internet sometimes slows (slower than tablet), suspicious spoolsv.exe.org

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

leslie7622

Thread Starter
Joined
Jan 27, 2013
Messages
1
Hi,

I suspect I have a virus on my computer. Sometimes internet browsing is really really slow. I thought it was my internet connection at first but when I try the same webpage on my tablet on the same connection, my tablet is way faster than my laptop. I have a decent computer (Core 2 Duo, 4gb ram, 256 gb crucial m4 ssd. I'm using Windows 7 64 bit). I use TrendMicro OfficeSCAN (required by my school) and the paid version of malwarebytes. I've scanned using both already and no viruses or spyware were found. For most functions, its pretty fast, its just when going on the internet. I also found some suspicious files while trying to add a printer (spoolsv.exe.org and spoolsv.exe.miui)

I've read the sticky post about what to do and I hope I did this all correctly. This is my first post so please be gentle if I made any mistakes.

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:01 AM, on 1/28/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\chsync.exe
C:\Users\Leslie\AppData\Local\Temp\{983BFE5F-75A8-4368-9F9A-7EA2905706B4}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\BrLogRx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Leslie\Downloads\sqjv0wrp.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Ashampoo_US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Ashampoo_US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ashampoo_US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4204785003-3794948951-935434757-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4204785003-3794948951-935434757-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Unknown owner - C:\Program Files (x86)\Browny02\BrYNSvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14475 bytes


DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Leslie at 11:36:49 on 2013-01-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.613 [GMT 8:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\chsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\chsync.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Temp\{983BFE5F-75A8-4368-9F9A-7EA2905706B4}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\BrLogRx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\notepad.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\rundll32.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Leslie\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.ph/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
mURLSearchHooks: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
mWinlogon: Userinit = userinit.exe
BHO: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ashampoo_US Toolbar: {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
TB: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
uRun: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{47A4D00D-EA88-4E71-ABA4-7F79BB691735} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F9B04D0-1C0B-4007-80B0-FFDF47835039} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F9B04D0-1C0B-4007-80B0-FFDF47835039}\2656C6B696E6E233560323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4F9B04D0-1C0B-4007-80B0-FFDF47835039}\B43555027457563747 : DHCPNameServer = 129.130.254.2 129.130.254.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\a3mzspao.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Leslie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-7-22 196688]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2012-6-7 89600]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-28 682344]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-25 72192]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2012-7-16 57344]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2012-7-16 55296]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2010-10-21 344376]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2010-10-21 42808]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-7-22 338000]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-7 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-7 215040]
R3 TmPfw;OfficeScan NT Firewall;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-1-8 595960]
R3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-1-8 917768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 107432]
S3 BrYNSvc;BrYNSvc;"C:\Program Files (x86)\Browny02\BrYNSvc.exe" --> C:\Program Files (x86)\Browny02\BrYNSvc.exe [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-16 35104]
S3 btwsecfl;Bluetooth USB Security Filter;C:\Windows\System32\drivers\btwsecfl.sys [2012-6-11 70696]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-16 52736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-7 14464]
.
=============== Created Last 30 ================
.
2013-01-28 10:11:11 558080 ----a-w- C:\Windows\System32\spoolsv.exe
2013-01-28 10:11:11 53312 ------w- C:\Windows\chsync.exe
2013-01-28 02:35:50 -------- d-----w- C:\ProgramData\Brother
2013-01-24 22:01:08 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-24 21:27:31 -------- d-----w- C:\Users\Leslie\AppData\Local\Macromedia
2013-01-24 21:15:20 -------- d-----w- C:\Users\Leslie\AppData\Local\Mozilla
2013-01-21 06:31:03 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-21 06:31:03 63928 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-21 06:31:03 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-21 06:31:03 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-21 06:31:03 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-21 06:31:03 118712 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-17 21:03:44 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{032D56D0-21E2-4346-B7CE-5C7BAA39377F}\mpengine.dll
2013-01-13 10:49:45 -------- d-----w- C:\Users\Leslie\AppData\Local\Adobe_Systems_Incorporate
2013-01-13 01:44:15 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-13 01:44:15 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-13 01:40:02 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-13 01:40:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-13 01:40:01 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-13 01:40:01 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-13 01:39:58 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-13 01:39:58 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-13 01:32:20 3147264 ----a-w- C:\Windows\System32\win32k.sys
2013-01-10 13:12:04 -------- d-----w- C:\Users\Leslie\AppData\Roaming\calibre
2013-01-03 01:03:09 -------- d-----w- C:\Users\Leslie\AppData\Local\Cisco
2013-01-03 01:03:09 -------- d-----w- C:\ProgramData\Cisco
2013-01-03 01:03:09 -------- d-----w- C:\Program Files (x86)\Cisco
2013-01-02 09:23:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-02 09:23:25 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-02 09:23:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-02 09:23:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-24 22:01:00 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-01-24 22:01:00 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-24 21:26:57 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-24 21:26:57 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-28 18:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 11:37:12.86 ===============

ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/7/2012 11:25:38 AM
System Uptime: 1/28/2013 10:11:14 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0J372M
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Socket A | 2401/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 18.293 GiB free.
D: is FIXED (NTFS) - 92 GiB total, 91.072 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader XI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo US Toolbar
Avidemux 2.5 (32-bit)
Bonjour
calibre
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Common
Contents
Corel PaintShop Pro X4
Corel VideoStudio Pro X4
D3DX10
Dell Driver Download Manager
Dell Resource CD
Dell Touchpad
DeviceIO
DivX Setup
eReg
Google Chrome
Google Talk Plugin
ICA
IDT Audio
IPM_PSP_COM
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 11
Java Auto Updater
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3 Tag Tools v1.2
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nalsoft Subtitle Player v10200
Notepad++
Novacomd
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Drivers
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF-Viewer
Photo Common
Photo Gallery
PSPPContent
PSPPHelp
PSPPro64
PureHD
Quickset64
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
RICOH R5U230 Media Driver ver.2.02.02.01
SafeConnect
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Setup
Share
Share64
SILKYPIX Developer Studio 3.1 SE
Skype Click to Call
Skype&#8482; 6.1
SmartSound Common Data
Trend Micro OfficeScan Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
VC80CRTRedist - 8.0.50727.6195
VIO
VLC media player 2.0.2
VSClassic
VSee
VSPro
WIDCOMM Bluetooth Software
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
WinZip 15.5
X-Chat 2.8.6-2
XChat 2 (remove only)
.
==== Event Viewer Messages From Past Week ========
.
1/28/2013 10:15:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spooler service to connect.
1/28/2013 10:15:18 AM, Error: Service Control Manager [7000] - The Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2013 4:58:02 AM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

GMER

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-01-28 11:52:19
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000006a M4-CT256 rev.000F 238.47GB
Running: sqjv0wrp.exe; Driver: C:\Users\Leslie\AppData\Local\Temp\pwdirpod.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes [F7, 76]
.text ... * 9
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes [F7, 76]
.text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes [F7, 76]

---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\svchost.exe [936:3852] 000007fef62b20c0
Thread C:\Windows\System32\svchost.exe [936:4028] 000007fef62b26a8
Thread C:\Windows\System32\svchost.exe [936:4032] 000007fef62b29dc
Thread C:\Windows\System32\svchost.exe [936:4272] 000007fef3248a4c
Thread C:\Windows\System32\svchost.exe [936:292] 000007fef6f788f8
Thread C:\Windows\system32\svchost.exe [1224:1264] 000007fef9e93260
Thread C:\Windows\system32\svchost.exe [1224:1284] 000007fef9e93aac
Thread C:\Windows\system32\svchost.exe [1224:1288] 000007fef9e946d0
Thread C:\Windows\system32\svchost.exe [1224:2420] 000007fef718f978
Thread C:\Windows\system32\svchost.exe [1224:3488] 000007fef6fc5124
Thread C:\Windows\system32\svchost.exe [1224:4100] 000007fef403fd00
Thread C:\Windows\system32\taskhost.exe [1584:1628] 000007fef8e42740
Thread C:\Windows\system32\taskhost.exe [1584:1652] 000007fef8d81f38
Thread C:\Windows\system32\taskhost.exe [1584:1704] 000007fefb671010
Thread C:\Windows\chsync.exe [1592:4320] 0000000073e832fb
Thread C:\Windows\chsync.exe [1592:4532] 0000000073156f14
Thread C:\Windows\system32\svchost.exe [1620:2088] 000007fef7783060
Thread C:\Windows\system32\svchost.exe [1620:3548] 000007fef7785570
Thread C:\Windows\system32\svchost.exe [1620:4064] 000007fef53d2888
Thread C:\Windows\system32\svchost.exe [1620:3084] 000007fef52e2940
Thread C:\Windows\system32\svchost.exe [1620:5324] 000007fef53d2a40
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3596:4776] 000007fefb7b2a88
Thread C:\Windows\System32\svchost.exe [4456:4544] 000007fef403fd00
Thread C:\Windows\System32\svchost.exe [4456:8140] 000007fef6fc9874
Thread C:\Windows\system32\svchost.exe [3876:5304] 000000006a4fb5fc
Thread C:\Windows\system32\svchost.exe [3876:5228] 000000006ee91760
Thread C:\Windows\system32\svchost.exe [3876:5332] 000000006b2c8b1c
Thread C:\Windows\system32\svchost.exe [3876:3308] 000000006b2cc740
Thread C:\Windows\system32\svchost.exe [3876:5372] 000000006b2d498c
Thread C:\Windows\system32\svchost.exe [3876:5412] 000000006b552234
Thread C:\Windows\system32\svchost.exe [3876:5420] 000000006a520398
Thread C:\Windows\system32\svchost.exe [3876:5436] 000000006a4f6394
Thread C:\Windows\System32\svchost.exe [5428:5684] 000007feef2c9688
Thread C:\Windows\system32\mmc.exe [5640:5472] 0000000060a32340
Thread C:\Windows\system32\mmc.exe [5640:4920] 000007fefb671010
Thread C:\Windows\system32\mmc.exe [5316:3684] 0000000060a32340
Thread C:\Windows\system32\mmc.exe [5316:5812] 000007fefb671010

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffac04ca3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xAE 0x94 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x50 0xC0 0x87 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x22 0x64 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffac04ca3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xAE 0x94 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x50 0xC0 0x87 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x22 0x64 0xFB ...

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top