morphy201180
Posts: 79 +0
Hi,
I hope you can help.
I recently updated my chrome browser and ended up with trovi search engine and numerous tabs opening with search conduit home page. It has impossible to get rid of. I am now unable to connect to the internet as my service provider has blocked access due to infected browser.
I'm not sure if the problem is related but since the trouble with the browser I am getting error messages saying that my laptop is low on system memory which I never had before.
My Avast anti virus hasn't detected anything neither has malwarebytes. Please see logs below:-
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 20/02/2015
Scan Time: 14:07:58
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.20.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Max Joyner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335396
Time Elapsed: 20 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Max Joyner at 14:40:25 on 2015-02-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.392 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
E:\Program Files\AVAST Software\Avast\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\AVAST Software\Avast\AvastUI.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\wbem\unsecapp.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\igfxsrvc.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Google\Drive\googledrivesync.exe
E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe
E:\Program Files\Google\Drive\googledrivesync.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\notepad.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\svchost.exe -k DcomLaunch
E:\WINDOWS\system32\svchost.exe -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - e:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [GoogleDriveSync] "e:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F] "e:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [AvastUI.exe] "e:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - e:\program files\realtek\8187se wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &D&ownload &with BitComet - e:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - e:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - e:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - e:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{57FBBE6F-4CCC-4FA9-85D9-9E6E9AAF98FE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FEC4CE48-E0A9-4DDA-BC74-64DA40C950E7} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "e:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [2014-7-30 49944]
R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [2014-7-30 206248]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [2014-7-30 787800]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [2014-7-30 423784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2014-7-30 243128]
R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [2014-7-30 24184]
R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2014-7-30 70384]
R2 avast! Antivirus;avast! Antivirus;e:\program files\avast software\avast\AvastSvc.exe [2014-7-30 50344]
R2 HTCMonitorService;HTCMonitorService;e:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-6-27 87368]
R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [2014-9-12 216280]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [2014-9-12 34224]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2014-9-12 1691480]
S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [2015-1-24 24576]
S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2013-10-17 21248]
S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [2014-9-29 103424]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="e:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2015-02-19 23:56:49 98816 ----a-w- e:\windows\sed.exe
2015-02-19 23:56:49 256000 ----a-w- e:\windows\PEV.exe
2015-02-19 23:56:49 208896 ----a-w- e:\windows\MBR.exe
2015-02-19 13:01:19 -------- d-----w- e:\documents and settings\max joyner\local settings\application data\WMTools Downloaded Files
2015-02-18 17:28:35 306176 ----a-w- e:\windows\system32\drivers\rtl8187Se.sys
2015-02-18 17:28:34 306176 ----a-w- e:\windows\system\rtl8187Se.sys
2015-02-18 17:26:22 172032 ----a-w- e:\windows\system32\igfxres.dll
2015-02-16 13:23:38 -------- d-----w- E:\AdwCleaner
2015-02-07 14:17:30 -------- d--h--w- e:\windows\PIF
2015-01-24 14:24:22 24576 ----a-w- e:\windows\system32\drivers\ANDROIDUSB.sys
2015-01-24 14:23:58 -------- d-----w- e:\program files\Spirent Communications
.
==================== Find3M ====================
.
2015-02-20 14:07:48 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-19 13:49:58 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
2015-02-19 13:47:56 108632 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2015-02-16 12:58:48 290304 ----a-w- e:\windows\system32\subinacl.exe
2015-02-05 15:04:34 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-02-05 15:04:33 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 23:28:15 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
2013-02-07 12:22:00 50330 ----a-w- e:\program files\AntiDust.exe
.
============= FINISH: 14:41:52.45 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/07/2014 14:16:31
System Uptime: 20/02/2015 01:01:51 (13 hours ago)
.
Motherboard: DIXONSXP | | DIXONSXP
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 0 GiB total, 0.026 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 215.666 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 54.098 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Description: USB Device
Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Service:
.
==== System Restore Points ===================
.
RP159: 13/12/2014 23:38:41 - Techspot Clean December 2014
RP160: 13/12/2014 23:38:41 - System Checkpoint
RP161: 13/12/2014 23:38:42 - Installed Sophos Virus Removal Tool.
