# Random audio ads playing in the background (no browser open)



## decidedlyanxious (Jul 3, 2012)

Yesterday and the day before I opened my computer and all of a sudden random audio ads started to play even though I hadn't opened a browser or started any programs. Browsing through all the other techguy forum posts of people with the same computer symptoms (random audio ads playing in the background with no browser running) the problem has turned out to be a Zeroaccess Rootkit. If that turns out to be the case I'm prepared to do a hard drive reformat but would like to make certain before doing so (am extremely concerned about identity theft and banking detail implications).

There are no other symptoms of any viruses or malware - my computer is running fine and my Nod Eset antivirus scanner has turned up with 0 infections.

System specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 8151 Mb
Graphics Card: NVIDIA GeForce GT 230, 1536 Mb
Hard Drives: C: Total - 942573 MB, Free - 613544 MB; D: Total - 11192 MB, Free - 1627 MB;
Motherboard: MSI, IONA
Antivirus: ESET NOD32 Antivirus 4.2, Updated and Enabled

Below is the HijackThis logfile

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:41:01 PM, on 3/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
C:\Windows\OEM03Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Users\Shirley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKLM\..\Run: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-440003043-1088803470-648843409-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-440003043-1088803470-648843409-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 12981 bytes


----------



## decidedlyanxious (Jul 3, 2012)

DDS text file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Shirley at 17:55:40 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8151.6035 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
C:\Windows\OEM03Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Shirley\AppData\Local\Apps\2.0\AWLQ1Y62.RZ8\82EMCA2G.3MW\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5}\3547574656E647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5}\E4544574541425D223E243D274 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9E981298-052A-450F-9770-E1FA7783F507} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D7956ABC-BA6F-40DB-B167-BF28A6E841FB} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D7956ABC-BA6F-40DB-B167-BF28A6E841FB}\3547574656E647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EACC12C1-B2E0-4245-A9CC-8EBBBC6EF48D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EACC12C1-B2E0-4245-A9CC-8EBBBC6EF48D}\3547574656E647 : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)] 
mRun-x64: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun-x64: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/12/19 11:41:51];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-12-19 146928]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-19 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-2-23 103440]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-15 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-10-30 278528]
R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr28ux;Belkin N+ Wireless USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;\??\C:\Windows\system32\Drivers\OEM03Afx.sys --> C:\Windows\system32\Drivers\OEM03Afx.sys [?]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys --> C:\Windows\system32\DRIVERS\OEM03Vfx.sys [?]
S3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys --> C:\Windows\system32\DRIVERS\OEM03Vid.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?]
.
=============== Created Last 30 ================
.
2012-07-03 09:32:05	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78332675-CB20-40DC-ACF1-A21C387F2585}\offreg.dll
2012-06-29 06:51:38	9013136	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78332675-CB20-40DC-ACF1-A21C387F2585}\mpengine.dll
2012-06-19 06:18:19	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-19 06:17:59	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-19 06:17:39	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-19 06:17:38	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-15 14:28:02	--------	d-----w-	C:\Users\Shirley\.config
2012-06-13 12:50:54	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-06-13 07:13:31	--------	d-----w-	C:\Program Files\iTunes
2012-06-13 07:13:31	--------	d-----w-	C:\Program Files\iPod
2012-06-13 07:13:31	--------	d-----w-	C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47	889664	----a-w-	C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46	63296	----a-w-	C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46	118080	----a-w-	C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25	3149632	----a-w-	C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42	6151488	----a-w-	C:\Windows\System32\nvcpl.dll
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-14 18:21:50	423744	----a-w-	C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-18 12:56:30	94208	----a-w-	C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 12:56:30	69632	----a-w-	C:\Windows\SysWow64\QuickTime.qts
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
.
============= FINISH: 17:55:55.08 ===============


----------



## decidedlyanxious (Jul 3, 2012)

as attached.


----------



## jeffce (May 10, 2011)

Hi and welcome....

Please download *aswMBR* to your desktop.


Right click and Run as Administrator the aswMBR icon to run it.
Click the *Scan* button to start scan.
If asked whether you would like to update the Avast virus database please do.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


_Click the image to enlarge it_
----------


----------



## decidedlyanxious (Jul 3, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-03 21:46:29
-----------------------------
21:46:29.672 OS Version: Windows x64 6.1.7601 Service Pack 1
21:46:29.672 Number of processors: 4 586 0x1E05
21:46:29.672 ComputerName: SHIRLEY-PC UserName: Shirley
21:46:31.809 Initialize success
21:49:52.860 AVAST engine defs: 12070300
21:50:55.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:50:55.290 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
21:50:55.290 Disk 0 MBR read successfully
21:50:55.306 Disk 0 MBR scan
21:50:55.306 Disk 0 unknown MBR code
21:50:55.322 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:50:55.337 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942574 MB offset 206848
21:50:55.384 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11193 MB offset 1930598400
21:50:55.431 Disk 0 scanning C:\Windows\system32\drivers
21:51:06.070 Service scanning
21:51:28.066 Modules scanning
21:51:28.082 Disk 0 trace - called modules:
21:51:28.097 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:51:28.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007add060]
21:51:28.612 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077e5050]
21:51:30.671 AVAST engine scan C:\Windows
21:51:34.384 AVAST engine scan C:\Windows\system32
21:54:05.503 AVAST engine scan C:\Windows\system32\drivers
21:54:19.543 AVAST engine scan C:\Users\Shirley
21:55:03.545 Disk 0 MBR has been saved successfully to "C:\Users\Shirley\Desktop\MBR.dat"
21:55:03.545 The log file has been saved successfully to "C:\Users\Shirley\Desktop\aswMBR.txt"


----------



## jeffce (May 10, 2011)

Please download TDSSKiller.zip

Extract it to your desktop
Double click *TDSSKiller.exe*
when the window opens, click on *Change Parameters*
under *Additional options*, put a check mark in the box next to *Detect TDLFS File System*
click *OK* 
Press *Start Scan*
Only if *Malicious* objects are found then ensure *Cure* is selected
Then click *Continue* > *Reboot now*

Attach the log in your next reply
_A copy of the log will be saved automatically to the root of the drive (typically C:\)_

----------

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. 
Please post the contents of that file.

In your next reply please post the logs made by TDSSKiller and MBRCheck.


----------



## decidedlyanxious (Jul 3, 2012)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: VT564AA-ABG HPE-180a
Logical Drives Mask: 0x000005fc

Kernel Drivers (total 196):
0x02E05000 \SystemRoot\system32\ntoskrnl.exe
0x033ED000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00CC8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D17000 \SystemRoot\system32\PSHED.dll
0x00D2B000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E4E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F01000 \SystemRoot\system32\drivers\ACPI.sys
0x00F58000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F61000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F6B000 \SystemRoot\system32\drivers\pci.sys
0x00F9E000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FAB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC0000 \SystemRoot\system32\drivers\volmgr.sys
0x00D89000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD5000 \SystemRoot\System32\drivers\mountmgr.sys
0x01058000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01260000 \SystemRoot\system32\drivers\amdxata.sys
0x0126B000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01432000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012CB000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01329000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016DC000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018DF000 \SystemRoot\System32\drivers\tcpip.sys
0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B2C000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x01B36000 \SystemRoot\system32\drivers\volsnap.sys
0x01B82000 \SystemRoot\System32\Drivers\spldr.sys
0x01B8A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BC4000 \SystemRoot\System32\Drivers\mup.sys
0x01BD6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x044B3000 \SystemRoot\system32\drivers\cdrom.sys
0x044DD000 \SystemRoot\System32\Drivers\Null.SYS
0x044E6000 \SystemRoot\System32\Drivers\Beep.SYS
0x044ED000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x04512000 \SystemRoot\System32\drivers\vga.sys
0x04520000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04545000 \SystemRoot\System32\drivers\watchdog.sys
0x04555000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0455E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04567000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04570000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0457B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0458C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x045AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04200000 \SystemRoot\system32\drivers\afd.sys
0x045BB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04289000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0188E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x018B4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x018CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01BDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0168B000 \SystemRoot\system32\drivers\termdd.sys
0x0139B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0169F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x016AB000 \SystemRoot\system32\drivers\mssmbios.sys
0x016B6000 \SystemRoot\System32\drivers\discache.sys
0x017CF000 \SystemRoot\System32\Drivers\dfsc.sys
0x017ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x016C5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F22C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FFEE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x04674000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04768000 \SystemRoot\System32\drivers\dxgmms1.sys
0x047AE000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x047BF000 \SystemRoot\system32\drivers\usbehci.sys
0x04600000 \SystemRoot\system32\drivers\USBPORT.SYS
0x047D0000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04AA5000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04AFB000 \SystemRoot\system32\drivers\1394ohci.sys
0x04B39000 \SystemRoot\system32\drivers\AVer888RC_64.sys
0x04A00000 \SystemRoot\system32\drivers\ks.sys
0x04A43000 \SystemRoot\system32\drivers\BdaSup.SYS
0x04A47000 \??\C:\Windows\system32\drivers\TotRec8.sys
0x04A70000 \SystemRoot\system32\drivers\ksthunk.sys
0x04A76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04A83000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04BBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04BD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x01026000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04656000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FFF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0141B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04A9F000 \SystemRoot\system32\drivers\swenum.sys
0x013EC000 \SystemRoot\system32\DRIVERS\circlass.sys
0x00E1A000 \SystemRoot\system32\drivers\umbus.sys
0x04E83000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EDD000 \SystemRoot\system32\DRIVERS\AVer888RCIR_64.sys
0x04EEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06018000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06275000 \SystemRoot\system32\drivers\portcls.sys
0x062B2000 \SystemRoot\system32\drivers\drmk.sys
0x062D4000 \SystemRoot\system32\DRIVERS\hidir.sys
0x062E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x062FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06307000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06315000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x06322000 \SystemRoot\System32\drivers\Dxapi.sys
0x0632E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04292000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0633C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0634F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0284F000 \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
0x02986000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02993000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x029A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x029A3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x029C0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x029DB000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x029EC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02800000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x02810000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x02838000 \SystemRoot\system32\drivers\Dot4Prt.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x0635D000 \SystemRoot\system32\drivers\luafv.sys
0x04F03000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x06380000 \SystemRoot\system32\drivers\WudfPf.sys
0x063A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x063B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x063C9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x048A9000 \SystemRoot\system32\drivers\HTTP.sys
0x04972000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04990000 \SystemRoot\System32\drivers\mpsdrv.sys
0x049A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0484E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04872000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0487C000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x078E4000 \SystemRoot\system32\drivers\peauth.sys
0x0798A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07995000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x079C6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07800000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x0782B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07E34000 \SystemRoot\System32\DRIVERS\srv.sys
0x07ECC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07F6E000 \??\C:\Users\Shirley\AppData\Local\Temp\aswMBR.sys
0x76E40000 \Windows\System32\ntdll.dll
0x47970000 \Windows\System32\smss.exe
0xFF160000 \Windows\System32\apisetschema.dll
0xFF480000 \Windows\System32\autochk.exe
0xFF0D0000 \Windows\System32\difxapi.dll
0x76C30000 \Windows\System32\iertutil.dll
0xFF030000 \Windows\System32\comdlg32.dll
0xFEFD0000 \Windows\System32\Wldap32.dll
0xFEF30000 \Windows\System32\msvcrt.dll
0x76AD0000 \Windows\System32\wininet.dll
0xFEEC0000 \Windows\System32\gdi32.dll
0xFEDE0000 \Windows\System32\oleaut32.dll
0xFED90000 \Windows\System32\ws2_32.dll
0xFEC80000 \Windows\System32\msctf.dll
0xFEA70000 \Windows\System32\ole32.dll
0xFEA50000 \Windows\System32\sechost.dll
0xFEA30000 \Windows\System32\imagehlp.dll
0xFEA20000 \Windows\System32\lpk.dll
0xFE9F0000 \Windows\System32\imm32.dll
0xFDC60000 \Windows\System32\shell32.dll
0x76980000 \Windows\System32\urlmon.dll
0xFDB80000 \Windows\System32\advapi32.dll
0x77010000 \Windows\System32\psapi.dll
0xFDAB0000 \Windows\System32\usp10.dll
0xFDA30000 \Windows\System32\shlwapi.dll
0xFD850000 \Windows\System32\setupapi.dll
0x77000000 \Windows\System32\normaliz.dll
0xFD7B0000 \Windows\System32\clbcatq.dll
0x76880000 \Windows\System32\user32.dll
0x76760000 \Windows\System32\kernel32.dll
0xFD680000 \Windows\System32\rpcrt4.dll
0xFD670000 \Windows\System32\nsi.dll
0xFD5D0000 \Windows\System32\comctl32.dll
0xFD590000 \Windows\System32\wintrust.dll
0xFD570000 \Windows\System32\devobj.dll
0xFD400000 \Windows\System32\crypt32.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD350000 \Windows\System32\KernelBase.dll
0xFD340000 \Windows\System32\msasn1.dll
0x76FF0000 \Windows\SysWOW64\normaliz.dll

