Results 1 to 10 of 10

Thread: cpu usage 100%

  1. #1
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default cpu usage 100%

    I think my pc is infected with malware. please help

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
    Run by Sai SGK at 18:55:19 on 2013-06-03
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3255.2156 [GMT 5.5:30]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
    C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
    C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Sai SGK\AppData\Roaming\Adobe\Flash Player\SpeedCache\mpchc64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Sai SGK\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://tuvaro.com/ws/?source=536c75e7&tbp=homepage&toolbarid=base&u=64d260000000000000006c626d4939de
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - <orphaned>
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [SpeedUpSystem] wscript "c:\users\sai sgk\appdata\roaming\adobe\flash player\speedcache\afile.vbs" "c:\users\sai sgk\appdata\roaming\adobe\flash player\speedcache\aso.bat"
    mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
    mRun: [BATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe
    mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe
    mRun: [HP Remote Solution] c:\program files\hewlett-packard\hp remote solution\HP_Remote_Solution.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
    mRun: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averhi~1.lnk - c:\program files\common files\avermedia\averquick\AVerHIDReceiver.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{65761BBB-314C-497C-B341-7373BFF88A84} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{95278B9B-CEB4-41F9-8410-767709D61073} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\vc9kd8ly.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-05-18 16:51; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\vc9kd8ly.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - ExtSQL: 2013-06-01 09:53; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\vc9kd8ly.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
    FF - ExtSQL: 2013-06-03 17:26; fdm_ffext@freedownloadmanager.org; c:\program files\free download manager\firefox\Extension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 64d260000000000000006c626d4939de
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15843
    FF - user.js: extensions.delta.vrsn - 1.8.21.0
    FF - user.js: extensions.delta.vrsni - 1.8.21.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.018:05:38
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119816&tt=gc_170513_18210
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    FF - user.js: extensions.tuvaro.hpOld0 -
    FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=536c75e7&tbp=main&toolbarid=base&u=64d260000000000000006c626d4939de&q=
    FF - user.js: extensions.tuvaro.id - 64d260000000000000006c626d4939de
    FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
    FF - user.js: extensions.tuvaro.instlDay - 15847
    FF - user.js: extensions.tuvaro.vrsn - 1.8.17.3
    FF - user.js: extensions.tuvaro.vrsni - 1.8.17.3
    FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.39:48:06
    FF - user.js: extensions.tuvaro.prtnrId - tuvaro
    FF - user.js: extensions.tuvaro.prdct - tuvaro
    FF - user.js: extensions.tuvaro.aflt - orgnl
    FF - user.js: extensions.tuvaro.smplGrp - none
    FF - user.js: extensions.tuvaro.tlbrId - base
    FF - user.js: extensions.tuvaro.instlRef - 536c75e7
    FF - user.js: extensions.tuvaro.dfltLng -
    FF - user.js: extensions.tuvaro.excTlbr - false
    FF - user.js: extensions.tuvaro.ffxUnstlRst - false
    FF - user.js: extensions.tuvaro.admin - false
    FF - user.js: extensions.tuvaro.cam -
    FF - user.js: extensions.tuvaro.autoRvrt - false
    FF - user.js: extensions.tuvaro.rvrt - false
    FF - user.js: extensions.tuvaro.hmpg - true
    FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=536c75e7&tbp=homepage&toolbarid=base&u=64d260000000000000006c626d4939de
    FF - user.js: extensions.tuvaro.dfltSrch - true
    FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
    FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=536c75e7&tbp=url&toolbarid=base&u=64d260000000000000006c626d4939de&q=
    FF - user.js: extensions.tuvaro.dnsErr - true
    FF - user.js: extensions.tuvaro.newTab - true
    FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=536c75e7&tbp=tab&u=64d260000000000000006c626d4939de
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
    R2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2013-5-11 348160]
    R2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2013-5-11 389120]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
    R3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC.sys [2009-8-21 461952]
    R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [2013-5-11 314752]
    R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [2013-5-11 32896]
    R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\drivers\AVer888RCIR.sys [2009-8-21 33280]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-21 189440]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-5-20 599040]
    S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-9-17 20848]
    .
    =============== Created Last 30 ================
    .
    2013-06-03 11:56:04 -------- d-----w- c:\users\sai sgk\appdata\roaming\Free Download Manager
    2013-06-03 09:15:23 -------- d-----w- c:\users\sai sgk\appdata\roaming\Malwarebytes
