Jump to content

Recommended Posts

Hi,

I was somehow infected with the "System Security 2012" virus last night. I say "somehow" because firefox was literally the only program running on my computer at the time, on a perfectly safe site. I went out and when I returned an hour or so later, I had the "Privacy Protection" fake anti malware program running which then led to SS 2012 being installed. After several hours of working with it, MBAM has finally removed all instances of the problem that it can detect (was around 2000 or so), however I am still getting very slow performance from my PC, and seem to have quite a few more processes running in the task manager than before. I have run TDSSKiller, which found 1 problem and removed it, as well ass DDS and GMER, the logs for which I will post below. I did force quit several processes in the task manager, simply because they were hogging memory/cpu usage which made it very hard to get anything running on my computer. If the logs included here are not conclusive, I will happily do a fresh restart and post the full logs with no processes manually terminated. Just for reference, the processes that were causing the most trouble were PING.EXE and an instance of svchost. Thank you all very much for any help!

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

I have exactly the same problem I'm providing the files you asked for in the hopes you can help.. if you would prefer I start my own post I will.. thanks..

MBAM log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8134

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/10/2011 4:21:23 PM

mbam-log-2011-11-10 (16-21-23).txt

Scan type: Quick scan

Objects scanned: 167878

Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Mike at 16:26:39 on 2011-11-10

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2132 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\conhost.exe

C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\CDCovers Toolbar\tbhelper.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: GretechBHO Class: {f0181c6e-9218-4792-9f3c-e8df52b2f1ac} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll

BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\CDCovers Toolbar\tbcore3.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll

uRun: [AdobeBridge]

uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &MP3Bar - C:\Program Files (x86)\Fiesta Download Manager\mp3bar.dll/MENUSEARCH.HTM

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: microsoft.com\oas.support

Trusted Zone: microsoft.com\support

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1D041C67-A0A1-430C-B292-4A48E95F7540} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{46BC1FB4-8996-4ADA-BCCB-52919E4126D8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6AD2D60C-2BD9-466E-90CC-372AAA66F81F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C02A3D7E-DB44-4471-B3C3-5E7BF4EFFFA7} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File

BHO-X64: ZoneAlarm Toolbar Registrar - No File

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll

BHO-X64: GomPicker - No File

BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\CDCovers Toolbar\tbcore3.dll

BHO-X64: SMTTB2009 - No File

TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o3h22d08.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.dallasnews.com/sports/football/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bacd9efbb-06e9-4025-8bd8-ce1d5f59dfda%7D&mid=2fd07e6a3ef247d18625d15267ad68ac-ca82a1bb9edf20c0b01d99d88b94bf507b0393c6&ds=AVG&v=8.0.0.40〈=en&pr=fr&d=2011-11-06%2022%3A24%3A26&sap=ku&q=

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o3h22d08.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o3h22d08.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o3h22d08.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o3h22d08.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o3h22d08.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-2-16 366152]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-21 1153368]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-6 246624]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;C:\Windows\system32\DRIVERS\e1q62x64.sys --> C:\Windows\system32\DRIVERS\e1q62x64.sys [?]

R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys --> C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [?]

R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\system32\drivers\EvoMouseDriverMini.sys --> C:\Windows\system32\drivers\EvoMouseDriverMini.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-10 21:18:48 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-10 21:05:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97E7C93F-A6C2-431D-8D64-F00656FB3B09}\offreg.dll

2011-11-09 22:36:20 -------- d-----w- C:\Users\Mike\AppData\Local\Akamai

2011-11-09 21:40:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 21:40:56 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 21:40:54 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 21:40:53 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 21:38:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97E7C93F-A6C2-431D-8D64-F00656FB3B09}\mpengine.dll

2011-11-08 00:51:22 -------- d-----w- C:\Windows\System32\appmgmt

2011-11-07 03:25:20 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG2012

2011-11-07 03:24:22 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2011-11-07 03:24:21 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2011-11-07 03:24:17 -------- d--h--w- C:\ProgramData\Common Files

2011-11-07 03:24:10 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-11-07 03:23:36 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-11-07 03:23:36 -------- d-----w- C:\ProgramData\AVG2012

2011-11-07 03:22:43 -------- d-----w- C:\Program Files (x86)\AVG

2011-11-07 03:19:07 -------- d-----w- C:\ProgramData\MFAData

2011-11-07 01:14:50 -------- d-----w- C:\Users\Mike\AppData\Roaming\gfEEL9gTZjYCkVl

2011-11-07 01:14:50 -------- d-----w- C:\Users\Mike\AppData\Roaming\FS22ibD3pG4aHsK

2011-11-07 01:10:41 -------- d-----w- C:\ProgramData\STOPzilla!

2011-11-07 00:36:30 -------- d-----w- C:\Users\Mike\AppData\Roaming\wL9gTZqjYwIrOtP

2011-11-07 00:36:29 -------- d-----w- C:\Users\Mike\AppData\Roaming\TcS2ibD3pGaHsKf

2011-11-06 00:10:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\baQH6dWK7R9TqY

2011-11-06 00:10:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\A2ibF3pnG

2011-11-05 23:53:00 -------- d-----w- C:\Users\Mike\AppData\Roaming\gXwjjUVeIBtPNc1

2011-11-05 23:53:00 -------- d-----w- C:\Users\Mike\AppData\Roaming\GvDD2obFpmG5Q6E

2011-11-05 23:48:18 -------- d-----w- C:\Users\Mike\AppData\Roaming\RcccS11ibD3oG4

2011-11-05 23:48:18 -------- d-----w- C:\Users\Mike\AppData\Roaming\dmHH66sWJ7fELgZ

2011-11-05 23:48:16 -------- d-----w- C:\Users\Mike\AppData\Roaming\AG55ssQJ6dEKfR9

2011-11-05 23:48:15 -------- d-----w- C:\Users\Mike\AppData\Roaming\WVVVellOBtz0

2011-11-05 23:48:14 -------- d-----w- C:\Users\Mike\AppData\Roaming\HD33oonG4amHsW

2011-11-05 23:48:13 -------- d-----w- C:\Users\Mike\AppData\Roaming\NOOONNtxA0u

2011-10-29 22:49:41 -------- d-----w- C:\Users\Mike\AppData\Local\SlimWare Utilities Inc

2011-10-29 22:49:37 -------- d-----w- C:\Program Files (x86)\SlimCleaner

2011-10-29 22:48:48 -------- d-----w- C:\Program Files (x86)\Downloaded Installers

2011-10-13 19:33:47 -------- d-----w- C:\Program Files\iTunes

2011-10-13 19:33:47 -------- d-----w- C:\Program Files\iPod

2011-10-13 19:31:42 -------- d-----w- C:\Program Files\Bonjour

2011-10-13 19:31:42 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-10-13 19:11:50 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-13 19:11:50 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-13 19:11:50 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-13 19:11:49 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-13 19:09:26 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-13 19:09:26 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-13 19:09:26 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-13 19:09:26 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

==================== Find3M ====================

.

2011-10-25 20:05:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 11:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2011-09-13 11:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-08-19 15:01:33 138872 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys

2011-08-19 15:01:33 138872 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys

.

============= FINISH: 16:27:19.56 ===============

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.