Jump to content

Styffydawg

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral

About Styffydawg

  • Birthday 12/30/1984
  1. Frolocking in my perfect world of rainbows and unicorns where there is no malware to ruin it >=[

  2. Merged Post Hey guys, I've been reading up on other user's posts on this forum with similar issues and have as yet to be able to fix the problems myself. I've scanned (individually), using three programs, AVG, Webroot, and now Malwarebytes. They've picked up multiple things and quarentined/cleaned items. TDSSKiller picked up some nasty stuff and took care of that but I'm still having google redirect me to some random search engine ad site. None of the programs are picking anything up, however, overnight spysweeper picked up a trojan that had downloaded itself to my machine. So I KNOW there is a dropkit somewhere on my computer. Here are my dds.txt logs and attach.txt logs. Thank you for your help this is a great forum and software and I truly appreciate the assistance you guys provide! ***************** DDS ***************** . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by black dawg at 11:41:25 on 2012-04-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6021 [GMT -5:00] . AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe C:\Windows\AsScrPro.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [steam] "C:\Games\Steam\steam.exe" -silent mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe StartupFolder: C:\Users\BLACKD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisableLocalMachineRun = 0 (0x0) uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) uPolicies-explorer: DisableCurrentUserRun = 0 (0x0) uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) uPolicies-explorer: NoFile = 0 (0x0) uPolicies-explorer: HideClock = 0 (0x0) uPolicies-explorer: NoDevMgrUpdate = 0 (0x0) uPolicies-explorer: NoDFSTab = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) uPolicies-explorer: NoEncryptOnMove = 0 (0x0) uPolicies-explorer: NoResolveTrack = 0 (0x0) uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-explorer: DisableLocalMachineRun = 0 (0x0) mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) mPolicies-explorer: DisableCurrentUserRun = 0 (0x0) mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) mPolicies-explorer: NoFile = 0 (0x0) mPolicies-explorer: HideClock = 0 (0x0) mPolicies-explorer: NoDevMgrUpdate = 0 (0x0) mPolicies-explorer: NoDFSTab = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoEncryptOnMove = 0 (0x0) mPolicies-explorer: NoResolveTrack = 0 (0x0) mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: NoDispAppearancePage = 0 (0x0) mPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: NoViewOnDrive = 0 (0x0) dPolicies-explorer: DisableLocalMachineRun = 0 (0x0) dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) dPolicies-explorer: DisableCurrentUserRun = 0 (0x0) dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) dPolicies-explorer: NoFile = 0 (0x0) dPolicies-explorer: HideClock = 0 (0x0) dPolicies-explorer: NoDevMgrUpdate = 0 (0x0) dPolicies-explorer: NoDFSTab = 0 (0x0) dPolicies-explorer: NoWindowsUpdate = 0 (0x0) dPolicies-explorer: NoEncryptOnMove = 0 (0x0) dPolicies-explorer: NoResolveTrack = 0 (0x0) dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) dPolicies-system: NoDispAppearancePage = 0 (0x0) dPolicies-system: NoDispSettingsPage = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C620029B-87B9-4154-AD97-264D9258978C} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\15340214962707F6274702455627D696E616C602055726C696360275966496 : DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\5487563657479667560294E6E602D4F6277616E6028496C6C6027457563747 : DhcpNameServer = 71.9.127.107 68.190.192.35 TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\83637353330393 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\96E6E666C65787 : DhcpNameServer = 10.59.1.1 TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\E4544574541425 : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll BHO-X64: TmBpIeBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\black dawg\AppData\Roaming\Mozilla\Firefox\Profiles\syc5oob3.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Users\black dawg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\system32\npmproxy.dll FF - plugin: C:\Windows\system32\npOGPPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-1 2655768] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576] S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-4-3 660504] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S4 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-3-1 267480] S4 CDScheduler;CyberDefender Scheduling Service;C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe [2012-1-20 1002616] S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-1 79360] S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-1 79360] S4 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe [2012-3-4 609144] S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Games\Global Agenda\HiPatchService.exe [2011-4-21 8704] S4 SmoothPingProxy;SmoothPingProxy;C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe [2011-4-7 2007040] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S4 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488] S4 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312] S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-04-04 04:15:42 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-03 22:47:55 -------- d-----w- C:\Users\black dawg\AppData\Roaming\Malwarebytes 2012-04-03 22:47:46 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-03 22:47:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-03 22:47:44 -------- d-----w- C:\Malwarebytes' Anti-Malware 2012-04-03 22:40:04 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-04-03 22:26:08 98160 ----a-w- C:\Windows\System32\WRusr.dll 2012-04-03 22:26:08 146040 ----a-w- C:\Windows\SysWow64\WRusr.dll 2012-04-03 22:26:08 112104 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2012-04-03 22:26:05 -------- d-----w- C:\Program Files\Webroot 2012-04-03 22:26:04 -------- d-----w- C:\ProgramData\WRData 2012-04-03 21:00:00 -------- d--h--w- C:\$AVG 2012-04-03 20:59:56 -------- d-----w- C:\Users\black dawg\AppData\Roaming\AVG2012 2012-04-03 20:58:34 -------- d-----w- C:\ProgramData\AVG2012 2012-04-03 17:35:04 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B491.tmp 2012-04-03 17:35:04 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B490.tmp 2012-04-03 16:22:10 -------- d-----w- C:\Users\black dawg\AppData\Local\{7B2CDF99-4A89-4FAC-BA08-CF617FDD50F3} 2012-04-03 03:32:51 -------- d-----w- C:\Users\black dawg\AppData\Local\{B8B232E3-2EE2-4355-BFBC-711AB653FA18} 2012-04-02 13:48:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{716AFDB2-C5E0-496E-BA2D-231E9A2669B6} 2012-03-31 17:21:47 -------- d-----w- C:\Users\black dawg\AppData\Local\{90344A53-9E0F-45DE-B77C-27425098F40D} 2012-03-30 21:14:36 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-03-30 21:14:35 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-03-30 21:14:34 835440 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2012-03-30 19:02:11 -------- d-----w- C:\Users\black dawg\AppData\Local\{52B8F9C3-D0B1-46D6-AD81-008972951181} 2012-03-30 04:21:11 -------- d-----w- C:\Users\black dawg\AppData\Local\{EBA1AFE2-C73E-48BA-9072-E22BADD9D768} 2012-03-29 18:31:19 -------- d-----w- C:\Program Files\iTunes 2012-03-29 18:31:19 -------- d-----w- C:\Program Files\iPod 2012-03-29 18:29:39 -------- d-----w- C:\Program Files\Bonjour 2012-03-29 18:29:39 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-03-29 18:03:10 -------- d-----w- C:\Program Files (x86)\iTunes 2012-03-29 18:01:05 -------- d-----w- C:\MATS 2012-03-27 20:17:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{D8B8467F-D3F1-4EDF-9381-707C7442F0D2} 2012-03-27 20:17:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{591C8156-7448-4F5E-981E-A85C07267700} 2012-03-27 11:57:52 -------- d-----w- C:\ProgramData\xml_param 2012-03-27 09:25:06 -------- d-----w- C:\Users\black dawg\AppData\Local\dxhr 2012-03-27 01:37:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{C1B27AD2-A948-4E25-9D4A-0C4C5A85568A} 2012-03-27 01:37:05 -------- d-----w- C:\Users\black dawg\AppData\Local\{9B57B336-ECA0-48AF-962B-1A359EC319B2} 2012-03-26 12:13:26 -------- d-----w- C:\Users\black dawg\AppData\Local\28050 2012-03-26 03:45:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{7DCFDB93-7B8D-4B21-8674-38D5A34980E2} 2012-03-26 03:45:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{2AB7210C-44ED-4D98-A09F-DD7CA003B9C9} 2012-03-25 02:50:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{FAA67F85-BD76-4963-BAC4-11AE2678B19A} 2012-03-23 03:06:32 -------- d-----w- C:\Users\black dawg\AppData\Local\{219DA980-0829-4AC6-B0DF-11BC92901284} 2012-03-23 03:06:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{EF12C2D8-DA86-4171-87FD-7482192E4E37} 2012-03-21 12:27:55 -------- d-----w- C:\Users\black dawg\AppData\Roaming\Wondershare Video Converter Ultimate 2012-03-21 12:15:28 -------- d-----w- C:\Users\black dawg\AppData\Local\Wondershare 2012-03-21 12:15:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare 2012-03-21 12:15:24 892928 ----a-w- C:\Windows\SysWow64\iconv.dll 2012-03-21 12:15:24 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax 2012-03-21 12:15:22 -------- d-----w- C:\Video Converter Ultimate 2012-03-20 01:31:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{53FB9F95-4D71-41BC-8816-3DDE513446D9} 2012-03-20 01:31:30 -------- d-----w- C:\Users\black dawg\AppData\Local\{43C77E3D-E7ED-42F3-A83E-50C31DA48BC1} 2012-03-19 11:37:24 -------- d-----w- C:\Users\black dawg\AppData\Local\{F92E8A7A-8DFA-47D4-94C5-3361E2B550B0} 2012-03-19 11:37:23 -------- d-----w- C:\Users\black dawg\AppData\Local\{4C909D27-066E-4EDC-AB00-25C86443BD97} 2012-03-19 04:27:58 -------- d-----w- C:\Users\black dawg\AppData\Local\Ubisoft Game Launcher 2012-03-18 21:59:30 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2012-03-18 21:55:28 -------- d-----w- C:\Program Files (x86)\Warner Bros 2012-03-18 19:35:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{96903A88-6185-4F68-9D29-5BA302C14E89} 2012-03-18 19:35:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{3696BFA5-3FDA-47AC-BC2F-C73DEC440EFB} 2012-03-18 02:23:56 -------- d-----w- C:\Users\black dawg\AppData\Local\{14AA5D3E-5C81-4226-8544-A7C82C3A4530} 2012-03-18 02:23:55 -------- d-----w- C:\Users\black dawg\AppData\Local\{BC5633C3-E00F-4E14-907A-222DFC1CBDBA} 2012-03-17 01:06:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{4B7C7108-B7C9-4AE8-9E54-69C8FCD9E76C} 2012-03-17 01:06:05 -------- d-----w- C:\Users\black dawg\AppData\Local\{032E0F9C-AD95-4EF9-A33A-31CD4D26EA90} 2012-03-15 22:58:09 -------- d-----w- C:\Users\black dawg\AppData\Local\{90BA45E7-07C3-4ACC-8F33-F965EC17996D} 2012-03-15 08:03:23 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-15 08:03:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-15 08:03:23 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-15 03:11:30 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-15 03:11:29 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-15 03:11:29 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-15 03:10:40 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-15 03:10:40 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-15 03:10:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-15 03:10:40 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-15 03:10:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-15 03:10:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-15 03:10:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-15 00:39:42 -------- d-----w- C:\Users\black dawg\AppData\Local\{534AE99D-B9BC-4A13-9D0C-E29B90329B38} 2012-03-15 00:39:20 -------- d-----w- C:\Users\black dawg\AppData\Local\{FF2F1E49-8D54-4C63-9A23-EAB4C2E6E415} 2012-03-14 03:22:59 -------- d-----w- C:\ProgramData\Electronic Arts 2012-03-14 03:22:59 -------- d-----w- C:\ProgramData\EA Core 2012-03-13 16:02:28 -------- d-----w- C:\Users\black dawg\AppData\Local\{B8ACAF5A-33A5-49DC-B905-98C0186C624B} 2012-03-13 16:02:18 -------- d-----w- C:\Users\black dawg\AppData\Local\{EA85C853-DF54-4916-9D54-1C5BF2AE9F5F} 2012-03-12 04:04:38 -------- d-----w- C:\Users\black dawg\AppData\Local\My Games 2012-03-12 03:55:54 -------- d-----w- C:\Users\black dawg\AppData\Local\{60BCAE54-4A38-4676-9E80-55FD0B7F0BDB} 2012-03-12 03:55:44 -------- d-----w- C:\Users\black dawg\AppData\Local\{66AE321B-1B6F-4E08-BBE2-560A5BCDB199} 2012-03-11 15:18:32 -------- d-----w- C:\Users\black dawg\AppData\Local\{547C9C6B-54F0-4CEA-A514-A9B379FFFE0F} 2012-03-11 15:18:22 -------- d-----w- C:\Users\black dawg\AppData\Local\{68D13C0D-82EB-486B-9E5C-471F9F8BDD79} 2012-03-11 00:48:59 -------- d-----w- C:\Program Files (x86)\Cisco Systems 2012-03-11 00:41:22 -------- d-----w- C:\ProgramData\Cisco Systems 2012-03-10 23:46:35 -------- d-----w- C:\Users\black dawg\AppData\Local\{20B081FE-48AE-4816-B439-5B970A065FEA} 2012-03-10 23:46:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{F5180429-BC19-413A-9FC1-AE3D666536B7} 2012-03-09 17:27:08 -------- d-----w- C:\Users\black dawg\AppData\Local\{9CFB98F3-0672-4813-ACCE-4795C0AAC52B} 2012-03-09 17:26:58 -------- d-----w- C:\Users\black dawg\AppData\Local\{3CD82E9B-6548-4958-A6EF-26FA1BB62959} 2012-03-09 02:19:21 -------- d-----w- C:\Users\black dawg\AppData\Local\{6931ED56-B2FB-4843-9C0B-967AB0F99B44} 2012-03-09 02:18:59 -------- d-----w- C:\Users\black dawg\AppData\Local\{FAA45533-0952-4FF3-9803-2087D7E9F88B} 2012-03-08 01:58:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{4069388D-F2AB-427D-A4ED-8718C52BFECD} 2012-03-08 01:57:55 -------- d-----w- C:\Users\black dawg\AppData\Local\{8EA1D0AC-8ED2-4EB9-81F7-2B8D93D3FEDB} 2012-03-07 01:57:26 -------- d-----w- C:\Users\black dawg\AppData\Local\{7ED7011B-6960-4631-8795-67A23CF6C4A7} . ==================== Find3M ==================== . 2012-04-04 16:13:42 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-03-06 04:45:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-04 23:39:20 110456 ----a-w- C:\Users\black dawg\g2ax_customer_downloadhelper_win32_x86.exe 2012-02-22 10:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-02-22 10:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-01-31 09:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys . ============= FINISH: 11:42:16.14 =============== ************************* Attach ************************* . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/27/2011 12:23:08 AM System Uptime: 4/4/2012 11:06:04 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | G73Sw Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 677 GiB total, 51.271 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel® Centrino® WiMAX 6250 Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8086_0186\1&1869C5E3&0&00 Manufacturer: Intel Corporation Name: Intel® Centrino® WiMAX 6250 PNP Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8086_0186\1&1869C5E3&0&00 Service: bpmp . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Officejet Pro L7700 Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet Pro L7700 PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet Pro L7700 Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro L7700 PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_06\26974808684CE00000 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_06\26974808684CE00000 Service: RTL8167 . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7500_7600_7700_Help1 Adobe AIR Adobe Flash Player 10 Plugin Adobe Reader X (10.1.2) Alice Madness Returns Alien Hallway Alpha Protocol Apple Application Support Apple Software Update Assassin's Creed Brotherhood ASUS AI Recovery ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_G73_Screensaver AsusVibe2.0 ATK Package Batman: Arkham Asylum Game of the Year Edition Best Buy pc app Borderlands bpd_scan_Carrier BPDSoftware BPDSoftware_Ini BufferChm Camtasia Studio 7 Cisco Connect Coupon Printer for Windows Curse Client CyberDefender Framework CyberLink LabelPrint CyberLink Power2Go D3DX10 Dangerous High School Girls in Trouble! Darkspore Limited Edition Darkspore™ Darwinia Defcon v1.6 Deus Ex Deus Ex: Human Revolution Deus Ex: Human Revolution - The Missing Link DirectX 9 Runtime Earth Defense Force: Insect Armageddon EVE Online (remove only) ExpressGate Cloud Fallout 3 GotY Fallout Mod Manager 0.13.21 FinalTorrent 2011 Fraps Global Agenda Launcher Global Agenda Live GoToManage Customer 1.6.0.363 Half-Life 2 Impulse® Intel® Control Center Intel® Management Engine Components IrfanView (remove only) Java Auto Updater Java™ 6 Update 29 Junk Mail filter update L7000_Basic Mafia II Majesty 2 Collection Malwarebytes Anti-Malware version 1.60.1.1000 Mass Effect 2 Mesh Runtime Messenger Companion Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 8.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser (KB973685) NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL Orcs Must Die! Pando Media Booster Pdf995 Perimeter Portal 2 PunkBuster Services QuickTime RAGE realMyst Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver Red Faction Red Faction II Rock of Ages RollerCoaster Tycoon 2 Triple Thrill Pack Roxio AACS Certificate Roxio Activation Module Roxio CinePlayer Saints Row 2 Saints Row: The Third Sanitarium Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sid Meier's Civilization V Sins of a Solar Empire Sins of a Solar Empire - Entrenchment Smoothping Elite Space Pirates and Zombies SPORE Star Ruler Star Trek Online Star Wars Empire at War Star Wars Empire at War Forces of Corruption Star Wars: The Old Republic Star Wolves Steam Stellar Impact System Requirements Lab The Ball The Settlers 7: Paths to a Kingdom - Gold Edition THX TruStudio Toolbox Tropico 3 Tropico 3 - Absolute Power Ubisoft Game Launcher Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Uplink Visual Studio 2008 x64 Redistributables Warhammer 40,000 Dawn of War: Soulstorm WebReg Webroot SecureAnywhere Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinFlash WinRAR 4.01 (32-bit) Wireless Console 3 Wondershare Video Converter Ultimate(Build 5.7.5.4) World of Logs Client (4.2) World of Warcraft Public Test Xilisoft iPhone Transfer Xvid Video Codec You Don't Know Jack Zombie Shooter 2 . ==== Event Viewer Messages From Past Week ======== . 4/4/2012 7:34:03 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MASA55 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}. The master browser is stopping or an election is being forced. 4/4/2012 3:26:21 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/4/2012 11:41:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service. 4/4/2012 11:14:11 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 4/4/2012 11:05:45 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 7:49:31 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 7:34:06 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 6:36:17 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 5:50:09 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 5:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 4/3/2012 5:26:08 PM, Error: Service Control Manager [7000] - The WRkrn service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. 4/3/2012 5:23:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/3/2012 5:23:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/3/2012 5:23:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/3/2012 5:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/3/2012 5:23:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO Avgldx64 Avgmfx64 discache spldr tmtdi Wanarpv6 4/3/2012 5:23:09 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 4/3/2012 5:23:07 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 2:48:21 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 12:36:30 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 11:31:56 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 11:22:05 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet. 4/3/2012 11:17:08 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/3/2012 10:53:35 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-USERS-IMAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}. The master browser is stopping or an election is being forced. 4/3/2012 10:53:08 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/2/2012 10:06:06 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance. 3/31/2012 1:03:06 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/30/2012 12:05:16 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259 3/29/2012 6:17:37 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/29/2012 12:31:08 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/29/2012 12:04:48 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 11:55:57 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/29/2012 10:04:53 AM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting. 3/29/2012 1:34:44 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/29/2012 1:22:15 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/28/2012 1:53:13 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting. . ==== End Of File =========================== I just did a fullscan using Malewarebytes and it picked up this. I'm just in a holding pattern right now, I want to remove but I'm not sure it will do anything. Here's the log: *************** Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 black dawg :: BLACKDAWG-PC [administrator] Protection: Enabled 4/4/2012 1:15:48 PM mbam-log-2012-04-04 (14-53-13).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 490091 Time elapsed: 1 hour(s), 33 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\ProgramData\Microsoft\Windows\DRM\B490.tmp (Rootkit.ZeroAccess) -> No action taken. C:\ProgramData\Microsoft\Windows\DRM\B491.tmp (Rootkit.ZeroAccess) -> No action taken. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.