    2013-06-03 09:15:11 -------- d-----w- c:\programdata\Malwarebytes
    2013-06-03 09:15:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-06-03 09:15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-06-01 04:12:30 -------- d-----w- c:\programdata\IDM
    2013-06-01 04:12:29 -------- d-----w- c:\users\sai sgk\appdata\roaming\DMCache
    2013-05-30 11:16:37 -------- d-----w- c:\users\sai sgk\appdata\roaming\FlashgetSetup
    2013-05-30 11:16:37 -------- d-----w- c:\users\sai sgk\appdata\roaming\BITS
    2013-05-30 11:16:29 -------- d-----w- c:\program files\FlashGet Network
    2013-05-30 11:11:29 -------- d-----w- C:\Downloads
    2013-05-30 11:10:26 -------- d-----w- c:\program files\Free Download Manager
    2013-05-26 11:49:39 -------- d-----w- C:\Recorded Videos
    2013-05-24 13:43:19 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-05-24 13:43:19 295424 ----a-w- c:\windows\system32\atmfd.dll
    2013-05-24 13:38:01 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2013-05-24 13:38:01 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2013-05-24 13:38:01 297808 ----a-w- c:\windows\system32\mscoree.dll
    2013-05-24 13:38:01 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2013-05-24 13:38:01 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2013-05-24 13:26:06 5120 ----a-w- c:\windows\system32\wmi.dll
    2013-05-24 13:26:06 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2013-05-24 13:26:06 158720 ----a-w- c:\windows\system32\imagehlp.dll
    2013-05-24 13:20:09 801792 ----a-w- c:\windows\system32\FntCache.dll
    2013-05-24 13:20:09 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-05-24 13:20:09 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-05-24 13:20:09 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2013-05-24 13:20:09 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2013-05-24 13:20:08 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-24 13:20:08 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-05-24 13:20:08 3181568 ----a-w- c:\windows\system32\mf.dll
    2013-05-24 13:20:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-24 13:20:08 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2013-05-24 13:20:08 107520 ----a-w- c:\windows\system32\cdd.dll
    2013-05-24 13:12:46 -------- d-----w- c:\program files\MSXML 4.0
    2013-05-24 12:55:10 123904 ----a-w- c:\windows\system32\poqexec.exe
    2013-05-24 12:54:54 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2013-05-24 12:54:52 285696 ----a-w- c:\windows\system32\winlogon.exe
    2013-05-24 12:54:52 2614272 ----a-w- c:\windows\explorer.exe
    2013-05-24 12:53:37 36864 ----a-w- c:\windows\system32\tsgqec.dll
    2013-05-24 12:53:37 2691072 ----a-w- c:\windows\system32\mstscax.dll
    2013-05-24 12:53:37 131072 ----a-w- c:\windows\system32\aaclient.dll
    2013-05-24 12:52:52 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2013-05-24 12:52:52 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2013-05-24 12:52:50 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-05-24 12:51:49 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2013-05-24 12:50:58 954752 ----a-w- c:\windows\system32\mfc40.dll
    2013-05-24 12:50:58 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2013-05-24 12:49:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-05-24 12:49:36 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2013-05-24 12:49:16 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-05-24 12:47:36 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-05-24 12:46:38 376832 ----a-w- c:\windows\system32\dpnet.dll
    2013-05-24 12:46:37 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2013-05-24 12:46:36 768512 ----a-w- c:\windows\system32\localspl.dll
    2013-05-24 12:46:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2013-05-24 12:46:35 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-05-24 12:46:32 530432 ----a-w- c:\windows\system32\comctl32.dll
    2013-05-24 12:46:31 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2013-05-24 12:46:31 1413632 ----a-w- c:\windows\system32\ole32.dll
    2013-05-24 12:46:30 516096 ----a-w- c:\program files\windows mail\wab.exe
    2013-05-24 12:46:30 132608 ----a-w- c:\windows\system32\cabview.dll
    2013-05-24 12:46:30 109056 ----a-w- c:\windows\system32\t2embed.dll
    2013-05-24 12:46:29 82944 ----a-w- c:\windows\system32\iccvid.dll
    2013-05-24 12:46:29 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2013-05-24 12:44:41 292864 ----a-w- c:\windows\system32\apphelp.dll
    2013-05-24 12:42:34 850432 ----a-w- c:\windows\system32\sbe.dll
    2013-05-24 12:42:34 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2013-05-24 12:42:34 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-05-24 12:42:04 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-05-24 12:42:04 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-05-24 12:41:52 541184 ----a-w- c:\windows\system32\kerberos.dll
    2013-05-24 12:41:36 41472 ----a-w- c:\windows\system32\browcli.dll
    2013-05-24 12:41:36 102912 ----a-w- c:\windows\system32\browser.dll
    2013-05-24 12:41:35 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2013-05-24 12:41:35 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2013-05-24 12:41:35 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2013-05-24 12:41:35 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2013-05-24 12:41:34 70656 ----a-w- c:\windows\system32\fontsub.dll
    2013-05-24 12:41:34 67072 ----a-w- c:\windows\system32\packager.dll
    2013-05-24 12:41:33 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2013-05-24 12:41:32 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2013-05-24 12:39:54 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2013-05-23 12:56:56 -------- d-----w- c:\users\sai sgk\appdata\roaming\Auslogics
    2013-05-23 12:56:55 -------- d-----w- c:\program files\Auslogics
    2013-05-23 04:25:29 -------- d-----w- c:\users\sai sgk\appdata\roaming\BitTorrent
    2013-05-22 04:21:24 -------- d-----w- c:\users\sai sgk\appdata\roaming\uTorrent
    2013-05-22 04:18:13 -------- d-----w- c:\users\sai sgk\appdata\local\CRE
    2013-05-22 04:18:03 -------- d-----w- c:\program files\Conduit
    2013-05-22 04:18:02 -------- d-----w- c:\users\sai sgk\appdata\local\Conduit
    2013-05-22 04:15:10 -------- d-----w- c:\users\sai sgk\appdata\local\Google
    2013-05-22 04:03:58 -------- d-----w- c:\users\sai sgk\appdata\local\sabnzbd
    2013-05-21 13:21:41 -------- d-----w- c:\users\sai sgk\appdata\roaming\.BitTornado
    2013-05-21 13:21:09 -------- d-----w- c:\program files\BitTornado
    2013-05-20 13:15:41 -------- d-----w- c:\program files\MPC-HC
    2013-05-20 05:21:13 -------- d-----w- c:\users\sai sgk\appdata\roaming\Visan
    2013-05-20 05:18:08 -------- d-----w- c:\programdata\Visan
    2013-05-20 04:50:48 -------- d-----w- c:\programdata\HP Photo Creations
    2013-05-20 04:50:48 -------- d-----w- c:\program files\HP Photo Creations
    2013-05-20 04:50:45 -------- d-----w- c:\program files\Coupons
    2013-05-20 04:50:19 273256 ------w- c:\windows\system32\HPDiscoPM9311.dll
    2013-05-20 04:48:51 -------- d-----w- c:\users\sai sgk\appdata\local\HP
    2013-05-19 13:00:34 -------- d-----w- c:\users\sai sgk\appdata\local\Macromedia
    2013-05-19 12:48:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-19 12:48:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-18 12:37:00 -------- d-----w- c:\users\sai sgk\appdata\local\Bundled software uninstaller
    2013-05-18 12:34:47 -------- d-----w- c:\users\sai sgk\appdata\roaming\Babylon
    2013-05-18 12:34:47 -------- d-----w- c:\programdata\Babylon
    2013-05-18 11:26:47 -------- d-----w- c:\program files\VirtualDub
    2013-05-17 11:29:02 -------- d-----w- c:\users\sai sgk\appdata\roaming\foobar2000
    2013-05-17 11:28:57 -------- d-----w- c:\program files\foobar2000
    2013-05-15 12:31:35 -------- d-----w- c:\users\sai sgk\appdata\roaming\VideoReDo-TVSuite4
    2013-05-15 12:31:35 -------- d-----w- c:\program files\VideoReDoTVSuite4
    2013-05-15 12:28:53 -------- d-----w- c:\users\sai sgk\appdata\roaming\AccurateRip
    2013-05-15 12:27:57 4779592 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2013-05-15 12:27:46 -------- d-----w- c:\program files\Illustrate
    2013-05-14 13:24:44 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-05-14 13:24:44 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-14 13:24:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-05-14 13:13:09 -------- d-----w- c:\program files\aMule
    2013-05-14 12:59:05 -------- d-----w- c:\users\sai sgk\appdata\roaming\aMule
    2013-05-14 03:55:18 -------- d-----w- c:\program files\AvsP
    2013-05-14 03:54:35 -------- d-----w- c:\program files\AviSynth 2.5
    2013-05-13 13:44:43 -------- d-----w- c:\users\sai sgk\appdata\roaming\AVG2013
    2013-05-13 13:44:07 -------- d-----w- c:\users\sai sgk\appdata\roaming\TuneUp Software
    2013-05-13 13:43:55 -------- d--h--w- C:\$AVG
    2013-05-13 13:43:55 -------- d-----w- c:\programdata\AVG2013
    2013-05-13 13:43:36 -------- d-----w- c:\program files\AVG
    2013-05-13 13:35:15 -------- d--h--w- c:\programdata\Common Files
    2013-05-13 13:35:15 -------- d-----w- c:\users\sai sgk\appdata\local\MFAData
    2013-05-13 13:35:15 -------- d-----w- c:\users\sai sgk\appdata\local\Avg2013
    2013-05-13 13:35:15 -------- d-----w- c:\programdata\MFAData
    2013-05-13 13:34:33 -------- d-----w- c:\program files\VideoLAN
    2013-05-13 13:33:09 178688 ----a-w- c:\windows\system32\unrar.dll
    2013-05-13 12:26:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-05-13 12:26:20 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-05-13 12:26:13 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-05-13 12:26:13 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-05-12 10:55:31 -------- d-----w- c:\users\sai sgk\appdata\local\Microsoft Games
    2013-05-12 10:20:48 -------- d-----w- c:\users\sai sgk\appdata\local\Programs
    2013-05-12 06:01:37 22944 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
    2013-05-12 06:00:41 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2013-05-12 06:00:29 -------- d-----w- c:\users\sai sgk\appdata\roaming\hpqLog
    2013-05-12 06:00:16 -------- d-----w- C:\swsetup
    2013-05-12 05:42:46 -------- d-----w- c:\users\sai sgk\appdata\roaming\HP Support Assistant
    2013-05-12 05:42:45 -------- d-----w- c:\users\sai sgk\appdata\roaming\HpUpdate
    2013-05-12 05:36:33 -------- d-----w- c:\users\sai sgk\appdata\local\Adobe
    2013-05-12 05:35:07 -------- d-----w- c:\program files\common files\Adobe Systems Shared
    2013-05-11 10:44:12 -------- d-----w- c:\programdata\AVerTV
    2013-05-11 10:44:05 -------- d-----w- c:\users\sai sgk\appdata\local\AVerMedia
    2013-05-11 04:34:24 -------- d-----w- c:\users\sai sgk\appdata\local\CyberLink
    2013-05-11 04:34:23 -------- d-----w- c:\users\sai sgk\appdata\local\PowerCinema
    2013-05-11 04:28:13 -------- d-----w- C:\New Folder
    2013-05-11 04:05:01 -------- d-----w- c:\program files\PowerISO
    2013-05-11 00:22:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
    2013-05-11 00:22:54 507568 ----a-w- c:\windows\system32\winload.exe
    2013-05-11 00:22:54 442920 ----a-w- c:\windows\system32\winresume.exe
    2013-05-11 00:22:37 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2013-05-11 00:22:32 34816 ----a-w- c:\windows\system32\msasn1.dll
    2013-05-11 00:22:13 -------- d--h--w- C:\hp
    2013-05-11 00:22:12 -------- d-----w- c:\windows\system32\OEM
    2013-05-11 00:22:12 -------- d-----w- c:\windows\Panther
    2013-05-10 13:28:30 24576 ----a-w- c:\windows\system32\cxtvrate.dll
    2013-05-10 13:28:30 18432 ----a-w- c:\windows\system32\cpnotify.ax
    2013-05-10 13:28:30 -------- d-----w- c:\windows\Driver Cache
    2013-05-10 13:17:10 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{606a50d8-1396-4aef-bf21-01baf06e2c2c}\mpengine.dll
    2013-05-10 13:17:07 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-05-10 13:15:31 -------- d-----w- c:\users\sai sgk\appdata\local\Mozilla
    2013-05-10 13:15:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2013-05-10 12:56:19 -------- d-----w- c:\users\sai sgk\appdata\local\Hewlett-Packard
    2013-05-10 11:32:38 -------- d-----w- c:\programdata\Norton
    2013-05-10 11:32:19 -------- d-----w- c:\programdata\NortonInstaller
    2013-05-10 11:31:03 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2013-05-10 11:31:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2013-05-10 11:30:25 -------- d-----w- c:\program files\Microsoft
    2013-05-10 11:30:10 -------- d-----w- c:\program files\Windows Live SkyDrive
    2013-05-10 11:29:45 -------- d-----w- c:\windows\PCHEALTH
    2013-05-10 11:29:32 74520 ----a-w- c:\program files\common files\windows live\.cache\a49832d51ce4d71\DSETUP.dll
    2013-05-10 11:29:32 484632 ----a-w- c:\program files\common files\windows live\.cache\a49832d51ce4d71\DXSETUP.exe
    2013-05-10 11:29:32 1670936 ----a-w- c:\program files\common files\windows live\.cache\a49832d51ce4d71\dsetup32.dll
    2013-05-10 11:29:16 141402440 ----a-w- c:\program files\common files\windows live\.cache\wlc16AB.tmp
    2013-05-10 11:29:10 -------- d-----w- c:\program files\common files\Windows Live
    2013-05-10 11:28:46 537248 ----a-w- c:\program files\online services\omnifone\MusicStation.exe
    2013-05-10 11:26:14 -------- d-----w- c:\programdata\WildTangent
    2013-05-10 11:26:14 -------- d-----w- c:\program files\HP Games
    2013-05-10 11:26:13 -------- d-----r- c:\program files\Online Services
    2013-05-10 11:21:57 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2013-05-10 11:21:57 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2013-05-10 11:21:57 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2013-05-10 11:21:57 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2013-05-10 11:21:57 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2013-05-10 11:21:57 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2013-05-10 11:21:57 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2013-05-10 11:16:59 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2013-05-10 11:16:47 -------- d-----w- c:\program files\PC-Doctor for Windows
    2013-05-10 11:14:51 -------- d---a-w- c:\program files\common files\LS Getting Started
    2013-05-10 11:08:01 -------- d-----w- c:\program files\PlayReady
    2013-05-10 11:06:40 831488 ----a-w- c:\windows\RtlExUpd.dll
    2013-05-10 11:06:40 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
    2013-05-10 11:06:40 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
    2013-05-10 11:06:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
    2013-05-10 11:06:40 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2013-05-10 11:06:40 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
    2013-05-10 11:06:40 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
    2013-05-10 11:06:40 -------- d--h--w- c:\program files\Temp
    2013-05-10 11:06:39 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
    2013-05-10 11:06:39 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
    2013-05-10 11:05:48 -------- d-----w- c:\windows\system32\wbem\Performance
    2013-05-10 11:05:37 -------- d-----w- c:\windows\system32\AGEIA
    2013-05-10 11:05:34 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2013-05-10 11:04:14 -------- dc-h--w- c:\programdata\{D441869F-BEC4-446D-9888-C5CA29F160F9}
    2013-05-10 11:02:36 -------- d-----w- c:\program files\hp
    2013-05-10 11:01:38 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll
    2013-05-10 10:59:58 -------- d-sh--w- c:\windows\Installer
    2013-05-10 10:56:38 584296 ----a-w- c:\windows\system32\nvuninst.exe
    2013-05-10 10:56:03 -------- d-----w- c:\program files\Realtek
    2013-05-10 10:56:02 -------- d-----w- c:\windows\system32\RTCOM
    .
    ==================== Find3M ====================
    .
    2013-04-25 15:00:16 5041848 ----a-w- c:\users\sai sgk\appdata\roaming\idman615f.exe
    2013-04-12 13:58:11 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-03-28 21:23:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-03-20 21:38:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2013-03-19 05:06:09 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:06:09 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:54:22 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:50:03 69632 ----a-w- c:\windows\system32\smss.exe
    .
    ============= FINISH: 18:55:40.49 ===============
    Attached Files Attached Files

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Sorry for the delay. If you still help simply reply back and we will check for any potential malware.
    How Can I Reduce My Risk?

  3. #3
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    thank you,
    please help.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Using explorer look in this path,

    c:\users\sai sgk\appdata\roaming\adobe\flash player\speedcache\afile.vbs

    or copy/paste: in the search Window after clicking on the start orb:
    c:\users\sai sgk\appdata\roaming

    Delete the entire adobe folder. If it gives you problems then you can try this;

    During a computer restart tap the f8 key. At the options menu chose the first option: safe mode
    Log into your normal account. Try deleting the above folder in Safe mode. Reboot normally afterwards.
    ---------------------------------------------------------

    Next get a copy of Malwarebytes:

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.

    -------------------------------------------------------------


    Also you run Malwarebytes, get one more tool:

    Please download JRT.exe to your desktop.

    Double Right click the icon and "run as admin"
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

    Please post the Malwarebytes log and the JRT log in your reply.
    How Can I Reduce My Risk?

  5. #5
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    mbam log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.19.04

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Sai SGK :: SHIRDISAIBABA [administrator]

    19-06-2013 17:26:54
    mbam-log-2013-06-19 (17-26-54).txt

    Scan type: Full scan (C:\|D:\|V:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 354595
    Time elapsed: 34 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    jrt log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x86
    Ran by Sai SGK on 19-06-2013 at 18:11:21.87
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
    Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
    Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289075
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{082228E7-1975-47D6-B393-56B10156AA55}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3D54E69F-98A9-46A5-ACEC-6CFED697A08D}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{587A4289-5A0D-69FD-DF41-7205A86FD8F3}
    Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\installmate"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\AppData\Roaming\opencandy"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\local\babylon"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Sai SGK\appdata\locallow\pricegong"
    Successfully deleted: [Folder] "C:\Program Files\conduit"
    Successfully deleted: [Folder] "C:\Program Files\coupons"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Emptied folder: C:\Users\Sai SGK\AppData\Roaming\mozilla\firefox\profiles\hab2nhw4.default\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 19-06-2013 at 18:12:31.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok thanks for the info. Malwarebytes log cant look any better. Did you manage to get that adobe folder deleted? Hows the CPU usage? We will get two more downloads to use. The first is similar to JRT in what it does:

    Please download Adwcleaner by Xplode onto your desktop.
    Right click and select run as admin.
    Click on the Search button. After the scan a log file will open.
    Close the log file and click the delete button.
    Machine will reboot and on start up show a log.
    Copy and paste the contents of this log in your reply.
    You can also find the logs at C:\AdwCleaner[R1].txt [R2].txt etc as well

    After the above you can get combofix. It requires that you read a short guide first before you use it. Read through the guide then apply the directions on your own machine. Please post the adwcleaner log and the combofix log in your reply.
    Guide to using: Combofix
    How Can I Reduce My Risk?

  7. #7
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    AdwCleaner logs

    # AdwCleaner v2.303 - Logfile created 06/22/2013 at 12:09:54
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium (32 bits)
    # User : Sai SGK - SHIRDISAIBABA
    # Boot Mode : Normal
    # Running from : C:\Users\Sai SGK\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\ProgramData\safe saave
    Folder Found : C:\Users\Sai SGK\AppData\Local\Bundled software uninstaller
    Folder Found : C:\Users\Sai SGK\AppData\Roaming\Mysearchdial

    ***** [Registry] *****

    Key Found : HKCU\Software\BabSolution
    Key Found : HKCU\Software\BI
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\mysearchdial
    Key Found : HKCU\Software\mysearchdial.com
    Key Found : HKLM\SOFTWARE\5d28adbb23cec41
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\Software\InstallCore
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16483

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119816&tt=gc_170513_18210&babsrc=NT_ss&mntrId=64D26C626D4939DE
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir=
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir=

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2266 octets] - [22/06/2013 12:09:54]

    ########## EOF - C:\AdwCleaner[R1].txt - [2326 octets] ##########




    # AdwCleaner v2.303 - Logfile created 06/22/2013 at 12:11:32
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium (32 bits)
    # User : Sai SGK - SHIRDISAIBABA
    # Boot Mode : Normal
    # Running from : C:\Users\Sai SGK\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\safe saave
    Folder Deleted : C:\Users\Sai SGK\AppData\Local\Bundled software uninstaller
    Folder Deleted : C:\Users\Sai SGK\AppData\Roaming\Mysearchdial

    ***** [Registry] *****

    Key Deleted : HKCU\Software\BabSolution
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\mysearchdial
    Key Deleted : HKCU\Software\mysearchdial.com
    Key Deleted : HKLM\SOFTWARE\5d28adbb23cec41
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16483

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119816&tt=gc_170513_18210&babsrc=NT_ss&mntrId=64D26C626D4939DE --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir= --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyEzytAzy0D0EyCtDtDtDtN0D0Tzu0SyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1456688266&ir= --> hxxp://www.google.com

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2395 octets] - [22/06/2013 12:09:54]
    AdwCleaner[S1].txt - [2473 octets] - [22/06/2013 12:11:32]

    ########## EOF - C:\AdwCleaner[S1].txt - [2533 octets] ##########




    combofix logs

    ComboFix 13-06-22.01 - Sai SGK 22-06-2013 16:43:57.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3255.2342 [GMT 5.5:30]
    Running from: c:\users\Sai SGK\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-22 11:17 . 2013-06-22 11:17 -------- d-----w- c:\users\USER~1.AVE\AppData\Local\temp
    2013-06-22 11:17 . 2013-06-22 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-19 12:41 . 2013-06-19 12:41 -------- d-----w- c:\windows\ERUNT
    2013-06-19 12:40 . 2013-06-19 12:40 -------- d-----w- C:\JRT
    2013-06-17 14:11 . 2013-06-17 14:11 -------- d-----w- c:\programdata\TuneUp Software
    2013-06-17 14:11 . 2013-06-17 14:11 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-06-17 13:54 . 2013-06-18 06:02 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\uploading.com
    2013-06-17 13:53 . 2013-06-17 13:53 -------- d-----w- c:\program files\UploadingDesktop
    2013-06-17 06:13 . 2013-06-17 06:13 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2013-06-16 12:53 . 2013-06-16 12:53 -------- d-----w- c:\programdata\StarApp
    2013-06-16 12:44 . 2013-06-16 12:44 -------- d-----w- c:\users\Sai SGK\AppData\Local\iexplorer
    2013-06-15 05:14 . 2013-06-15 05:14 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\dBpoweramp
    2013-06-15 05:01 . 2013-06-15 05:01 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Foxit Software
    2013-06-15 05:01 . 2013-06-15 05:01 -------- d-----w- c:\program files\Foxit Software
    2013-06-13 04:51 . 2013-06-13 04:51 -------- d-----w- c:\program files\Gabest
    2013-06-12 13:00 . 2013-06-12 13:00 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Media Player Classic
    2013-06-12 13:00 . 2013-06-12 13:00 -------- d-----w- c:\program files\MPC-HC
    2013-06-12 05:49 . 2013-06-12 05:53 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\foobar2000
    2013-06-12 05:49 . 2013-06-12 05:49 -------- d-----w- c:\program files\foobar2000
    2013-06-11 08:39 . 2013-06-11 12:14 -------- d-----w- c:\program files\Alcohol Soft
    2013-06-11 07:28 . 2013-06-11 08:37 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
    2013-06-10 14:14 . 2013-06-10 14:14 -------- d-----w- c:\users\Sai SGK\AppData\Local\Brak_Software
    2013-06-10 14:11 . 2013-06-10 14:11 -------- d-----w- c:\program files\Brak Software
    2013-06-10 14:11 . 2013-06-10 14:11 -------- d-----w- c:\programdata\Brak Software
    2013-06-10 12:35 . 2013-06-10 12:35 -------- d-----w- c:\program files\MKVcleaver
    2013-06-10 12:27 . 2013-06-13 04:34 -------- d-----w- c:\users\Sai SGK\MKVCleaver
    2013-06-10 11:09 . 2013-06-10 12:34 -------- d-----w- c:\program files\MKVToolNix
    2013-06-10 09:04 . 2013-06-10 09:04 -------- d-----w- c:\users\Sai SGK\AppData\Local\DVDVideoSoft_Ltd
    2013-06-10 08:52 . 2013-06-10 09:02 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\DVDVideoSoft
    2013-06-10 08:52 . 2013-06-10 08:54 -------- d-----w- c:\program files\DVDVideoSoft
    2013-06-10 08:52 . 2013-06-10 08:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2013-06-08 10:46 . 2013-06-08 10:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2013-06-08 10:46 . 2013-06-08 10:51 -------- d-----w- c:\program files\Winamp
    2013-06-08 03:17 . 2013-06-08 03:17 -------- d-----w- c:\program files\ConvertHelper
    2013-06-07 15:14 . 2013-06-07 15:14 -------- d-----w- c:\users\Sai SGK\AppData\Local\Diagnostics
    2013-06-07 11:11 . 2013-06-22 06:52 -------- d-----w- c:\users\Sai SGK\dwhelper
    2013-06-05 08:57 . 2013-06-05 08:57 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\ProgSense
    2013-06-05 08:57 . 2013-06-05 08:57 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\GrabPro
    2013-06-05 08:55 . 2013-06-05 13:00 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Orbit
    2013-06-03 13:24 . 2013-06-03 13:24 -------- d-----w- c:\program files\ERUNT
    2013-06-03 13:18 . 2013-06-03 13:18 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\CyberLink
    2013-06-03 13:17 . 2013-06-03 13:17 -------- d-----w- c:\users\Public\CyberLink
    2013-06-03 11:56 . 2013-06-22 10:59 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Free Download Manager
    2013-06-03 09:15 . 2013-06-03 09:15 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Malwarebytes
    2013-06-03 09:15 . 2013-06-03 09:15 -------- d-----w- c:\programdata\Malwarebytes
    2013-06-03 09:15 . 2013-06-03 09:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-06-03 09:15 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-06-02 04:57 . 2013-06-17 05:56 -------- d-----w- c:\program files\Google
    2013-06-01 12:48 . 2013-06-01 12:48 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Template
    2013-06-01 04:12 . 2013-06-01 04:12 -------- d-----w- c:\programdata\IDM
    2013-06-01 04:12 . 2013-06-03 11:49 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\DMCache
    2013-05-30 11:16 . 2013-06-05 07:25 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\FlashgetSetup
    2013-05-30 11:16 . 2013-06-05 07:24 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\BITS
    2013-05-30 11:16 . 2013-05-30 11:16 -------- d-----w- c:\program files\FlashGet Network
    2013-05-30 11:11 . 2013-06-22 10:57 -------- d-----w- C:\Downloads
    2013-05-30 11:10 . 2013-06-03 11:56 -------- d-----w- c:\program files\Free Download Manager
    2013-05-26 11:49 . 2013-06-22 05:55 -------- d-----w- C:\Recorded Videos
    2013-05-24 13:43 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
    2013-05-24 13:43 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-05-24 13:38 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2013-05-24 13:38 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2013-05-24 13:38 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll
    2013-05-24 13:38 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2013-05-24 13:38 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2013-05-24 13:26 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2013-05-24 13:26 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
    2013-05-24 13:26 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
    2013-05-24 13:20 . 2013-05-24 13:20 801792 ----a-w- c:\windows\system32\FntCache.dll
    2013-05-24 13:20 . 2013-05-24 13:20 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-05-24 13:20 . 2013-05-24 13:20 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-05-24 13:20 . 2013-05-24 13:20 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2013-05-24 13:20 . 2013-05-24 13:20 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2013-05-24 13:20 . 2013-05-24 13:20 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-24 13:20 . 2013-05-24 13:20 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-05-24 13:20 . 2013-05-24 13:20 3181568 ----a-w- c:\windows\system32\mf.dll
    2013-05-24 13:20 . 2013-05-24 13:20 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-24 13:20 . 2013-05-24 13:20 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2013-05-24 13:20 . 2013-05-24 13:20 107520 ----a-w- c:\windows\system32\cdd.dll
    2013-05-24 13:12 . 2013-05-24 13:12 -------- d-----w- c:\program files\MSXML 4.0
    2013-05-24 12:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2013-05-24 12:54 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2013-05-24 12:54 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
    2013-05-24 12:54 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2013-05-24 12:53 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
    2013-05-24 12:53 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
    2013-05-24 12:53 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll
    2013-05-24 12:52 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2013-05-24 12:52 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2013-05-24 12:52 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-05-24 12:51 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2013-05-24 12:50 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2013-05-24 12:50 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2013-05-24 12:49 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-05-24 12:49 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2013-05-24 12:49 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-05-24 12:47 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-05-24 12:46 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
    2013-05-24 12:46 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2013-05-24 12:46 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2013-05-24 12:46 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
    2013-05-24 12:46 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-05-24 12:46 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2013-05-24 12:46 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2013-05-24 12:46 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2013-05-24 12:46 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2013-05-24 12:46 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2013-05-24 12:46 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2013-05-24 12:46 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2013-05-24 12:46 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2013-05-24 12:44 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
    2013-05-24 12:42 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
    2013-05-24 12:42 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2013-05-24 12:42 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-05-24 12:42 . 2013-01-04 04:55 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-05-24 12:42 . 2013-01-04 04:55 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-05-24 12:41 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll
    2013-05-24 12:41 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
    2013-05-24 12:41 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
    2013-05-24 12:41 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2013-05-24 12:41 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2013-05-24 12:41 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2013-05-24 12:41 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2013-05-24 12:41 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
    2013-05-24 12:41 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
    2013-05-24 12:41 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-11 06:58 . 2013-05-15 12:27 485240 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2013-05-19 12:48 . 2013-05-19 12:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-19 12:48 . 2013-05-19 12:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-14 13:24 . 2013-05-14 13:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-05-14 13:24 . 2013-05-14 13:24 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-05-14 13:24 . 2013-05-14 13:24 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-01 20:36 . 2013-05-10 13:17 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-25 15:00 . 2013-04-25 15:00 5041848 ----a-w- c:\users\Sai SGK\AppData\Roaming\idman615f.exe
    2013-04-17 01:01 . 2013-05-10 13:17 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{606A50D8-1396-4AEF-BF21-01BAF06E2C2C}\mpengine.dll
    2013-03-28 21:23 . 2013-03-28 21:23 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
    "LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
    "HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 13797992]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 567864]
    "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 78832]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
    .
    c:\users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    bm.lnk - c:\users\Sai SGK\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [2013-5-29 74075]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2013-5-11 155648]
    AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2013-5-11 651264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-05-13 4937264]
    R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-05-19 599040]
    R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-09-17 20848]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-02-07 60216]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-02-07 245048]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-02-07 39224]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-03-28 208184]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-02-07 170808]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-20 182072]
    S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-22 348160]
    S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-04-17 283136]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC.sys [2009-08-21 461952]
    S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2009-08-05 314752]
    S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2009-08-05 32896]
    S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR.sys [2009-08-21 33280]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-21 189440]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-22 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\Communicator.exe [2013-05-20 05:19]
    .
    2013-06-17 c:\windows\Tasks\HPCeeScheduleForSai SGK.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 16:45]
    .
    2013-05-10 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 06:58]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.google.com
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\
    FF - ExtSQL: 2013-06-17 17:06; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
    FF - ExtSQL: 2013-06-22 12:21; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\hab2nhw4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-SpeedUpSystem - wscript c:\users\Sai SGK\AppData\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs
    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
    AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
    AddRemove-{A65B9658-9F5E-E221-B44E-55FD548E6EEB} - c:\progra~2\INSTAL~1\{C225C~1\Setup.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5600)
    c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
    .
    Completion time: 2013-06-22 16:48:17
    ComboFix-quarantined-files.txt 2013-06-22 11:18
    .
    Pre-Run: 114,598,416,384 bytes free
    Post-Run: 114,812,633,088 bytes free
    .
    - - End Of File - - 545E663555270865D2613219A9B5A895
    18820D9F5CA638E16DD9D90D1B1041C3

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    JRT and Adwcleaner removed a lot of garbage, namely toolbars which can be resource hogs. Hows the CPU usage now?
    How Can I Reduce My Risk?

  9. #9
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    the cpu usage is normal now, but sometimes the mouse pointer slows a bit and becomes normal after few seconds. please help.
    Last edited by tashi; 2013-07-18 at 20:00. Reason: Helper responded and no reply from yukukuhi

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Take a look at this.
    Also read this and see if its something you want to try. Its free for personal use.
    Also rescan and post a new DDS log.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •