# fwtsqmfile00.sqm - is this a virus?



## jewelleryangel (Jul 14, 2012)

Hi, everytime I turn on my pc, I get this file added to my temp file fwtsqmfile00.sqm, if that's already there, I get fwtsqmfile01.sqm, and so on. I also get batch files with random numbers such as 24987, 24871. I'm not sure if it's linked or because I have so many virus scanners etc installed now, but my firefox also seems a bit slower the past couple of days.

I also don't know if this is normal, but everytime I shut my laptop down, I have 2 windows updates to run before it shuts down, is this normal? It's always 2, my mum's on windows 7 as well and she doesn't have 2 every day. I was worried it's these batch files running every day or something?

I had stdrt.exe on my pc, which was getting blocked by AVG so wasn't running, but I deleted those files from my temp folder and haven't had them back, but I am still getting the above.

Please can you advise if these files are normal, or if not can you help me get rid of them. I've googled and tried a few recommended options (malware bytes etc), but they are still coming back.

HijackThis and DDS are below, Attach.txt is attached as requested. I haven't done GMER yet, I didn't have time to run it the other night when I did these.

I'm going on holiday on Friday so any help you can give me before than would be much appreciated.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:17:28, on 12/07/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Users\Stacey\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stacey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: PHOTOfunSTUDIO 5.0.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://p.playfirst.com/play/game/greatchocolatechase/greatchocolatechaseweb.1.0.0.13.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} (CPlayFirstDressShopHControl Object) - http://p.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} (CPlayFirstChocolatieControl Object) - http://p.playfirst.com/play/game/chocolatier-decadence-design/Chocolatier3Web.1.0.0.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14262 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Stacey at 22:20:09 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3566.2359 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\conhost.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\windows\SYSTEM32\Rezip.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\AnyPC Client\APLanMgrC.exe
C:\windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.facebook.com/?ref=hp
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\stacey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://p.playfirst.com/play/game/greatchocolatechase/greatchocolatechaseweb.1.0.0.13.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://p.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://p.playfirst.com/play/game/chocolatier-decadence-design/Chocolatier3Web.1.0.0.6.cab
TCP: DhcpNameServer = 195.200.157.50 195.200.158.50
TCP: Interfaces\{0C77E06A-ADE7-415C-ACA6-A7EF1C46FF41} : DhcpNameServer = 195.200.157.50 195.200.158.50
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stacey\appdata\roaming\mozilla\firefox\profiles\b8hwwrhy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\stacey\appdata\roaming\mozilla\firefox\profiles\b8hwwrhy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\stacey\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\stacey\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\stacey\appdata\roaming\mozilla\firefox\profiles\b8hwwrhy.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\stacey\appdata\roaming\mozilla\firefox\profiles\b8hwwrhy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-5 10752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-3-20 44312]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-5 311296]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-5 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-20 29472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-12-5 66080]
R3 rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2011-1-6 559208]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 135664]
S2 WMCRcvrSrv;Media Center Receiver Server;c:\windows\system32\mmrecver.exe [2011-4-29 5120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 135664]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-12-5 125696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2010-4-7 120232]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-10 1343400]
.
=============== Created Last 30 ================
.
2012-07-12 20:29:09 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-12 20:29:09 -------- d-----w- c:\program files\Kaspersky Lab
2012-07-12 19:58:31 -------- d-----w- c:\program files\Unlocker
2012-07-12 19:51:35 -------- d-----w- c:\users\stacey\appdata\roaming\Uniblue
2012-07-12 19:51:34 -------- d-----w- c:\program files\Uniblue
2012-07-12 18:48:38 -------- d-----w- c:\users\stacey\appdata\local\{E156F478-E407-4152-A9E4-94F5DBD5500E}
2012-07-12 17:29:10 -------- d-----w- c:\users\stacey\appdata\roaming\SUPERAntiSpyware.com
2012-07-12 17:29:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 17:29:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-12 17:22:13 -------- d-----w- c:\program files\FileASSASSIN
2012-07-12 06:48:14 -------- d-----w- c:\users\stacey\appdata\local\{FB2ED8F3-DEB7-4768-AF11-7E417C09ED94}
2012-07-12 06:48:04 -------- d-----w- c:\users\stacey\appdata\local\{188CFA79-3C38-4C0D-8DD2-EDC3A785CA3C}
2012-07-12 02:01:54 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:51:35 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 18:51:28 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 18:51:27 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:51:27 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:51:27 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 18:51:27 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 18:51:22 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:51:21 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:46:11 -------- d-----w- c:\users\stacey\appdata\local\NPE
2012-07-11 18:46:11 -------- d-----w- c:\programdata\Norton
2012-07-11 17:14:15 -------- d-----w- c:\users\stacey\appdata\roaming\Malwarebytes
2012-07-11 17:14:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 17:14:11 -------- d-----w- c:\programdata\Malwarebytes
2012-07-11 17:14:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-11 16:57:41 -------- d-----w- c:\users\stacey\appdata\local\{1DAB5E09-3B11-43AA-8474-BC2612F8CBFC}
2012-07-11 16:57:31 -------- d-----w- c:\users\stacey\appdata\local\{068DF5B8-7B29-43C8-8673-8A40D42DE89A}
2012-07-10 18:53:36 -------- d-----w- c:\program files\Oracle
2012-07-10 18:52:54 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-10 18:47:32 -------- d-----w- c:\users\stacey\appdata\local\{EBA46236-70DC-4198-9108-6B5B00B999D7}
2012-07-10 18:47:21 -------- d-----w- c:\users\stacey\appdata\local\{9E785D4E-B3BB-437D-87C0-25D95786A59D}
2012-07-10 06:46:53 -------- d-----w- c:\users\stacey\appdata\local\{5197B4B7-345B-4086-B41A-3711382B2C30}
2012-07-10 06:46:43 -------- d-----w- c:\users\stacey\appdata\local\{023F58B3-F031-41A8-8089-1917BC8D8465}
2012-07-09 17:13:02 -------- d-----w- c:\users\stacey\appdata\local\{EC07BBBD-E9E8-4432-A260-1B56632CDC71}
2012-07-09 17:12:49 -------- d-----w- c:\users\stacey\appdata\local\{E538DBD0-52C2-4646-BB7F-CA5C7F9C6531}
2012-07-08 20:31:42 -------- d-----w- c:\users\stacey\appdata\local\{7B33F6EA-15A7-4EC6-A6C7-0E4982C2035B}
2012-07-08 08:31:00 -------- d-----w- c:\users\stacey\appdata\local\{D07D4C0D-D2A4-4171-8272-296C49C9B726}
2012-07-08 08:30:48 -------- d-----w- c:\users\stacey\appdata\local\{AF8862A7-1B11-4222-9380-24628289407B}
2012-07-07 08:39:21 -------- d-----w- c:\users\stacey\appdata\local\{D51D9E20-5C5C-49F1-9AB4-9513BFE0A73B}
2012-07-07 08:39:09 -------- d-----w- c:\users\stacey\appdata\local\{55F47E5A-6B24-4F31-A896-49C4FC398567}
2012-07-06 18:46:42 -------- d-----w- c:\users\stacey\appdata\local\{32248B98-E71F-4469-9CB6-3E6200CCD1F1}
2012-07-06 18:46:30 -------- d-----w- c:\users\stacey\appdata\local\{AA7143EE-B962-47F5-88B2-EDCC3D522FD1}
2012-07-06 06:46:03 -------- d-----w- c:\users\stacey\appdata\local\{14382031-C091-4CFC-BFCD-159E83FD2931}
2012-07-06 06:45:52 -------- d-----w- c:\users\stacey\appdata\local\{870EB402-A588-4A82-8185-907D349A80B3}
2012-07-05 17:13:23 -------- d-----w- c:\users\stacey\appdata\local\{9D7F76BE-804F-4FD4-A581-E09FF1AFD36F}
2012-07-05 17:13:07 -------- d-----w- c:\users\stacey\appdata\local\{777B6DEE-C0C2-47CA-AC64-04F48AB1A469}
2012-07-04 18:55:54 -------- d-----w- c:\users\stacey\appdata\local\{2646A187-D7C5-4698-BB0B-097C0808616C}
2012-07-04 18:55:44 -------- d-----w- c:\users\stacey\appdata\local\{2799802A-48BC-4F17-B54D-8E4469569360}
2012-07-04 06:55:18 -------- d-----w- c:\users\stacey\appdata\local\{FDDEEB6A-1060-40F6-9562-0F0A02C184E4}
2012-07-04 06:55:07 -------- d-----w- c:\users\stacey\appdata\local\{F7CBA8A5-286B-4A09-8DCD-5F6752A0E480}
2012-07-03 18:54:42 -------- d-----w- c:\users\stacey\appdata\local\{330702DA-D7D4-4699-86D2-17BEAE272569}
2012-07-03 18:54:31 -------- d-----w- c:\users\stacey\appdata\local\{891509BE-2525-4C25-B58D-4B68C6CADE5A}
2012-07-03 06:54:05 -------- d-----w- c:\users\stacey\appdata\local\{25FF3D34-0BF5-457C-9D81-4C606190C971}
2012-07-03 06:53:55 -------- d-----w- c:\users\stacey\appdata\local\{BC9AE079-B6F7-4BA2-981B-53F91857D1F4}
2012-07-02 17:38:58 -------- d-----w- c:\users\stacey\appdata\local\{89EE4B6F-01FD-485C-A409-F7F4A2A6538F}
2012-07-02 17:38:45 -------- d-----w- c:\users\stacey\appdata\local\{C945762D-280F-4431-AD99-E198C52560D8}
2012-07-01 20:45:41 -------- d-----w- c:\users\stacey\appdata\local\{5BDF71BF-D1C0-4169-AF17-11ED89B883D1}
2012-07-01 20:45:30 -------- d-----w- c:\users\stacey\appdata\local\{3C4962A8-6804-4A08-B58C-3EF3B6D67DCF}
2012-07-01 19:27:51 -------- d-----w- c:\windows\pss
2012-07-01 08:45:03 -------- d-----w- c:\users\stacey\appdata\local\{06266A8A-7E21-46B8-B8CB-C81D1096C8B7}
2012-07-01 08:44:52 -------- d-----w- c:\users\stacey\appdata\local\{D933C0B2-503C-4262-BBC6-D209D35843FA}
2012-06-30 12:55:06 -------- d-----w- c:\users\stacey\appdata\local\{B94D8742-3CAD-44AD-B926-F56B037602B2}
2012-06-30 12:54:50 -------- d-----w- c:\users\stacey\appdata\local\{822F5F83-288E-4F8A-9603-486C1D49C1CA}
2012-06-29 19:50:27 -------- d-----w- c:\users\stacey\appdata\local\{E51FE761-3E11-4C00-92A9-FB8FC3AF30DE}
2012-06-29 19:50:16 -------- d-----w- c:\users\stacey\appdata\local\{341BD9D7-1842-41A3-B57B-DF99EC47D64F}
2012-06-28 17:07:53 -------- d-----w- c:\users\stacey\appdata\local\{487830E5-078D-48CA-9D11-3CFD8F293EB8}
2012-06-28 17:07:40 -------- d-----w- c:\users\stacey\appdata\local\{BB7B232C-524D-4605-8CEB-C35BADA86068}
2012-06-27 17:43:00 -------- d-----w- c:\users\stacey\appdata\local\{669CED28-39FB-4D03-AB0D-280315A8C8C1}
2012-06-27 17:42:44 -------- d-----w- c:\users\stacey\appdata\local\{162B1FFD-B591-4C86-AB99-574C19AC6EC5}
2012-06-26 19:09:45 -------- d-----w- c:\users\stacey\appdata\local\{3C6E7A43-D47D-495A-87A1-A4B998C943A5}
2012-06-26 07:09:16 -------- d-----w- c:\users\stacey\appdata\local\{C30EF753-B295-4791-9FAB-4A2923D120F2}
2012-06-26 07:09:03 -------- d-----w- c:\users\stacey\appdata\local\{3703C9F5-1195-47AE-A4AF-334D8BA0DCB8}
2012-06-25 17:12:57 -------- d-----w- c:\users\stacey\appdata\local\{3BACD20F-4699-4BEE-BAA4-61AD330A77D5}
2012-06-25 17:12:41 -------- d-----w- c:\users\stacey\appdata\local\{C353DB29-2651-4EE5-810E-827113C16B70}
2012-06-24 11:53:08 -------- d-----w- c:\users\stacey\appdata\local\{C0EFD09B-900B-47E2-9E8B-DD93FBDDBD89}
