1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

internet sometimes slows (slower than tablet), suspicious spoolsv.exe.org

Discussion in 'Virus & Other Malware Removal' started by leslie7622, Jan 27, 2013.

Thread Status:
Not open for further replies.
  1. leslie7622

    leslie7622 Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    1
    Hi,

    I suspect I have a virus on my computer. Sometimes internet browsing is really really slow. I thought it was my internet connection at first but when I try the same webpage on my tablet on the same connection, my tablet is way faster than my laptop. I have a decent computer (Core 2 Duo, 4gb ram, 256 gb crucial m4 ssd. I'm using Windows 7 64 bit). I use TrendMicro OfficeSCAN (required by my school) and the paid version of malwarebytes. I've scanned using both already and no viruses or spyware were found. For most functions, its pretty fast, its just when going on the internet. I also found some suspicious files while trying to add a printer (spoolsv.exe.org and spoolsv.exe.miui)

    I've read the sticky post about what to do and I hope I did this all correctly. This is my first post so please be gentle if I made any mistakes.

    HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:53:01 AM, on 1/28/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\SafeConnect\scClient.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\chsync.exe
    C:\Users\Leslie\AppData\Local\Temp\{983BFE5F-75A8-4368-9F9A-7EA2905706B4}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\BrLogRx.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Leslie\Downloads\sqjv0wrp.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Ashampoo_US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Ashampoo_US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Ashampoo_US Toolbar - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-4204785003-3794948951-935434757-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-4204785003-3794948951-935434757-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: SafeConnect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Unknown owner - C:\Program Files (x86)\Browny02\BrYNSvc.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
    O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14475 bytes


    DDS.TXT

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Leslie at 11:36:49 on 2013-01-28
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.613 [GMT 8:00]
    .
    AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\chsync.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\SafeConnect\scClient.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\SafeConnect\scManager.sys
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\chsync.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Temp\{983BFE5F-75A8-4368-9F9A-7EA2905706B4}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\BrLogRx.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\notepad.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\notepad.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\DeviceDisplayObjectProvider.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\Leslie\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Leslie\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.ph/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uURLSearchHooks: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    mURLSearchHooks: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Ashampoo_US Toolbar: {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    TB: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Users\Leslie\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    uRun: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{47A4D00D-EA88-4E71-ABA4-7F79BB691735} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{4F9B04D0-1C0B-4007-80B0-FFDF47835039} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{4F9B04D0-1C0B-4007-80B0-FFDF47835039}\2656C6B696E6E233560323 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{4F9B04D0-1C0B-4007-80B0-FFDF47835039}\B43555027457563747 : DHCPNameServer = 129.130.254.2 129.130.254.3
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\a3mzspao.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
    FF - plugin: C:\Users\Leslie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-7-22 196688]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2012-6-7 89600]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-28 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-28 682344]
    R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-25 72192]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2012-7-16 57344]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2012-7-16 55296]
    R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2010-10-21 344376]
    R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2010-10-21 42808]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-7-22 338000]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-7 24176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-7 215040]
    R3 TmPfw;OfficeScan NT Firewall;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-1-8 595960]
    R3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-1-8 917768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 107432]
    S3 BrYNSvc;BrYNSvc;"C:\Program Files (x86)\Browny02\BrYNSvc.exe" --> C:\Program Files (x86)\Browny02\BrYNSvc.exe [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-16 35104]
    S3 btwsecfl;Bluetooth USB Security Filter;C:\Windows\System32\drivers\btwsecfl.sys [2012-6-11 70696]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-16 52736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-7 14464]
    .
    =============== Created Last 30 ================
    .
    2013-01-28 10:11:11 558080 ----a-w- C:\Windows\System32\spoolsv.exe
    2013-01-28 10:11:11 53312 ------w- C:\Windows\chsync.exe
    2013-01-28 02:35:50 -------- d-----w- C:\ProgramData\Brother
    2013-01-24 22:01:08 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-24 21:27:31 -------- d-----w- C:\Users\Leslie\AppData\Local\Macromedia
    2013-01-24 21:15:20 -------- d-----w- C:\Users\Leslie\AppData\Local\Mozilla
    2013-01-21 06:31:03 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-01-21 06:31:03 63928 ----a-w- C:\Windows\System32\nvshext.dll
    2013-01-21 06:31:03 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-01-21 06:31:03 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-01-21 06:31:03 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
    2013-01-21 06:31:03 118712 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-01-17 21:03:44 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{032D56D0-21E2-4346-B7CE-5C7BAA39377F}\mpengine.dll
    2013-01-13 10:49:45 -------- d-----w- C:\Users\Leslie\AppData\Local\Adobe_Systems_Incorporate
    2013-01-13 01:44:15 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-13 01:44:15 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-13 01:40:02 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-13 01:40:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-13 01:40:01 2001408 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-13 01:40:01 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-13 01:39:58 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-13 01:39:58 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-13 01:32:20 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-10 13:12:04 -------- d-----w- C:\Users\Leslie\AppData\Roaming\calibre
    2013-01-03 01:03:09 -------- d-----w- C:\Users\Leslie\AppData\Local\Cisco
    2013-01-03 01:03:09 -------- d-----w- C:\ProgramData\Cisco
    2013-01-03 01:03:09 -------- d-----w- C:\Program Files (x86)\Cisco
    2013-01-02 09:23:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2013-01-02 09:23:25 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2013-01-02 09:23:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2013-01-02 09:23:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-24 22:01:00 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-24 22:01:00 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-01-24 21:26:57 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-24 21:26:57 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-28 18:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 11:37:12.86 ===============

    ATTACH.TXT

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/7/2012 11:25:38 AM
    System Uptime: 1/28/2013 10:11:14 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0J372M
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Socket A | 2401/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 146 GiB total, 18.293 GiB free.
    D: is FIXED (NTFS) - 92 GiB total, 91.072 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Digital Editions 2.0
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Lightroom 4.1 64-bit
    Adobe Reader XI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo US Toolbar
    Avidemux 2.5 (32-bit)
    Bonjour
    calibre
    Cisco AnyConnect Secure Mobility Client
    Cisco AnyConnect Secure Mobility Client
    Common
    Contents
    Corel PaintShop Pro X4
    Corel VideoStudio Pro X4
    D3DX10
    Dell Driver Download Manager
    Dell Resource CD
    Dell Touchpad
    DeviceIO
    DivX Setup
    eReg
    Google Chrome
    Google Talk Plugin
    ICA
    IDT Audio
    IPM_PSP_COM
    IPM_VS_Pro
    ISCOM
    iTunes
    Java 7 Update 11
    Java Auto Updater
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Movie Maker
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mp3 Tag Tools v1.2
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    Nalsoft Subtitle Player v10200
    Notepad++
    Novacomd
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 310.90
    NVIDIA 3D Vision Driver 310.90
    NVIDIA Control Panel 310.90
    NVIDIA Drivers
    NVIDIA Graphics Driver 310.90
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    PDF-Viewer
    Photo Common
    Photo Gallery
    PSPPContent
    PSPPHelp
    PSPPro64
    PureHD
    Quickset64
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    RICOH R5U230 Media Driver ver.2.02.02.01
    SafeConnect
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB960003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office Excel 2007 (KB959997)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Setup
    Share
    Share64
    SILKYPIX Developer Studio 3.1 SE
    Skype Click to Call
    Skype&#8482; 6.1
    SmartSound Common Data
    Trend Micro OfficeScan Client
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Office 2007 (KB932080)
    Update for Office 2007 (KB934391)
    VC80CRTRedist - 8.0.50727.6195
    VIO
    VLC media player 2.0.2
    VSClassic
    VSee
    VSPro
    WIDCOMM Bluetooth Software
    Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Encoder 9 Series
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    WinRAR archiver
    WinZip 15.5
    X-Chat 2.8.6-2
    XChat 2 (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/28/2013 10:15:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spooler service to connect.
    1/28/2013 10:15:18 AM, Error: Service Control Manager [7000] - The Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/25/2013 4:58:02 AM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================