Processes (total 88):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
480 csrss.exe
540 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
852 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
896 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
300 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\wlanext.exe
1164 C:\Windows\System32\conhost.exe
1216 C:\Windows\System32\spoolsv.exe
1300 C:\Windows\System32\svchost.exe
1432 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1480 C:\Program Files\Bonjour\mDNSResponder.exe
1524 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1696 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1708 C:\Windows\System32\nvvsvc.exe
1828 C:\Windows\System32\svchost.exe
1852 C:\Windows\SysWOW64\svchost.exe
1876 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1912 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
1936 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\rundll32.exe
2004 C:\Windows\System32\rundll32.exe
2012 C:\Windows\SysWOW64\rundll32.exe
1516 C:\Windows\System32\svchost.exe
1016 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2132 C:\Windows\System32\svchost.exe
2172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2228 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2292 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3000 C:\Windows\System32\svchost.exe
1812 WUDFHost.exe
3024 C:\Windows\System32\taskhost.exe
2704 C:\Windows\System32\taskeng.exe
2976 C:\Windows\System32\dwm.exe
2708 C:\Windows\explorer.exe
3132 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
3204 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3228 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
3248 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
3264 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
3300 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
3408 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3444 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
3464 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3480 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
3600 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3612 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3632 C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
3648 C:\Users\Shirley\AppData\Local\Apps\2.0\AWLQ1Y62.RZ8\82EMCA2G.3MW\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
3660 C:\Windows\OEM03Mon.exe
3808 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3824 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3932 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3244 C:\Program Files\iPod\bin\iPodService.exe
3556 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
3584 C:\Windows\System32\SearchIndexer.exe
3896 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
4764 C:\Program Files\Windows Media Player\wmpnetwk.exe
4992 C:\Windows\System32\svchost.exe
4384 C:\Windows\System32\taskeng.exe
4496 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4548 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
2792 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
4440 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
5396 dllhost.exe
4428 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
6104 C:\Windows\System32\svchost.exe
6380 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
12960 C:\Windows\System32\audiodg.exe
12580 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
13192 dllhost.exe
13140 dllhost.exe
468 C:\Users\Shirley\Desktop\MBRCheck.exe
13436 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`25300000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA39D

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 767BA62C9E78D8BC0F91B55FA0F4FADDFE463E62


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!


----------



## jeffce (May 10, 2011)

Hi,

Thanks for those.

Download *Combofix* from the link below, and save it to your desktop. 
*Link*

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 

--------------------------------------------------------------------

Right-Click and Run as Administrator on *ComboFix.exe* & follow the prompts. 
When finished, it will produce a report for you. 
Please post the *C:\ComboFix.txt * for further review.


----------



## decidedlyanxious (Jul 3, 2012)

as attached. Many thanks for your assistance thus far .


----------



## jeffce (May 10, 2011)

Hi,

You are more than welcome. 
---------

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

**If you are using a *64bit system* please use either of the following links for your download instead:
Link 1
Link 2


Right-click and Run as Administrator *SystemLook.exe* to run it.
Copy the content within the following codebox into the main textfield:

```
:dir
c:\users\Shirley\.config /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## decidedlyanxious (Jul 3, 2012)

I'll be leaving for a family trip in 15 mins so won't be able to reply back until tomorrow.

SystemLook 30.07.11 by jpshortstuff
Log created at 11:01 on 04/07/2012 by Shirley
Administrator - Elevation successful

========== dir ==========

c:\users\Shirley\.config - Parameters: "/s"

---Files---
None found.

c:\users\Shirley\.config\qtcurve	d------	[14:28 15/06/2012]

-= EOF =-


----------



## jeffce (May 10, 2011)

Hi,

I see that you have had McAfee on your system before, but now seem to use ESET? If you are no longer using McAfee please uninstall that through Control Panel >> Programs and Features. Then run the following tool to remove anything left of McAfee >> http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe Once that tool is run reboot your system.

Please open *Notepad* (Start -> Run -> type *notepad* in the Open field -> OK) and copy and paste the text present _*inside*_ the code box below:

```
ClearJavaCache::