2012-06-24 11:52:54 -------- d-----w- c:\users\stacey\appdata\local\{415B93A3-6765-48B3-AF3C-CD0932652D92}
2012-06-23 20:25:00 -------- d-----w- c:\users\stacey\appdata\local\{64D4A8AF-7659-4BB4-9FF9-8DF3567BC413}
2012-06-23 14:50:00 -------- d-----w- c:\program files\wxkpg
2012-06-23 09:03:59 -------- d-----w- c:\users\stacey\appdata\local\Macromedia
2012-06-23 08:24:29 -------- d-----w- c:\users\stacey\appdata\local\{FB3B4CF5-BF7B-447F-ADBE-A7D5F4BB1289}
2012-06-23 08:24:15 -------- d-----w- c:\users\stacey\appdata\local\{152BD9EC-AF87-4501-8986-FD957D08C844}
2012-06-22 19:28:40 -------- d-----w- c:\users\stacey\appdata\local\{EEB7849A-3F54-4776-90BB-D7519671D968}
2012-06-22 19:28:30 -------- d-----w- c:\users\stacey\appdata\local\{EE1986B0-E3D9-45C6-99E7-2D19D7D2A4C1}
2012-06-22 19:27:48 -------- d-----w- c:\windows\en
2012-06-22 19:27:28 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-22 19:21:37 89944 ----a-w- c:\program files\common files\windows live\.cache\3e503fad1cd50ac03\DSETUP.dll
2012-06-22 19:21:37 537432 ----a-w- c:\program files\common files\windows live\.cache\3e503fad1cd50ac03\DXSETUP.exe
2012-06-22 19:21:37 1801048 ----a-w- c:\program files\common files\windows live\.cache\3e503fad1cd50ac03\dsetup32.dll
2012-06-22 19:18:57 -------- d-----w- c:\users\stacey\appdata\local\{95CF106D-E66E-4F9F-99F4-110DCF133073}
2012-06-22 19:18:41 -------- d-----w- c:\users\stacey\appdata\local\{8608F3BE-39C6-491D-950C-91063FBD49FE}
2012-06-22 07:01:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 07:01:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 07:00:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 07:00:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 06:50:39 -------- d-----w- c:\users\stacey\appdata\local\{B99B11E0-BCAC-4FC2-9E31-27B2DE2FAB4B}
2012-06-22 06:50:11 -------- d-----w- c:\users\stacey\appdata\local\{2E4D2B66-C736-4610-A474-A0716F79C602}
2012-06-20 19:01:09 -------- d-----w- c:\users\stacey\appdata\local\{7111C887-AC66-439A-BFD4-D122BD06F0B9}
2012-06-20 19:00:56 -------- d-----w- c:\users\stacey\appdata\local\{A33D3E58-3AF9-431E-A273-8318D20A79FC}
2012-06-19 18:09:57 -------- d-----w- c:\users\stacey\appdata\local\{F8419B80-4D68-4A99-9645-E74AFF6B33DB}
2012-06-19 18:09:33 -------- d-----w- c:\users\stacey\appdata\local\{963E6829-4EAF-4C90-8090-5226A8B5DC22}
2012-06-17 21:16:46 -------- d-----w- c:\users\stacey\appdata\local\{4C0D1CAC-6A38-43D6-BEAE-5E575205A3F8}
2012-06-16 09:28:34 -------- d-----w- c:\users\stacey\appdata\local\{84E15D22-F97C-44A9-91EC-84807AF98C88}
2012-06-14 18:01:42 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 17:56:45 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 17:56:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 17:56:40 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 17:56:40 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 17:56:37 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 17:56:10 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 17:56:09 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 17:56:09 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 17:27:14 -------- d-----w- c:\users\stacey\appdata\local\{C598C09F-5F32-4FAD-9B29-DC0C12F80AD7}
2012-06-14 17:26:59 -------- d-----w- c:\users\stacey\appdata\local\{1F02FEE6-0428-4C79-99DC-DD582B74F09F}
2012-06-14 17:15:22 -------- d-----w- c:\users\stacey\appdata\local\{3B1F2F94-EF26-4808-B5C7-440EC2CFD56A}
2012-06-14 17:15:07 -------- d-----w- c:\users\stacey\appdata\local\{F684740C-2908-41F9-86C0-62E540E359F8}
.
==================== Find3M ====================
.
2012-07-11 19:52:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 19:52:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-04 18:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 22:20:41.86 ===============


----------



## jewelleryangel (Jul 14, 2012)

Got my GMER report now, after a few crashes and blue screens of death. Please can someone help me?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-14 21:57:08
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: ureh2hyy.exe; Driver: C:\Users\Stacey\AppData\Local\Temp\uxdiqpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9E7D3004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9E7D30D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9E7D2D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9E7D2E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9E7D2EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9E7D2F56]

Code 8B689C4C ZwTraceEvent
Code 8B689C4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 8404BE34 5 Bytes JMP 8B689C50 
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8405C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 84081092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4A0 84088AF0 8 Bytes [04, 30, 7D, 9E, D4, 30, 7D, ...] {ADD AL, 0x30; JGE 0xffffffffffffffa2; AAM 0x30; JGE 0xffffffffffffffa6}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 84088B38 4 Bytes [76, 2D, 7D, 9E] {JBE 0x2f; JGE 0xffffffffffffffa2}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 84088E08 8 Bytes [1E, 2E, 7D, 9E, BA, 2E, 7D, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 84088E7C 4 Bytes [56, 2F, 7D, 9E] {PUSH ESI; DAS ; JGE 0xffffffffffffffa2}
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 8428E753 5 Bytes JMP 8B689E30 
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 8429017B 5 Bytes JMP 8B689D90 
PAGE ntkrnlpa.exe!NtRequestPort + 2 842A43E1 5 Bytes JMP 8B689CF0

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1460] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; 
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1460] ntdll.dll!NtProtectVirtualMemory 77935000 5 Bytes JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1460] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1460] user32.dll!NotifyWinEvent + 48B 75E5F724 4 Bytes [4D, 27, 8B, 69]
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2728] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; 
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2728] ntdll.dll!NtProtectVirtualMemory 77935000 5 Bytes JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2728] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2728] user32.dll!NotifyWinEvent + 48B 75E5F724 4 Bytes [4D, 27, 8B, 69]
.text C:\windows\Explorer.EXE[3700] SHELL32.dll!SHFileOperationW 76039728 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0c6076fedf8b (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\506313abaae9 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0x4E 0x6F 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fedf8b 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313abaae9 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0x4E 0x6F 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0c6076fedf8b (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\506313abaae9 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0x4E 0x6F 0xA5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\[email protected] 2

---- EOF - GMER 1.0.15 ----


----------



## jewelleryangel (Jul 14, 2012)

Can anyone help yet please?


----------



## jewelleryangel (Jul 14, 2012)

Bump! 

Can anyone help me yet please?


----------



## kevinf80 (Mar 21, 2006)

Those files you mention are not malicious, read here http://filext.com/file-extension/SQM

Uninstall the following toolbars, they are classed as foistware..

StumbleUpon Toolbar
Playdom Toolbar
Yahoo! Toolbar..

Do you have any specific issues or were you only concerned about the files you mentioned?

Kevin


----------



## jewelleryangel (Jul 14, 2012)

Thanks for responding Kevin. I'm just on my way out to work, will remove the toolbars tonight.

Im getting new versions of the files every day, especially the batch files, and I'm concerned they are running something in my pc. 

Ive also noticed recently that when I'm in Firefox my sites all of a sudden freeze for lengthy periods and I have to wait until they stop before I can use them again or have to
Crash out of Firefox. 

I'm also getting windows updates every day when I shut down, is that normal? 

I know a little bit about computers and can fix some viruses, but not all, can you help me make sure my laptop is definitely clean?

Thanks


----------



## kevinf80 (Mar 21, 2006)

Ok, do the following:

*Step 1*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Download aswMBR from *Here*
*If it asks to update during the process please allow this to happen.*


 Save aswMBR.exe to your Desktop
 Double click aswMBR.exe to run it
 Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below










Note: Do not take action against any ***Rootkit*** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop.










Copy and paste the contents of aswMBR.txt back here for review

You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Kevin


----------



## jewelleryangel (Jul 14, 2012)

I don't think they have picked anything up, does this mean my laptop is clean?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Stacey :: STACEY-PC [administrator]

17/07/2012 18:23:58
mbam-log-2012-07-17 (18-23-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242722
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 18:58:39
-----------------------------
18:58:39.864 OS Version: Windows 6.1.7600 
18:58:39.864 Number of processors: 4 586 0x2502
18:58:39.864 ComputerName: STACEY-PC UserName: Stacey
18:59:10.362 Initialize success
18:59:19.457 AVAST engine defs: 12071700
18:59:26.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:59:26.523 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
18:59:26.570 Disk 0 MBR read successfully
18:59:26.570 Disk 0 MBR scan
18:59:26.601 Disk 0 unknown MBR code
18:59:26.617 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
18:59:26.648 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
18:59:26.679 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128
18:59:26.711 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552
18:59:26.757 Disk 0 scanning sectors +976771072
18:59:26.882 Disk 0 scanning C:\windows\system32\drivers
18:59:38.256 Service scanning
19:00:02.763 Modules scanning
19:00:16.164 Disk 0 trace - called modules:
19:00:16.179 
19:00:18.769 AVAST engine scan C:\windows
19:00:24.089 AVAST engine scan C:\windows\system32
19:03:22.069 AVAST engine scan C:\windows\system32\drivers
19:03:53.878 AVAST engine scan C:\Users\Stacey
20:17:44.437 AVAST engine scan C:\ProgramData
20:23:13.944 Scan finished successfully
20:31:27.654 Disk 0 MBR has been saved successfully to "C:\Users\Stacey\Desktop\MBR.dat"
20:31:27.654 The log file has been saved successfully to "C:\Users\Stacey\Desktop\aswMBR.txt"


----------



## kevinf80 (Mar 21, 2006)

I do not see anything malicious in any of the logs. Run this temporary file cleaner and see if your system responds any better:

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*


----------



## jewelleryangel (Jul 14, 2012)

Done, it deleted some files and then I rebooted. 

I'll see how my system runs now, it seems a bit better this evening than it did this morning anyway!


----------



## kevinf80 (Mar 21, 2006)

Let me know what you want to do, logs look fine.


----------

