bobm67
-
Posts
3 -
Joined
-
Last visited
-
Ping.exe malware on Windows 7 machine
bobm67 replied to bobm67's topic in Resolved Malware Removal Logs
sorry, I am running 64 bit Windows 7 -
Hi, I am getting the Ping.exe process running and eating up my cpu. This is slowing down my pc to a crawl. I read other threads and am uploading my 2 log files. Any help will be appreciated. Bob . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18 Run by BobM at 13:50:05 on 2011-10-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.5848 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe C:\Windows\system32\AEADISRV.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\AsHookDevice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\StkCSrv.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE C:\Windows\system32\conhost.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\SugarSync\SugarSyncManager.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe C:\Windows\system32\wuauclt.exe C:\Users\BobM\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\mSpot\mSpot\mSpot.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\i-Sound Pro\isound.exe C:\Zips\Utils\NoteZilla\NoteZilla.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe C:\Windows\system32\conhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskmgr.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Womble MPEG VCR\mpeg-vcr.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Java\j2re1.4.2_19\bin\java.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = 192.168.*.*;*.local uInternet Settings,ProxyServer = http=127.0.0.1:52000 uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe uRun: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [CPU Level Up] "C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe" -r mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [mSpot] C:\Program Files (x86)\mSpot\mSpot\mSpot.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [Hewlett-Packard Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL",DllRegisterServer StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\BobM\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\i-Sound.lnk - C:\Program Files (x86)\i-Sound Pro\isound.exe StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NOTEZI~1.LNK - C:\Zips\Utils\NoteZilla\NoteZilla.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll LSP: mswsock.dll DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} - hxxps://rview.net/RSupport/common/cab/rsupcomn.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://us1.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://icsa.intellichief.com/dana-cached/sc/JuniperSetupClient.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 192.168.1.1 71.243.0.12 TCP: Interfaces\{1BEFA9B2-7A4B-43B4-AE15-540EEAA40538} : DhcpNameServer = 192.168.1.1 71.243.0.12 TCP: Interfaces\{59C04FB2-B131-4A3D-B2A9-EB015B280E0D} : DhcpNameServer = 172.16.202.215 172.16.202.215 8.8.8.8 TCP: Interfaces\{B407FF0A-E476-4A1D-81B1-10133238C7FB} : DhcpNameServer = 192.168.1.1 71.243.0.12 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File mRun-x64: [CPU Level Up] "C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe" -r mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [mSpot] C:\Program Files (x86)\mSpot\mSpot\mSpot.exe mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd87934&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll FF - component: C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\DivX\DivX Web Player\npdivx32.dll FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll FF - plugin: C:\Users\BobM\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Users\BobM\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q= FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q= FF - user.js: keyword.enabled - true FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2009-5-14 759048] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-10-10 90112] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2009-10-10 196608] R2 havasvc;Vulkano Service;C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe [2011-4-18 146432] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-30 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-11 2255464] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R2 StkSSrv;iREZ K2r Service;C:\Windows\System32\StkCSrv.exe --> C:\Windows\System32\StkCSrv.exe [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 havabus;HAVA Bus Enumerator;C:\Windows\system32\DRIVERS\havabus.sys --> C:\Windows\system32\DRIVERS\havabus.sys [?] R3 HAVATV;Hava Video Device;C:\Windows\system32\DRIVERS\HAVATV.sys --> C:\Windows\system32\DRIVERS\HAVATV.sys [?] R3 HavaTV_10;Hava Remote Video Device;C:\Windows\system32\DRIVERS\HavaTV_10.sys --> C:\Windows\system32\DRIVERS\HavaTV_10.sys [?] R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vrvd5;vrvd5;C:\Windows\system32\DRIVERS\vrvd5.sys --> C:\Windows\system32\DRIVERS\vrvd5.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-23 1153368] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-21 984392] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960] S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?] S3 StkCMini;iREZ K2r;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424] . =============== File Associations =============== . .txt=UltraEdit.txt . =============== Created Last 30 ================ . 2011-10-05 17:40:35 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-10-04 03:43:13 81920 ----a-w- C:\Windows\SysWow64\srrstr.dll 2011-10-04 03:27:52 -------- d-----we C:\Windows\system64 2011-10-04 01:37:19 -------- d-----w- C:\Program Files (x86)\honestech 2011-10-04 01:36:14 -------- d-----w- C:\Program Files (x86)\honestech VHS to DVD 4.0 2011-10-02 18:07:32 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-10-02 18:07:32 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2011-10-02 18:07:31 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-10-02 18:07:31 125912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe 2011-09-30 00:27:54 -------- d-----w- C:\Users\BobM\AppData\Roaming\Foxit Software 2011-09-15 12:33:59 -------- d-----w- C:\Program Files (x86)\Common Files\Monsoon Multimedia 2011-09-11 21:21:11 737280 ----a-w- C:\Windows\iun6002.exe 2011-09-11 21:21:10 -------- d-----w- C:\PC-Checkup 2011-09-11 18:20:39 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2011-09-11 18:19:14 -------- d-----w- C:\ProgramData\Symantec 2011-09-11 18:09:23 -------- d-----w- C:\Users\BobM\AppData\Roaming\Tific 2011-09-11 18:09:23 -------- d-----w- C:\Users\BobM\AppData\Local\Tific 2011-09-11 18:09:17 -------- d-----w- C:\ProgramData\Norton 2011-09-11 18:09:10 -------- d-----w- C:\ProgramData\NortonInstaller 2011-09-11 17:13:54 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll 2011-09-11 17:13:54 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll 2011-09-11 16:44:57 -------- d-----w- C:\Windows\System32\SPReview 2011-09-11 16:44:27 -------- d-----w- C:\Windows\System32\EventProviders 2011-09-11 16:43:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint 2011-09-11 16:24:10 -------- d-----w- C:\Drivers 2011-09-11 16:14:33 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2011-09-11 16:11:22 -------- d-----w- C:\NVIDIA 2011-09-11 15:36:45 -------- d-----w- C:\ProgramData\UAB 2011-09-11 15:36:25 -------- d-----w- C:\Users\BobM\AppData\Local\PC_Drivers_Headquarters 2011-09-11 15:34:45 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters 2011-09-09 01:51:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2011-09-09 01:51:44 -------- d-----w- C:\Program Files\IIS 2011-09-09 01:51:44 -------- d-----w- C:\Program Files (x86)\IIS 2011-09-09 01:51:25 560320 ----a-w- C:\ProgramData\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:47:38 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:44:53 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:38:59 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-09-09 01:38:59 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-09-09 01:36:28 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2011-09-09 01:36:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-09-09 01:36:10 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:35:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2011-09-09 01:34:39 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2011-09-09 01:34:39 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2011-09-06 01:00:26 105824 ----a-w- C:\Windows\System32\SQSRVRES.DLL . ==================== Find3M ==================== . 2011-09-11 16:53:51 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-09-11 16:53:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-09-11 16:00:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-09 03:02:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys 2011-08-01 17:47:36 266240 ----a-w- C:\Windows\SysWow64\HavaItf.ax 2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll 2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-18 17:08:51 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2011-07-18 17:08:51 80768 ----a-w- C:\Windows\System32\LMIinit.dll 2011-07-18 17:08:51 33152 ----a-w- C:\Windows\System32\LMIport.dll 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys . ============= FINISH: 13:50:59.60 =============== any help or guidance with this issue will be greatly appreciated. I am afraid to do stuff on my computer until this is resolved. Bob Attach.zip DDS.zip
-
I've got the same thing going on in my Windows 7 PC... Here is my DDS.txt and attach.txt... Thanks in advance for any help. Bob . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18 Run by BobM at 11:38:43 on 2011-10-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.4801 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe C:\Windows\system32\AEADISRV.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\AsHookDevice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\StkCSrv.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files (x86)\SugarSync\SugarSyncManager.exe C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Users\BobM\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\mSpot\mSpot\mSpot.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\i-Sound Pro\isound.exe C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe C:\Zips\Utils\NoteZilla\NoteZilla.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\XtreMe PCR\XtreMePCR.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\zabkat\xplorer2\xplorer2_UC.exe C:\Program Files (x86)\Womble MPEG VCR\mpeg-vcr.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = 192.168.*.*;*.local uInternet Settings,ProxyServer = http=127.0.0.1:52000 uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe uRun: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [CPU Level Up] "C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe" -r mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [mSpot] C:\Program Files (x86)\mSpot\mSpot\mSpot.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRunOnce: [boot Deleter-456] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Temp\ONLINGO mRunOnce: [boot Deleter-BE2] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\hsperfdata_BOBM-PC7$ mRunOnce: [boot Deleter-813] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\flaB75.tmp dRun: [Hewlett-Packard Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL",DllRegisterServer StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\BobM\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\i-Sound.lnk - C:\Program Files (x86)\i-Sound Pro\isound.exe StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NOTEZI~1.LNK - C:\Zips\Utils\NoteZilla\NoteZilla.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll LSP: mswsock.dll DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} - hxxps://rview.net/RSupport/common/cab/rsupcomn.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://us1.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://icsa.intellichief.com/dana-cached/sc/JuniperSetupClient.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 192.168.1.1 71.243.0.12 TCP: Interfaces\{1BEFA9B2-7A4B-43B4-AE15-540EEAA40538} : DhcpNameServer = 192.168.1.1 71.243.0.12 TCP: Interfaces\{59C04FB2-B131-4A3D-B2A9-EB015B280E0D} : DhcpNameServer = 172.16.202.215 172.16.202.215 8.8.8.8 TCP: Interfaces\{B407FF0A-E476-4A1D-81B1-10133238C7FB} : DhcpNameServer = 192.168.1.1 71.243.0.12 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File mRun-x64: [CPU Level Up] "C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe" -r mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [mSpot] C:\Program Files (x86)\mSpot\mSpot\mSpot.exe mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRunOnce-x64: [boot Deleter-456] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Temp\ONLINGO mRunOnce-x64: [boot Deleter-BE2] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\hsperfdata_BOBM-PC7$ mRunOnce-x64: [boot Deleter-813] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\flaB75.tmp IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd87934&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll FF - component: C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\DivX\DivX Web Player\npdivx32.dll FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll FF - plugin: C:\Users\BobM\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Users\BobM\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q= FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q= FF - user.js: keyword.enabled - true FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 havabus;HAVA Bus Enumerator;C:\Windows\system32\DRIVERS\havabus.sys --> C:\Windows\system32\DRIVERS\havabus.sys [?] R3 HAVATV;Hava Video Device;C:\Windows\system32\DRIVERS\HAVATV.sys --> C:\Windows\system32\DRIVERS\HAVATV.sys [?] R3 HavaTV_10;Hava Remote Video Device;C:\Windows\system32\DRIVERS\HavaTV_10.sys --> C:\Windows\system32\DRIVERS\HavaTV_10.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vrvd5;vrvd5;C:\Windows\system32\DRIVERS\vrvd5.sys --> C:\Windows\system32\DRIVERS\vrvd5.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?] S3 StkCMini;iREZ K2r;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?] S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?] . =============== File Associations =============== . .txt=UltraEdit.txt . =============== Created Last 30 ================ . 2011-10-04 21:41:19 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-10-04 03:43:13 81920 ----a-w- C:\Windows\SysWow64\srrstr.dll 2011-10-04 03:27:52 -------- d-----we C:\Windows\system64 2011-10-04 01:37:19 -------- d-----w- C:\Program Files (x86)\honestech 2011-10-04 01:36:14 -------- d-----w- C:\Program Files (x86)\honestech VHS to DVD 4.0 2011-10-02 18:07:32 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-10-02 18:07:32 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll 2011-10-02 18:07:31 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-10-02 18:07:31 125912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe 2011-09-30 00:27:54 -------- d-----w- C:\Users\BobM\AppData\Roaming\Foxit Software 2011-09-15 12:33:59 -------- d-----w- C:\Program Files (x86)\Common Files\Monsoon Multimedia 2011-09-11 21:21:11 737280 ----a-w- C:\Windows\iun6002.exe 2011-09-11 21:21:10 -------- d-----w- C:\PC-Checkup 2011-09-11 18:20:39 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2011-09-11 18:19:14 -------- d-----w- C:\ProgramData\Symantec 2011-09-11 18:09:23 -------- d-----w- C:\Users\BobM\AppData\Roaming\Tific 2011-09-11 18:09:23 -------- d-----w- C:\Users\BobM\AppData\Local\Tific 2011-09-11 18:09:17 -------- d-----w- C:\ProgramData\Norton 2011-09-11 18:09:10 -------- d-----w- C:\ProgramData\NortonInstaller 2011-09-11 17:13:54 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll 2011-09-11 17:13:54 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll 2011-09-11 16:44:57 -------- d-----w- C:\Windows\System32\SPReview 2011-09-11 16:44:27 -------- d-----w- C:\Windows\System32\EventProviders 2011-09-11 16:43:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint 2011-09-11 16:24:10 -------- d-----w- C:\Drivers 2011-09-11 16:14:33 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2011-09-11 16:11:22 -------- d-----w- C:\NVIDIA 2011-09-11 15:36:45 -------- d-----w- C:\ProgramData\UAB 2011-09-11 15:36:25 -------- d-----w- C:\Users\BobM\AppData\Local\PC_Drivers_Headquarters 2011-09-11 15:34:45 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters 2011-09-09 01:51:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2011-09-09 01:51:44 -------- d-----w- C:\Program Files\IIS 2011-09-09 01:51:44 -------- d-----w- C:\Program Files (x86)\IIS 2011-09-09 01:51:25 560320 ----a-w- C:\ProgramData\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:47:38 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:44:53 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:38:59 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-09-09 01:38:59 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-09-09 01:36:28 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2011-09-09 01:36:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-09-09 01:36:10 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-09-09 01:35:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2011-09-09 01:34:39 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2011-09-09 01:34:39 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2011-09-06 01:00:26 105824 ----a-w- C:\Windows\System32\SQSRVRES.DLL . ==================== Find3M ==================== . 2011-09-11 16:53:51 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-09-11 16:53:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-09-11 16:00:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-09 03:02:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys 2011-08-01 17:47:36 266240 ----a-w- C:\Windows\SysWow64\HavaItf.ax 2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll 2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-18 17:08:51 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2011-07-18 17:08:51 80768 ----a-w- C:\Windows\System32\LMIinit.dll 2011-07-18 17:08:51 33152 ----a-w- C:\Windows\System32\LMIport.dll 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys . ============= FINISH: 11:42:20.04 =============== here is the attach.txt file zipped.. thanks again! Bob