    GMER

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-28 11:52:19
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000006a M4-CT256 rev.000F 238.47GB
    Running: sqjv0wrp.exe; Driver: C:\Users\Leslie\AppData\Local\Temp\pwdirpod.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes [F7, 76]
    .text ... * 9
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes [F7, 76]
    .text C:\Program Files (x86)\SafeConnect\scManager.sys[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes [F7, 76]

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\System32\svchost.exe [936:3852] 000007fef62b20c0
    Thread C:\Windows\System32\svchost.exe [936:4028] 000007fef62b26a8
    Thread C:\Windows\System32\svchost.exe [936:4032] 000007fef62b29dc
    Thread C:\Windows\System32\svchost.exe [936:4272] 000007fef3248a4c
    Thread C:\Windows\System32\svchost.exe [936:292] 000007fef6f788f8
    Thread C:\Windows\system32\svchost.exe [1224:1264] 000007fef9e93260
    Thread C:\Windows\system32\svchost.exe [1224:1284] 000007fef9e93aac
    Thread C:\Windows\system32\svchost.exe [1224:1288] 000007fef9e946d0
    Thread C:\Windows\system32\svchost.exe [1224:2420] 000007fef718f978
    Thread C:\Windows\system32\svchost.exe [1224:3488] 000007fef6fc5124
    Thread C:\Windows\system32\svchost.exe [1224:4100] 000007fef403fd00
    Thread C:\Windows\system32\taskhost.exe [1584:1628] 000007fef8e42740
    Thread C:\Windows\system32\taskhost.exe [1584:1652] 000007fef8d81f38
    Thread C:\Windows\system32\taskhost.exe [1584:1704] 000007fefb671010
    Thread C:\Windows\chsync.exe [1592:4320] 0000000073e832fb
    Thread C:\Windows\chsync.exe [1592:4532] 0000000073156f14
    Thread C:\Windows\system32\svchost.exe [1620:2088] 000007fef7783060
    Thread C:\Windows\system32\svchost.exe [1620:3548] 000007fef7785570
    Thread C:\Windows\system32\svchost.exe [1620:4064] 000007fef53d2888
    Thread C:\Windows\system32\svchost.exe [1620:3084] 000007fef52e2940
    Thread C:\Windows\system32\svchost.exe [1620:5324] 000007fef53d2a40
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3596:4776] 000007fefb7b2a88
    Thread C:\Windows\System32\svchost.exe [4456:4544] 000007fef403fd00
    Thread C:\Windows\System32\svchost.exe [4456:8140] 000007fef6fc9874
    Thread C:\Windows\system32\svchost.exe [3876:5304] 000000006a4fb5fc
    Thread C:\Windows\system32\svchost.exe [3876:5228] 000000006ee91760
    Thread C:\Windows\system32\svchost.exe [3876:5332] 000000006b2c8b1c
    Thread C:\Windows\system32\svchost.exe [3876:3308] 000000006b2cc740
    Thread C:\Windows\system32\svchost.exe [3876:5372] 000000006b2d498c
    Thread C:\Windows\system32\svchost.exe [3876:5412] 000000006b552234
    Thread C:\Windows\system32\svchost.exe [3876:5420] 000000006a520398
    Thread C:\Windows\system32\svchost.exe [3876:5436] 000000006a4f6394
    Thread C:\Windows\System32\svchost.exe [5428:5684] 000007feef2c9688
    Thread C:\Windows\system32\mmc.exe [5640:5472] 0000000060a32340
    Thread C:\Windows\system32\mmc.exe [5640:4920] 000007fefb671010
    Thread C:\Windows\system32\mmc.exe [5316:3684] 0000000060a32340
    Thread C:\Windows\system32\mmc.exe [5316:5812] 000007fefb671010

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffac04ca3
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xAE 0x94 0x97 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x50 0xC0 0x87 0x30 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x22 0x64 0xFB ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffac04ca3 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xAE 0x94 0x97 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x50 0xC0 0x87 0x30 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x22 0x64 0xFB ...

    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087179

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice