]

########## EOF - C:\AdwCleaner[S4].txt - [735 octets] ##########

Combofix

ComboFix 12-11-09.02 - Brandon 11/11/2012 2:20.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8143.6831 [GMT -5:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 07:24 . 2012-11-11 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-07 03:03 . 2012-11-07 03:04 -------- d-----w- c:\program files (x86)\ERUNT
2012-11-05 17:52 . 2012-11-05 17:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-01 06:26 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 05:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-01 05:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-01 05:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-31 17:29 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-31 17:29 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-31 17:29 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-31 17:29 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-31 17:29 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-31 07:51 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-10-31 07:50 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-31 07:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-10-31 07:48 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-31 07:48 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-10-31 07:48 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-10-31 07:48 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-10-31 07:48 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-31 07:48 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-31 07:48 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-31 07:48 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-31 07:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-31 07:46 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-31 07:46 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-31 07:46 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-10-31 07:46 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-10-31 07:46 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-10-31 07:46 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-10-31 07:46 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-10-31 07:45 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-31 07:45 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-10-31 07:45 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-31 07:45 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-31 07:45 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-31 07:45 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-31 07:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-10-31 07:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-10-31 07:44 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-10-31 07:44 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-10-31 07:44 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-10-31 07:44 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-10-31 07:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-31 07:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-31 01:05 . 2012-10-31 01:05 -------- d-----w- c:\program files (x86)\Datel
2012-10-31 00:41 . 2012-10-31 00:41 -------- d-----w- c:\program files\DIFX
2012-10-31 00:40 . 2012-10-31 00:40 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-31 00:39 . 2012-09-26 19:55 54200 ----a-w- c:\windows\system32\drivers\dsiarhwprog_x64.sys
2012-10-30 23:40 . 2012-10-30 23:40 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-30 23:40 . 2012-10-30 23:40 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-30 23:39 . 2012-10-30 23:39 -------- d-----w- c:\programdata\Battle.net
2012-10-30 22:37 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-10-30 22:36 . 2012-10-30 22:38 -------- d-----w- c:\program files (x86)\Microsoft DirectX SDK (June 2010)
2012-10-30 22:36 . 2012-10-30 22:36 111960 ----a-w- c:\windows\dxsdkuninst.exe
2012-10-30 22:03 . 2012-10-30 22:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-10-30 21:52 . 2012-10-30 21:52 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-10-30 21:48 . 2012-10-30 21:48 -------- d-----w- c:\programdata\McAfee Security Scan
2012-10-30 21:48 . 2012-10-30 21:48 -------- d-----w- c:\programdata\McAfee
2012-10-30 21:48 . 2012-11-02 23:19 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-10-30 21:48 . 2012-10-30 21:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-30 21:44 . 2012-10-30 21:44 -------- d-----w- c:\program files\WinRAR
2012-10-30 21:10 . 2012-10-30 21:10 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-30 20:12 . 2012-10-30 21:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-30 20:09 . 2012-10-31 00:39 -------- d-----r- C:\Games
2012-10-30 19:27 . 2012-11-11 07:17 -------- d-----w- c:\programdata\NVIDIA
2012-10-30 19:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-30 19:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-30 19:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-30 19:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-30 19:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-30 19:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-30 19:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-30 19:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-30 19:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-30 19:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-30 19:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-30 19:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-30 19:08 . 2012-10-30 19:08 -------- d-----w- c:\program files (x86)\ASUS
2012-10-30 19:07 . 2012-10-30 19:07 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-10-30 19:06 . 2012-02-03 13:01 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-10-30 19:06 . 2012-02-03 13:01 677480 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-10-30 19:06 . 2012-02-03 13:01 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-10-30 19:05 . 2012-10-30 19:05 -------- d-----w- c:\program files (x86)\ASM106xSATA
2012-10-30 19:05 . 2011-10-04 00:08 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-10-30 19:04 . 2011-09-22 13:49 56600 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-10-30 18:59 . 2011-12-20 07:32 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-10-30 18:54 . 2011-12-02 06:06 23832 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-10-30 18:51 . 2012-10-30 18:51 -------- d-----w- c:\windows\AsusInstAll
2012-10-30 18:49 . 2012-10-30 19:04 -------- d-----w- c:\program files (x86)\Intel
2012-10-30 18:49 . 2011-07-29 05:54 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-10-30 18:47 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-10-30 18:47 . 2012-10-30 18:47 -------- d-----w- c:\program files\Google
2012-10-30 18:43 . 2012-10-30 18:47 -------- d-----w- c:\program files (x86)\Google
2012-10-30 18:42 . 2012-11-01 02:18 -------- d-----w- c:\program files\Symantec
2012-10-30 18:42 . 2012-11-01 02:18 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-10-30 18:42 . 2012-10-30 18:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-30 18:41 . 2012-11-01 17:55 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-10-30 18:41 . 2012-10-30 18:41 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-10-30 18:39 . 2012-10-30 18:42 -------- d-----w- c:\programdata\Norton
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-10-30 18:39 . 2012-10-30 18:39 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-10-30 18:18 . 2012-10-30 20:12 -------- d-----w- c:\users\Brandon
2012-10-16 23:03 . 2012-10-30 18:18 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:23 . 2012-10-11 01:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-10-11 01:23 . 2012-10-11 01:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 01:23 . 2012-10-11 01:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 01:23 . 2012-10-11 01:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 01:23 . 2012-10-11 01:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2012-10-11 01:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2012-10-11 01:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2012-10-11 01:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-20 17:38 . 2012-10-31 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\games\Steam\steam.exe" [2012-10-30 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-12-02 286720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 57135665;57135665; [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-12-02 565528]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-12-02 23832]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121109.001\IDSvia64.sys [2012-10-27 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-30 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 18:43]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-11 02:25:42
ComboFix-quarantined-files.txt 2012-11-11 07:25
ComboFix2.txt 2012-11-11 07:14
.
Pre-Run: 922,573,189,120 bytes free
Post-Run: 922,275,983,360 bytes free
.
- - End Of File - - EE6404BE2E36043A7942170675529D17

[Robybel]

Hi EvilRev

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the ESET on Line scan button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
13. Push the Back button.
14. Select Uninstall application on close check box and push

=============================== Next =======================================


Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Please let me know, how your computer is running now

On your next reply please post :

• Eset report
• Malwarebytes log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

[EvilRev]

The ESET Scanner found no problems and did not provide a log. Mbam found no threats but did provide a log. After these scans there are still svchost.exe programs taking up my resources...

Here is the MBAM log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brandon :: BLACKPEARL [administrator]

Protection: Enabled

11/14/2012 1:42:03 PM
mbam-log-2012-11-14 (13-42-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221593
Time elapsed: 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Robybel]

Hi EvilRev

After these scans there are still svchost.exe programs taking up my resources...

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check



Once that is done then go to step 3 and allow it to run SFC



On the the Start Repairs tab => Click the Start



Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure


Next

Please let me know how your computer is running and if there are any outstanding issues.

[Robybel]

Still with me?

[EvilRev]

I am still with you. Sorry for the long time between posts. I did the tweaking.com windows repair and still no changes. The svchost.exe is still there.