Jump to content

possibility of malware, not sure

mjudokick
 Share

Recommended Posts

mjudokick

mjudokick

Posted
Posted

so recently, my computer has been acting weird (my diagnostic policy service stops on the hour, every hour and looking through my event viewer i found a couple of services stopping with the DPS). i scanned my computer with four different programs (AVG, malwarebytes, tdsskiller, and windows defender) and all of them found nothing. i was wondering what i could do to be completely sure that this problem isn't being caused by malware and i just need to find help to fix the problem with my uninfected computer.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Mike at 21:55:22 on 2013-04-27

Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6030.2671 [GMT -5:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Windows\system32\DptfParticipantProcessorService.exe

C:\Windows\system32\DptfPolicyConfigTDPService.exe

C:\Windows\system32\dashost.exe

C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Mike\AppData\Roaming\Spotify\spotify.exe

C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe

C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files\McAfeeEx\IATSPreloadMon.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

c:\PROGRA~1\mcafee\msc\mcawfwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://asus13.msn.com

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [spotify Web Helper] "C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [spotify] "C:\Users\Mike\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Akamai NetSession Interface] "C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui

mRun: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 130.126.2.131

TCP: Interfaces\{A65F1648-AFE4-4BB8-B333-70598E0E4737} : DHCPNameServer = 130.126.2.131

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe

x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\yet4vckr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Mike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: D:\Programs\Chem3D\npChem3DPlugin.dll

FF - plugin: D:\Programs\ChemDraw\NPCDP32.DLL

FF - ExtSQL: 2013-04-26 00:22; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]

R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-11-6 95024]

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-2-26 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-2-24 247608]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2010-7-14 87600]

R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-11-6 23344]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]

R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-4-10 168592]

R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-10-7 29056]

R2 DptfPolicyConfigTDPService;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2012-10-7 30592]

R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-6 129856]

R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-11-6 193576]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-6 166720]

R2 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2012-11-6 219832]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2012-11-6 219832]

R2 McSchedulerSvc;McAfee PC Task Scheduler Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2012-11-6 219832]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-6 365376]

R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-26 1008816]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]

R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]

R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-10-7 107328]

R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-10-7 42816]

R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-10-7 64832]

R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-10-7 96064]

R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-10-7 228672]

R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-10-7 361792]

R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-10-7 21152]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-7 342528]

R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-11-6 43800]

R3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-3-14 332080]

R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-11-6 294544]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-6 690832]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-12-26 23552]

.

=============== File Associations ===============

.

FileExt: .js: ChemDoodle 9="C:\Program Files (x86)\ChemDoodle\.\.\ChemDoodle.exe" "%1"

.

=============== Created Last 30 ================

.

2013-04-27 21:38:22 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft_Corporation