RP162: 13/12/2014 23:38:48 - End of disinfection
RP163: 13/12/2014 23:45:00 - Revo Uninstaller's restore point - Cooking Quest
RP164: 13/12/2014 23:48:16 - Revo Uninstaller's restore point - Amazing Finds 1.00
RP165: 13/12/2014 23:49:45 - Revo Uninstaller's restore point - Righteous Kill
RP167: 13/12/2014 23:54:00 - Revo Uninstaller's restore point - Herods Lost Tomb
RP168: 13/12/2014 23:57:49 - Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
RP169: 14/12/2014 00:06:32 - Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
RP170: 14/12/2014 00:09:32 - Revo Uninstaller's restore point - Redrum Dead Diary
RP171: 14/12/2014 00:11:16 - Revo Uninstaller's restore point - Sophos Virus Removal Tool
RP172: 14/12/2014 13:45:13 - Revo Uninstaller's restore point - HTC Sync Manager
RP173: 14/12/2014 13:46:53 - Removed HTC Sync Manager.
RP174: 14/12/2014 13:57:29 - Installed HTC Sync Manager.
RP175: 14/12/2014 14:00:41 - Unsigned driver install
RP176: 15/12/2014 23:12:24 - System Checkpoint
RP177: 20/12/2014 16:54:11 - System Checkpoint
RP178: 25/12/2014 12:29:17 - System Checkpoint
RP179: 26/12/2014 12:50:34 - System Checkpoint
RP180: 28/12/2014 19:36:43 - System Checkpoint
RP181: 30/12/2014 11:01:58 - System Checkpoint
RP182: 01/01/2015 14:24:38 - System Checkpoint
RP183: 02/01/2015 20:26:50 - System Checkpoint
RP184: 03/01/2015 22:04:57 - System Checkpoint
RP185: 05/01/2015 11:13:15 - System Checkpoint
RP186: 06/01/2015 11:47:20 - System Checkpoint
RP187: 07/01/2015 12:04:40 - System Checkpoint
RP188: 08/01/2015 12:59:38 - System Checkpoint
RP189: 09/01/2015 13:57:12 - System Checkpoint
RP190: 10/01/2015 14:39:33 - System Checkpoint
RP191: 11/01/2015 15:32:11 - System Checkpoint
RP192: 12/01/2015 15:58:23 - System Checkpoint
RP193: 13/01/2015 16:58:23 - System Checkpoint
RP194: 14/01/2015 19:33:35 - Software Distribution Service 3.0
RP195: 14/01/2015 21:19:30 - System Checkpoint
RP196: 15/01/2015 21:51:38 - System Checkpoint
RP197: 17/01/2015 02:12:14 - System Checkpoint
RP198: 18/01/2015 02:50:46 - System Checkpoint
RP199: 19/01/2015 03:14:33 - System Checkpoint
RP200: 20/01/2015 12:21:16 - System Checkpoint
RP201: 21/01/2015 22:33:18 - System Checkpoint
RP202: 23/01/2015 02:57:38 - System Checkpoint
RP203: 24/01/2015 03:37:02 - System Checkpoint
RP204: 25/01/2015 03:54:26 - System Checkpoint
RP205: 27/01/2015 03:48:12 - System Checkpoint
RP206: 28/01/2015 19:09:16 - System Checkpoint
RP207: 31/01/2015 03:38:38 - System Checkpoint
RP208: 01/02/2015 08:44:57 - System Checkpoint
RP209: 01/02/2015 14:59:06 - System Checkpoint
RP210: 02/02/2015 15:46:33 - System Checkpoint
RP211: 03/02/2015 16:11:06 - System Checkpoint
RP212: 04/02/2015 16:35:17 - System Checkpoint
RP213: 05/02/2015 18:39:36 - System Checkpoint
RP214: 06/02/2015 19:09:03 - System Checkpoint
RP215: 07/02/2015 19:20:26 - System Checkpoint
RP216: 08/02/2015 20:15:39 - System Checkpoint
RP217: 09/02/2015 20:51:54 - System Checkpoint
RP218: 10/02/2015 12:05:45 - Software Distribution Service 3.0
RP219: 10/02/2015 12:26:51 - Software Distribution Service 3.0
RP220: 11/02/2015 05:31:47 - Software Distribution Service 3.0
RP221: 12/02/2015 03:00:24 - Software Distribution Service 3.0
RP222: 12/02/2015 16:52:47 - Software Distribution Service 3.0
RP223: 14/02/2015 03:33:58 - System Checkpoint
RP224: 15/02/2015 18:00:30 - System Checkpoint
RP225: 16/02/2015 13:36:25 - Revo Uninstaller's restore point - Google Chrome
RP226: 17/02/2015 16:12:58 - System Checkpoint
RP227: 18/02/2015 17:08:49 - Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
RP228: 18/02/2015 17:28:23 - Installed REALTEK RTL8187SE Wireless LAN Driver
RP229: 18/02/2015 17:36:40 - Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
RP230: 19/02/2015 14:07:21 - mbam
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.08)
Avast Free Antivirus
BitComet 1.37
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Free YouTube to MP3 Converter version 3.12.35.514
Google Chrome
I hope you can help.
I recently updated my chrome browser and ended up with trovi search engine and numerous tabs opening with search conduit home page. It has impossible to get rid of. I am now unable to connect to the internet as my service provider has blocked access due to infected browser.
I'm not sure if the problem is related but since the trouble with the browser I am getting error messages saying that my laptop is low on system memory which I never had before.
My Avast anti virus hasn't detected anything neither has malwarebytes. Please see logs below:-
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 20/02/2015
Scan Time: 14:07:58
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.20.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Max Joyner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335396
Time Elapsed: 20 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Max Joyner at 14:40:25 on 2015-02-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.392 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
E:\Program Files\AVAST Software\Avast\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\AVAST Software\Avast\AvastUI.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\wbem\unsecapp.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\igfxsrvc.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Google\Drive\googledrivesync.exe
E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe
E:\Program Files\Google\Drive\googledrivesync.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\notepad.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\svchost.exe -k DcomLaunch
E:\WINDOWS\system32\svchost.exe -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - e:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [GoogleDriveSync] "e:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F] "e:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [AvastUI.exe] "e:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - e:\program files\realtek\8187se wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &D&ownload &with BitComet - e:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - e:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - e:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - e:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{57FBBE6F-4CCC-4FA9-85D9-9E6E9AAF98FE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FEC4CE48-E0A9-4DDA-BC74-64DA40C950E7} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "e:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [2014-7-30 49944]
R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [2014-7-30 206248]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [2014-7-30 787800]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [2014-7-30 423784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2014-7-30 243128]
R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [2014-7-30 24184]
R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2014-7-30 70384]
R2 avast! Antivirus;avast! Antivirus;e:\program files\avast software\avast\AvastSvc.exe [2014-7-30 50344]
R2 HTCMonitorService;HTCMonitorService;e:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-6-27 87368]
R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [2014-9-12 216280]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [2014-9-12 34224]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2014-9-12 1691480]
S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [2015-1-24 24576]
S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2013-10-17 21248]
S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [2014-9-29 103424]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="e:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2015-02-19 23:56:49 98816 ----a-w- e:\windows\sed.exe
2015-02-19 23:56:49 256000 ----a-w- e:\windows\PEV.exe
2015-02-19 23:56:49 208896 ----a-w- e:\windows\MBR.exe
2015-02-19 13:01:19 -------- d-----w- e:\documents and settings\max joyner\local settings\application data\WMTools Downloaded Files
2015-02-18 17:28:35 306176 ----a-w- e:\windows\system32\drivers\rtl8187Se.sys
2015-02-18 17:28:34 306176 ----a-w- e:\windows\system\rtl8187Se.sys
2015-02-18 17:26:22 172032 ----a-w- e:\windows\system32\igfxres.dll
2015-02-16 13:23:38 -------- d-----w- E:\AdwCleaner
2015-02-07 14:17:30 -------- d--h--w- e:\windows\PIF
2015-01-24 14:24:22 24576 ----a-w- e:\windows\system32\drivers\ANDROIDUSB.sys
2015-01-24 14:23:58 -------- d-----w- e:\program files\Spirent Communications
.
==================== Find3M ====================
.
2015-02-20 14:07:48 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-19 13:49:58 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
2015-02-19 13:47:56 108632 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2015-02-16 12:58:48 290304 ----a-w- e:\windows\system32\subinacl.exe
2015-02-05 15:04:34 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-02-05 15:04:33 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 23:28:15 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
2013-02-07 12:22:00 50330 ----a-w- e:\program files\AntiDust.exe
.
============= FINISH: 14:41:52.45 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/07/2014 14:16:31
System Uptime: 20/02/2015 01:01:51 (13 hours ago)
.
Motherboard: DIXONSXP | | DIXONSXP
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 0 GiB total, 0.026 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 215.666 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 54.098 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Description: USB Device
Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Service:
.
==== System Restore Points ===================
.
RP159: 13/12/2014 23:38:41 - Techspot Clean December 2014
RP160: 13/12/2014 23:38:41 - System Checkpoint
RP161: 13/12/2014 23:38:42 - Installed Sophos Virus Removal Tool.
RP162: 13/12/2014 23:38:48 - End of disinfection
RP163: 13/12/2014 23:45:00 - Revo Uninstaller's restore point - Cooking Quest
RP164: 13/12/2014 23:48:16 - Revo Uninstaller's restore point - Amazing Finds 1.00
RP165: 13/12/2014 23:49:45 - Revo Uninstaller's restore point - Righteous Kill
RP167: 13/12/2014 23:54:00 - Revo Uninstaller's restore point - Herods Lost Tomb
RP168: 13/12/2014 23:57:49 - Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
RP169: 14/12/2014 00:06:32 - Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
RP170: 14/12/2014 00:09:32 - Revo Uninstaller's restore point - Redrum Dead Diary
RP171: 14/12/2014 00:11:16 - Revo Uninstaller's restore point - Sophos Virus Removal Tool
RP172: 14/12/2014 13:45:13 - Revo Uninstaller's restore point - HTC Sync Manager
RP173: 14/12/2014 13:46:53 - Removed HTC Sync Manager.
RP174: 14/12/2014 13:57:29 - Installed HTC Sync Manager.
RP175: 14/12/2014 14:00:41 - Unsigned driver install
RP176: 15/12/2014 23:12:24 - System Checkpoint
RP177: 20/12/2014 16:54:11 - System Checkpoint
RP178: 25/12/2014 12:29:17 - System Checkpoint
RP179: 26/12/2014 12:50:34 - System Checkpoint
RP180: 28/12/2014 19:36:43 - System Checkpoint
RP181: 30/12/2014 11:01:58 - System Checkpoint
RP182: 01/01/2015 14:24:38 - System Checkpoint
RP183: 02/01/2015 20:26:50 - System Checkpoint
RP184: 03/01/2015 22:04:57 - System Checkpoint
RP185: 05/01/2015 11:13:15 - System Checkpoint
RP186: 06/01/2015 11:47:20 - System Checkpoint
RP187: 07/01/2015 12:04:40 - System Checkpoint
RP188: 08/01/2015 12:59:38 - System Checkpoint
RP189: 09/01/2015 13:57:12 - System Checkpoint
RP190: 10/01/2015 14:39:33 - System Checkpoint
RP191: 11/01/2015 15:32:11 - System Checkpoint
RP192: 12/01/2015 15:58:23 - System Checkpoint
RP193: 13/01/2015 16:58:23 - System Checkpoint
RP194: 14/01/2015 19:33:35 - Software Distribution Service 3.0
RP195: 14/01/2015 21:19:30 - System Checkpoint
RP196: 15/01/2015 21:51:38 - System Checkpoint
RP197: 17/01/2015 02:12:14 - System Checkpoint
RP198: 18/01/2015 02:50:46 - System Checkpoint
RP199: 19/01/2015 03:14:33 - System Checkpoint
RP200: 20/01/2015 12:21:16 - System Checkpoint
RP201: 21/01/2015 22:33:18 - System Checkpoint
RP202: 23/01/2015 02:57:38 - System Checkpoint
RP203: 24/01/2015 03:37:02 - System Checkpoint
RP204: 25/01/2015 03:54:26 - System Checkpoint
RP205: 27/01/2015 03:48:12 - System Checkpoint
RP206: 28/01/2015 19:09:16 - System Checkpoint
RP207: 31/01/2015 03:38:38 - System Checkpoint
RP208: 01/02/2015 08:44:57 - System Checkpoint
RP209: 01/02/2015 14:59:06 - System Checkpoint
RP210: 02/02/2015 15:46:33 - System Checkpoint
RP211: 03/02/2015 16:11:06 - System Checkpoint
RP212: 04/02/2015 16:35:17 - System Checkpoint
RP213: 05/02/2015 18:39:36 - System Checkpoint
RP214: 06/02/2015 19:09:03 - System Checkpoint
RP215: 07/02/2015 19:20:26 - System Checkpoint
RP216: 08/02/2015 20:15:39 - System Checkpoint
RP217: 09/02/2015 20:51:54 - System Checkpoint
RP218: 10/02/2015 12:05:45 - Software Distribution Service 3.0
RP219: 10/02/2015 12:26:51 - Software Distribution Service 3.0
RP220: 11/02/2015 05:31:47 - Software Distribution Service 3.0
RP221: 12/02/2015 03:00:24 - Software Distribution Service 3.0
RP222: 12/02/2015 16:52:47 - Software Distribution Service 3.0
RP223: 14/02/2015 03:33:58 - System Checkpoint
RP224: 15/02/2015 18:00:30 - System Checkpoint
RP225: 16/02/2015 13:36:25 - Revo Uninstaller's restore point - Google Chrome
RP226: 17/02/2015 16:12:58 - System Checkpoint
RP227: 18/02/2015 17:08:49 - Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
RP228: 18/02/2015 17:28:23 - Installed REALTEK RTL8187SE Wireless LAN Driver
RP229: 18/02/2015 17:36:40 - Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
RP230: 19/02/2015 14:07:21 - mbam
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.08)
Avast Free Antivirus
BitComet 1.37
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Free YouTube to MP3 Converter version 3.12.35.514
Google Chrome