DDS::
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
```

Save this as *CFScript.txt* and change the *"Save as type"* to *"All Files"* and place it on your desktop.










*Very Important!* Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, *drag CFScript.txt into ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
*When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.*
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------


----------



## decidedlyanxious (Jul 3, 2012)

as attached .


----------



## jeffce (May 10, 2011)

Hi,

Please download *Malwarebytes' Anti-Malware* to your desktop.


Right-click and Run as Administrator *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform quick scan*, then click *Scan* as shown below.










When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

Please run a free online scan with the *ESET Online Scanner*
*Note*_: You will need to use Internet Explorer for this scan_
Tick the box next to *YES, I accept the Terms of Use*
Click *Start*
When asked, allow the ActiveX control to install
Click *Start*
Make sure that the options *Remove found threats* is _NOT_ selected and the option *Scan unwanted applications* is selected.
Click *Scan* (This scan can take several hours, so please be patient)
If there are threats that are found, please press *List of found threats* and then in the next window that opens press *Export to text file...*
Copy and paste/or attach that log as a reply to this topic
**Note** If not threats are found there will not be a log created.
----------

In your next reply please post the logs created by Malwarebytes and ESET.


----------



## decidedlyanxious (Jul 3, 2012)

Apologies for the late reply - below is log for the malwarebytes scan. The Eset online scan found no threats.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shirley :: SHIRLEY-PC [administrator]

5/07/2012 9:33:47 PM
mbam-log-2012-07-05 (21-33-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231646
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## jeffce (May 10, 2011)

No problem with the delay. 

Those look good. How is your system running?


----------



## decidedlyanxious (Jul 3, 2012)

My system has been running fine. I haven't had an instance of the random audio ads playing in the background for two days now but am still worried as to what caused them in the first place.


----------



## Mark1956 (May 7, 2011)

Hi Decidedlyanxious, I am stepping in for Jeffce as he is moving house and off-line for a few days.

It is most likely that one of the detections that Combofix removed was responsible for the random music. Without spending a lot of time investigating the deletions it is difficult to give a full answer to your question. As the sounds have stopped and no detections have been found by any of the other scans performed you can rest assured your system is in no danger.

All we need do now is clean up the tools used and run a quick security check. Please follow the instructions below.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







, type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).









Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).
*Next*

Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).
Please post back when this is complete and let me know if you have had any problems.

I would also like you to run this:

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## decidedlyanxious (Jul 3, 2012)

All done! Many thanks for the help and I'd like to express my gratitude to Jeffce for his time and effort to help me solve my computer issue . Ah and I think I should go update Java and Adobe reader.

Results of screen317's Security Check version 0.99.42 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
ESET NOD32 Antivirus 4.2 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.61.0.1400 
Java(TM) 6 Update 33 
*Java version out of Date!* 
Adobe Reader 9 *Adobe Reader out of Date!* 
*````````Process Check: objlist.exe by Laurent````````* 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

You're welcome.

Please follow these instructions to update Java and Adobe.

*Adobe*
Close any programs you may have running - especially your web browser.
Click on Start







> *Control Panel*, double-click on Programs and Features and uninstall the following Adobe entries:

*Adobe Reader*

*NOTE:* For *XP* click on







> *Control Panel*, double-click on *Add or Remove Programs* and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for *Adobe Reader* as indicated.








You will now see a page similar to this one:








All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for *Windows* Operating Systems and for *Internet Explorer* in *English*. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.
As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of *Windows* to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.
Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

*Java*

*Important Note*: Your version of *Java is out of date.* *Older versions have vulnerabilities that malicious sites can use to exploit and infect your system*.

Microsoft: Unprecedented Wave of Java Exploitation
Drive-by Trojan preying on out-of-date Java installations 
Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:

Download the latest version of *Java Runtime Environment (JRE) Version 7* and save it to your desktop.
Look for *Java Platform, Standard Edition*.
Click the *Download JRE* button to the right.
Read the License Agreement, and then check the box that says: "_Accept License Agreement_".
From the list, select the *Windows(x86) Offline* version.
NOTE: A 64bit version is available for use with 64bit browsers running on a 64bit version of Window's, but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?
Close any programs you may have running - especially your web browser.
Click on







or







> *Control Panel*, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove *all* older versions of Java.

Check (_highlight_) any item with Java, JRE or J2SE in the name.
Click the *Uninstall*, *Remove* or *Change/Remove* button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-7u5-windows-i586.exe* (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
If using *Windows 7* or *Vista* and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the _Java Setup - Welcome_ window opens, click the *Install >* button.
If offered to install a Toolbar, just *uncheck* the box before continuing unless you want it.
The McAfee Security Scan Plus tool is _installed by default_ unless you *uncheck* the McAfee installation box when updating Java.
_-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. When an update is installed always make sure the previous version is uninstalled._
Note: The *Java Quick Starter (JQS.exe)* adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To *disable the JQS service* if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and *uncheck* the box for *Java Quick Starter*.
Click Ok and reboot your computer.


----------



## Mark1956 (May 7, 2011)

I am now marking this thread as solved.

If you have any remaining questions please post back.


----------