2013-04-26 22:59:21 -------- d-----w- C:\Windows\LastGood.Tmp

2013-04-26 22:56:38 -------- d-----w- C:\Users\Mike\AppData\Local\Akamai

2013-04-26 20:09:41 -------- d-----w- C:\sources

2013-04-26 07:57:33 0 ----a-w- C:\Windows\FAP9ACA.tmp

2013-04-26 07:57:33 0 ----a-w- C:\Windows\FAP9A69.tmp

2013-04-26 07:57:33 0 ----a-w- C:\Windows\FAP99D9.tmp

2013-04-26 07:56:09 0 ----a-w- C:\Windows\FAP5447.tmp

2013-04-26 07:56:09 0 ----a-w- C:\Windows\FAP53C7.tmp

2013-04-26 07:56:09 0 ----a-w- C:\Windows\FAP5356.tmp

2013-04-26 07:56:03 0 ----a-w- C:\Windows\FAP3CED.tmp

2013-04-26 07:56:03 0 ----a-w- C:\Windows\FAP3C1F.tmp

2013-04-26 07:56:03 0 ----a-w- C:\Windows\FAP3BED.tmp

2013-04-26 07:49:21 0 ----a-w- C:\Windows\FAP17B6.tmp

2013-04-26 07:49:21 0 ----a-w- C:\Windows\FAP1755.tmp

2013-04-26 07:49:20 0 ----a-w- C:\Windows\FAP16D5.tmp

2013-04-26 07:44:52 0 ----a-w- C:\Windows\FAPFC87.tmp

2013-04-26 07:44:51 0 ----a-w- C:\Windows\FAPFC36.tmp

2013-04-26 07:44:51 0 ----a-w- C:\Windows\FAPFBC5.tmp

2013-04-26 07:44:45 0 ----a-w- C:\Windows\FAPE116.tmp

2013-04-26 07:44:44 0 ----a-w- C:\Windows\FAPE0D5.tmp

2013-04-26 07:44:44 0 ----a-w- C:\Windows\FAPE074.tmp

2013-04-26 07:44:44 0 ----a-w- C:\Windows\FAPE032.tmp

2013-04-26 07:44:44 0 ----a-w- C:\Windows\FAPDFE1.tmp

2013-04-26 07:44:44 0 ----a-w- C:\Windows\FAPDF90.tmp

2013-04-26 07:44:11 0 ----a-w- C:\Windows\FAP5C15.tmp

2013-04-26 07:44:10 0 ----a-w- C:\Windows\FAP5BC4.tmp

2013-04-26 07:44:10 0 ----a-w- C:\Windows\FAP5B44.tmp

2013-04-26 07:33:31 0 ----a-w- C:\Windows\FAP982B.tmp

2013-04-26 07:32:53 0 ----a-w- C:\Windows\FAP454.tmp

2013-04-26 07:32:52 0 ----a-w- C:\Windows\FAP20F.tmp

2013-04-26 07:32:18 0 ----a-w- C:\Windows\FAP7C81.tmp

2013-04-26 07:32:18 0 ----a-w- C:\Windows\FAP7B45.tmp

2013-04-26 07:32:15 0 ----a-w- C:\Windows\FAP7075.tmp

2013-04-26 07:15:31 0 ----a-w- C:\Windows\FAP1E72.tmp

2013-04-26 07:15:30 0 ----a-w- C:\Windows\FAP1CF8.tmp

2013-04-26 07:12:59 0 ----a-w- C:\Windows\FAPCD1A.tmp

2013-04-26 07:12:59 0 ----a-w- C:\Windows\FAPCC5B.tmp

2013-04-26 07:10:07 0 ----a-w- C:\Windows\FAP2F37.tmp

2013-04-26 07:10:07 0 ----a-w- C:\Windows\FAP2F25.tmp

2013-04-26 07:10:07 0 ----a-w- C:\Windows\FAP2F03.tmp

2013-04-26 07:10:07 0 ----a-w- C:\Windows\FAP2EC1.tmp

2013-04-26 07:10:07 0 ----a-w- C:\Windows\FAP2E70.tmp

2013-04-26 07:10:07 0 ----a-w- C:\Windows\FAP2E6D.tmp

2013-04-26 07:10:05 0 ----a-w- C:\Windows\FAP260D.tmp

2013-04-26 07:10:05 0 ----a-w- C:\Windows\FAP25FB.tmp

2013-04-26 07:10:05 0 ----a-w- C:\Windows\FAP25E8.tmp

2013-04-26 07:10:05 0 ----a-w- C:\Windows\FAP25D5.tmp

2013-04-26 07:10:05 0 ----a-w- C:\Windows\FAP25C3.tmp

2013-04-26 07:10:05 0 ----a-w- C:\Windows\FAP2581.tmp

2013-04-26 07:09:37 0 ----a-w- C:\Windows\FAPB6A7.tmp

2013-04-26 07:09:08 0 ----a-w- C:\Windows\FAP4676.tmp

2013-04-26 07:09:07 0 ----a-w- C:\Windows\FAP41FE.tmp

2013-04-26 06:47:45 0 ----a-w- C:\Windows\FAPB315.tmp

2013-04-26 06:47:45 0 ----a-w- C:\Windows\FAPB18C.tmp

2013-04-26 06:37:53 0 ----a-w- C:\Windows\FAPAA51.tmp

2013-04-26 06:37:53 0 ----a-w- C:\Windows\FAPA992.tmp

2013-04-26 06:32:56 0 ----a-w- C:\Windows\FAP23F8.tmp

2013-04-26 06:31:58 0 ----a-w- C:\Windows\FAP3F51.tmp

2013-04-26 06:28:06 0 ----a-w- C:\Windows\FAPB6A5.tmp

2013-04-26 06:16:13 0 ----a-w- C:\Windows\FAPD26C.tmp

2013-04-26 06:16:11 0 ----a-w- C:\Windows\FAPCBE1.tmp

2013-04-26 05:58:36 0 ----a-w- C:\Windows\FAPB259.tmp

2013-04-26 05:58:35 0 ----a-w- C:\Windows\FAPAFB6.tmp

2013-04-26 05:48:15 0 ----a-w- C:\Windows\FAP3A41.tmp

2013-04-26 05:48:06 0 ----a-w- C:\Windows\FAP15ED.tmp

2013-04-26 05:45:10 0 ----a-w- C:\Windows\FAP664A.tmp

2013-04-26 05:45:04 0 ----a-w- C:\Windows\FAP4E1C.tmp

2013-04-26 05:41:17 -------- d-----w- C:\Users\Mike\AppData\Roaming\Glarysoft

2013-04-26 05:41:17 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2013-04-26 05:32:41 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG

2013-04-26 05:31:59 -------- d-----w- C:\ProgramData\AVG

2013-04-26 05:31:51 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-04-26 05:23:41 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG2013

2013-04-26 05:22:30 -------- d-----w- C:\Users\Mike\AppData\Local\AVG SafeGuard toolbar

2013-04-26 05:22:25 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar

2013-04-26 05:22:22 40736 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-04-26 05:22:21 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2013-04-26 05:22:20 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar

2013-04-26 05:21:24 -------- d--h--w- C:\$AVG

2013-04-26 05:21:24 -------- d-----w- C:\ProgramData\AVG2013

2013-04-26 05:16:16 -------- d-----w- C:\Users\Mike\AppData\Local\Avg2013

2013-04-26 02:34:15 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{005B2D01-C3BC-49E1-AAFD-8F338A3B89CE}\mpengine.dll

2013-04-26 02:02:15 193200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10200.bin

2013-04-26 01:58:57 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 01:56:08 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-04-24 05:25:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-24 04:16:19 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes

2013-04-24 04:16:14 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-24 04:16:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-24 04:16:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-24 04:15:57 -------- d-----w- C:\Users\Mike\AppData\Local\Programs

2013-04-23 21:02:39 -------- d-sh--w- C:\found.001

2013-04-22 22:42:47 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2013-04-22 01:23:41 -------- d-----w- C:\Users\Mike\AppData\Roaming\moses2

2013-04-22 01:22:55 -------- d-----w- C:\Program Files (x86)\Mestrelab Research S.L

2013-04-22 01:21:40 -------- d-----w- C:\ProgramData\CambridgeSoft

2013-04-19 02:55:01 -------- d-----w- C:\ProgramData\Citrix

2013-04-19 02:54:49 -------- d-----w- C:\Users\Mike\AppData\Roaming\ICAClient

2013-04-19 02:54:49 -------- d-----w- C:\Users\Mike\AppData\Local\Citrix

2013-04-19 02:54:44 -------- d-----w- C:\Program Files (x86)\Citrix

2013-04-18 08:23:07 -------- d-----w- C:\ProgramData\ASUS

2013-04-12 21:02:59 332520 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-04-12 04:55:52 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-11 04:46:54 -------- d-----w- C:\Users\Mike\AppData\Local\Facebook

2013-04-10 22:34:41 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-04-10 22:34:41 1011200 ----a-w- C:\Windows\System32\reseteng.dll

2013-04-10 22:23:06 5664768 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi

2013-04-03 21:28:14 -------- d--h--w- C:\Users\Mike\.cduf

2013-04-03 21:28:01 -------- d-----w- C:\Program Files (x86)\ChemDoodle

.

==================== Find3M ====================

.

2013-04-28 01:35:07 408 ----a-w- C:\Users\Mike\AppData\Roaming\sp_data.sys

2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-19 22:19:24 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-03-15 03:06:38 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-15 03:06:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-07 06:50:56 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys

2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys

2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys

2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys

2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys

2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe

2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll

2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll

2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll

2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll

2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll

2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll

2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll

2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll

2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll

2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl

2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll

2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll

2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll

2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll

2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll

2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll

2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll

2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll

2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll

2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll

2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl

2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys

2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys

2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys

2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys

2013-02-27 04:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-02-25 04:37:28 247608 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-08 09:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-02-08 09:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-02-08 09:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-02-08 09:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-02-08 09:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

.

============= FINISH: 21:55:40.95 ===============

and here is the attach file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume1

Install Date: 12/26/2012 4:59:54 AM

System Uptime: 4/27/2013 8:34:31 PM (1 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | K46CA

Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 215.613 GiB free.

D: is FIXED (NTFS) - 398 GiB total, 393.509 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP23: 4/21/2013 8:21:08 PM - Installed CambridgeSoft ChemBioDraw Ultra 13.0.

RP24: 4/24/2013 12:24:32 AM - Installed Java 7 Update 21

RP25: 4/24/2013 2:31:56 PM - Before Mod

RP26: 4/25/2013 8:54:49 PM - Removed AVG 2013

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) MUI

Adobe Shockwave Player 12.0

Akamai NetSession Interface

Apple Application Support

Apple Software Update

ASUS Instant Connect

ASUS InstantOn

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS Smart Gesture

ASUS Splendid Video Enhancement Technology

ASUS Tutor

ASUS USB Charger Plus

ASUS WebStorage Sync Agent

ASUSDVD

ATK Package

AVG 2013

Bing Desktop

CambridgeSoft ChemBioDraw Ultra 13.0

ChemDoodle

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

ExpressCache

Facebook Video Calling 1.2.0.287

Glary Utilities 2.54.0.1759

Google Chrome

Google Talk Plugin

Google Update Helper

Graphing Calculator 3D 3.2

Intel® Dynamic Platform and Thermal Framework

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Start Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Java 7 Update 21

Java Auto Updater

League of Legends

Malwarebytes Anti-Malware version 1.75.0.1300

MestReNova LITE 5.2.5-5780

Microsoft Office

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

Pando Media Booster

Qualcomm Atheros Client Installation Program

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shared C Run-time for x64

Skype™ 6.3

Spotify

swMSM

Unity Web Player

University of Illinois Wireless Wizard

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2010 x64 Redistributables

Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)

WinFlash

.

==== Event Viewer Messages From Past Week ========

.

4/27/2013 9:01:43 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.

4/27/2013 9:00:01 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/27/2013 9:00:01 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/27/2013 9:00:01 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/27/2013 8:34:15 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

4/27/2013 8:15:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Diagnostic Policy Service service, but this action failed with the following error: An instance of the service is already running.

4/27/2013 6:00:00 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

4/27/2013 6:00:00 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

4/27/2013 6:00:00 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

4/27/2013 5:00:00 PM, Error: Service Control Manager [7023] - The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service.

4/27/2013 4:02:29 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

4/26/2013, Error: Service Control Manager [7034] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 4 time(s).

4/26/2013 3:12:22 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.

4/26/2013 3:07:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Mike\Mike SID (S-1-5-21-239157387-1853744534-3322689955-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

4/26/2013 3:06:56 AM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.

4/26/2013 3:00:00 PM, Error: Service Control Manager [7034] - The Windows Firewall service terminated unexpectedly. It has done this 3 time(s).

4/26/2013 3:00:00 PM, Error: Service Control Manager [7034] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 3 time(s).

4/26/2013 3:00:00 PM, Error: Service Control Manager [7034] - The Base Filtering Engine service terminated unexpectedly. It has done this 3 time(s).

4/26/2013 12:25:54 AM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

4/26/2013 12:14:32 AM, Error: Service Control Manager [7024] -

4/26/2013 12:14:31 AM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends on the following service: AVGIDSDriver. This service might not be installed.

4/26/2013 1:32:02 PM, Error: NetBT [4321] - The name "MIKE :20" could not be registered on the interface with IP address 130.126.215.128. The computer with the IP address 128.174.5.31 did not allow the name to be claimed by this computer.

4/26/2013 1:31:59 PM, Error: NetBT [4321] - The name "MIKE :0" could not be registered on the interface with IP address 130.126.215.128. The computer with the IP address 128.174.5.31 did not allow the name to be claimed by this computer.

4/25/2013 8:59:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.149.634.0).

4/25/2013 8:39:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/25/2013 8:39:31 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 8:39:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 8:39:31 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 8:39:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/25/2013 8:39:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "Unavailable" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/25/2013 8:39:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

4/25/2013 6:41:34 PM, Error: Service Control Manager [7031] - The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/25/2013 6:41:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

4/25/2013 6:08:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/25/2013 6:07:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

4/25/2013 6:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/25/2013 6:04:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/25/2013 6:04:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2013 6:04:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 6:04:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2013 6:04:32 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2013 12:38:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

4/24/2013 9:03:27 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000000. The name of the file is "<unable to="" determine="" file="" name="">".

4/24/2013 9:03:27 PM, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume4) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

4/24/2013 5:59:39 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x6000000016d5d. The name of the file is "\ProgramData\AVG2013\IDS\malwareprofile\nodes.dat".

4/23/2013 7:10:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} and APPID {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} to the user Mike\Mike SID (S-1-5-21-239157387-1853744534-3322689955-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

4/23/2013 6:16:44 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{EFDCEFC6-D144-4077-98C7-44D5A3C2B876} because another computer on the network has the same name. The server could not start.

4/22/2013 9:03:17 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

4/22/2013 4:32:47 PM, Error: NetBT [4321] - The name "MIKE :20" could not be registered on the interface with IP address 172.16.149.89. The computer with the IP address 128.174.5.31 did not allow the name to be claimed by this computer.

4/22/2013 4:32:43 PM, Error: NetBT [4321] - The name "MIKE :0" could not be registered on the interface with IP address 172.16.149.89. The computer with the IP address 128.174.5.31 did not allow the name to be claimed by this computer.

4/22/2013 10:38:24 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

4/22/2013 10:38:24 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is relay.l.google.com. The SSL connection request has failed. The attached data contains the server certificate.

.

==== End Of File =====

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.