Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Somethings Wrong

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Somethings Wrong

Unread postby macanoodough » April 4th, 2012, 3:13 am

Ever since my niece was on clubpenguin 2 weeks ago AVG toolbar keeps adding itself to my browser and AVG also keeps trying to make itself my homepage. I also can't watch youtube videos without it pausing every 2 seconds and 12mb downloads take 15 minutes where they used to be 5 seconds. It has been getting worse every day.
I tried what I know, but I don't know much and it helps for a day or 2, then gets worse all over again.

Thank You in advance for taking the time to help.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Nicholas at 0:08:21 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.1913 [GMT -7:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GameTracker\GSInGameService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/?ilc=1
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Quixley_v3b Toolbar: {e556aea1-20ae-459a-b3ac-ddd35fb19efa} - C:\Program Files (x86)\Quixley_v3b\prxtbQuix.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: SocialRibbons: {4be60886-f6aa-4714-8109-ea6d8247dd57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Quixley_v3b Toolbar: {e556aea1-20ae-459a-b3ac-ddd35fb19efa} - C:\Program Files (x86)\Quixley_v3b\prxtbQuix.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Quixley_v3b Toolbar: {e556aea1-20ae-459a-b3ac-ddd35fb19efa} - C:\Program Files (x86)\Quixley_v3b\prxtbQuix.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer =
TCP: Interfaces\{0D308F20-8C82-4087-B68C-0186D2B71745} : DhcpNameServer =
TCP: Interfaces\{A2773ACB-A185-4942-BC1D-8A446AF845F6} : DhcpNameServer =
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: SocialRibbons: {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Quixley_v3b Toolbar: {e556aea1-20ae-459a-b3ac-ddd35fb19efa} - C:\Program Files (x86)\Quixley_v3b\prxtbQuix.dll
BHO-X64: Quixley_v3b - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Quixley_v3b Toolbar: {e556aea1-20ae-459a-b3ac-ddd35fb19efa} - C:\Program Files (x86)\Quixley_v3b\prxtbQuix.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\pqjiv3vf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\pqjiv3vf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\pqjiv3vf.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\pqjiv3vf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\pqjiv3vf.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\pqjiv3vf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Nicholas\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.proxy.type - 0
============= SERVICES / DRIVERS ===============
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2010-7-4 1648480]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2011-12-5 266240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys --> C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [?]
R3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys --> C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [?]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;C:\Windows\system32\DRIVERS\MSILiveVirtualCamera.sys --> C:\Windows\system32\DRIVERS\MSILiveVirtualCamera.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-11 401920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2011-12-5 960992]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
=============== Created Last 30 ================
2012-04-04 05:49:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E90A04B-F66C-41D5-946E-95A68FF3CC01}\offreg.dll
2012-04-03 06:56:24 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 20:45:55 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E90A04B-F66C-41D5-946E-95A68FF3CC01}\mpengine.dll
2012-04-02 20:45:39 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 20:45:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 20:45:38 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 20:41:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-02 20:41:02 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-02 20:41:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-02 20:41:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-02 20:41:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-02 20:41:00 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-02 20:41:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-02 20:41:00 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-02 20:41:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-02 20:41:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-02 05:31:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-20 18:02:31 -------- d-----w- C:\Users\Nicholas\AppData\Local\Chromium
2012-03-20 18:01:23 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-03-11 07:49:38 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-03-11 07:34:41 -------- d-----w- C:\Program Files\LucasArts
2012-03-10 08:26:41 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2012-03-10 08:26:41 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-03-10 08:26:41 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2012-03-10 08:26:41 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-03-10 08:26:40 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-03-10 08:26:40 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-03-09 23:40:09 -------- d-----w- C:\Program Files (x86)\Hothouse Creations
2012-03-09 23:39:42 315904 ----a-w- C:\Windows\IsUninst.exe
2012-03-09 22:13:38 -------- d-----w- C:\ProgramData\AMD
2012-03-09 22:13:37 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-09 22:13:35 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-06 01:42:46 -------- d-----w- C:\Users\Nicholas\AppData\Local\GameTuts
==================== Find3M ====================
2012-04-03 06:56:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 06:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 06:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 06:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 06:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 06:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 06:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 06:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-01-31 14:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 14:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-16 02:25:49 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-16 02:25:49 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-16 02:25:34 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-15 17:26:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-01-15 17:26:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
============= FINISH: 0:08:45.13 ===============

DDS (Ver_2011-08-26.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2010 4:54:28 PM
System Uptime: 4/3/2012 10:15:02 PM (2 hours ago)
Motherboard: MSI | | MSI X58M (MS-7593)
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 931 GiB total, 719.258 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (FAT32) - 373 GiB total, 248.987 GiB free.
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP302: 4/3/2012 10:38:23 PM - Removed Ventrilo Client
RP303: 4/4/2012 12:03:16 AM - Removed Microsoft Office Enterprise 2007
==== Installed Programs ======================
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Amazon Games & Software Downloader
Any Video Converter Professional 3.0.7
Apple Application Support
Apple Software Update
Application Profiles
ATI Catalyst Registration
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 3™
Battlefield Play4Free
Bing Bar
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Blazing Angels Squadrons of WWII
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ESN Sonar
GameSpy Arcade
GameTracker Lite
GOM Encoder
GOM Player
Google Chrome
Google Earth Plug-in
Google Update Helper
ImTOO DVD Audio Ripper 6
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 30
JMicron JMB36X Driver
Junk Mail filter update
L.A. Noire
Magic Online
Magic: The Gathering - Duels of the Planeswalkers
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes' Anti-Malware version
Mesh Runtime
Messenger Companion
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office Outlook Connector
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MLB® Front Office Manager
Mobile Broadband Generic Drivers
Mozilla Firefox 6.0.2 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSI Q-Face
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Netflix in Windows Media Center
NETGEAR WNA1100 N150 Wireless USB Adapter
Nexon Game Manager
OpenOffice.org 3.1
Pando Media Booster
PC Wizard 2010.1.94
Plato DVD to MP3 Ripper 7.85
Portal: First Slice
Private Proxy
PunkBuster Services
Quixley_v3b Toolbar
Railroad Tycoon 3
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rockstar Games Social Club
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setup Support for Weatherbug 1.0
Sid Meier's Pirates!
Skype Click to Call
Skype™ 5.6
Sports Connection
Star Wars: The Old Republic
Star Wars®: Knights of the Old Republic (TM)
SteelSeries Ikari Optical
System - Driver - System update
TeamSpeak 3 Client
The Lord of the Rings FREE Trial
Tropico 4
Ubisoft Game Launcher
Ultra Audio Ripper 2.0
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
V CAST Music with Rhapsody
Verizon Wireless USB720-V740 Firmware Updates
Verizon Wireless USB727 Firmware Updates
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
Xfire (remove only)
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8
==== Event Viewer Messages From Past Week ========
4/3/2012 9:28:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
4/3/2012 9:04:02 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR9.
4/3/2012 11:29:19 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
4/3/2012 10:15:17 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
4/2/2012 7:28:58 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
==== End Of File ===========================
Active Member
Posts: 3
Joined: April 4th, 2012, 2:42 am
Register to Remove

Re: Somethings Wrong

Unread postby torreattack » April 5th, 2012, 7:19 am

Checking your logs, will reply soon.
Retired Graduate
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Somethings Wrong

Unread postby torreattack » April 6th, 2012, 9:42 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hi macanoodoughand welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

I will return, as soon as possible, with additional instructions.

Thank you for your patience.
Retired Graduate
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Somethings Wrong

Unread postby macanoodough » April 6th, 2012, 2:25 pm

Understood. I already tried what I know, CCleaner, Malwarebytes, Defrag, all after I uninstalled anything dl'ed since the pc was acting funny (which wasn't much) and avg toolbar.
Then I followed the instructions here and ran those 2 programs and posted the logs, I haven't ran anything else except for today, I ran adobe flash cause it said I didn't have it, but I've always had it, so I guess that maybe a symptom as well. Anything I need I have on an external, so if I reformat, so be it. I came here to try to avoid that, but I am fully aware that may be our only recourse.

And I am running Windows 7 64 bit. (should probably have said that in my OP)
Active Member
Posts: 3
Joined: April 4th, 2012, 2:42 am

Re: Somethings Wrong

Unread postby macanoodough » April 6th, 2012, 8:37 pm

Sorry to waste your time, but I just reformatted.
I thank you, but I just can't wait days for help. No sarcasm, I know the service you guys provide is a great one, and if there was any chance of fixing this without the windows reformat, you'd have done it. I just figured "why wait if there's a possibility I'd have to reformat anyways". So I decided to do it now while I'm off.

Thanks anyway, and sorry for making you go through the logs for nothing.
Active Member
Posts: 3
Joined: April 4th, 2012, 2:42 am

Re: Somethings Wrong

Unread postby Cypher » April 7th, 2012, 5:59 am

As your problems appear to be resolved following a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Posts: 14936
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware