jl86

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows 7 Home Premium x64 Ran by Connected User on Mon 01/14/2013 at 4:47:23.73 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.BHO Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.BHO.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021804.Sandbox.1 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Connected User\appdata\local\best buy pc app" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 01/14/2013 at 5:16:19.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Connected User at 9:30:54 on 2013-01-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5884.4351 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mWinlogon: Userinit = userinit.exe, BHO: MRI_DISABLED - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{12CBE31A-C801-4837-931D-733E5B44F586} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\2456C6B696E6E253238373 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\2696261627B6D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\3456E647572797C496E6B673130333 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\74F4543584 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\A43405C4D2055726C69636 : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\A4563757373486279637474496564645F67496675695F657C4966656 : DHCPNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\D4951444F4E49435 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{CE16D7BF-7522-4382-A62A-3A5EF3F62529} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-19 73856] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-19 28800] R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-19 55856] R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2012-12-22 18768] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-19 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-19 202752] R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2012-12-22 23376] R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592] R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2012-12-22 17232] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-22 398184] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-19 689472] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-3-19 20984] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-22 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-19 38456] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/03/19 15:12:14;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-22 682344] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-19 172704] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-19 250984] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-8 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-14 11:47:20 -------- d-----w- C:\Windows\ERUNT 2013-01-14 11:47:06 -------- d-----w- C:\JRT 2013-01-14 06:49:45 -------- d-----w- C:\Users\Connected User\AppData\Local\Programs 2013-01-14 06:47:31 -------- d-----w- C:\Users\Connected User\AppData\Local\Updater21804 2013-01-14 06:47:28 -------- d-----w- C:\Users\Connected User\AppData\Local\Coupon Companion Plugin 2013-01-14 06:47:27 -------- d-----w- C:\Users\Connected User\AppData\Local\Google 2013-01-14 06:47:24 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin 2013-01-09 21:09:44 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-12-22 11:07:55 -------- d-----w- C:\MGtools 2012-12-22 10:58:56 -------- d-----w- C:\ProgramData\HitmanPro 2012-12-22 10:22:44 -------- d-----w- C:\Program Files\CCleaner 2012-12-22 10:06:23 -------- d-----w- C:\Users\Connected User\AppData\Roaming\Malwarebytes 2012-12-22 10:06:11 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-22 10:06:10 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-22 10:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-22 09:36:35 -------- d-----w- C:\Users\Connected User\AppData\Roaming\Anvisoft 2012-12-22 09:36:23 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys 2012-12-22 09:36:22 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys 2012-12-22 09:36:22 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys 2012-12-22 09:36:16 -------- d-----w- C:\ProgramData\Anvisoft 2012-12-22 09:36:13 -------- d-----w- C:\Program Files (x86)\Anvisoft 2012-12-21 10:01:12 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 10:01:12 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 10:01:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 10:01:12 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-21 10:00:39 -------- d-----w- C:\Users\Connected User\.swt . ==================== Find3M ==================== . 2013-01-09 08:58:38 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 08:58:38 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-09 01:30:44 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-11-08 18:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll . ============= FINISH: 9:31:09.78 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Connected User at 3:55:26 on 2013-01-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5884.4017 [GMT -7:00] . AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll mWinlogon: Userinit = userinit.exe, BHO: MRI_DISABLED - <orphaned> BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{12CBE31A-C801-4837-931D-733E5B44F586} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\2456C6B696E6E253238373 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\2696261627B6D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\3456E647572797C496E6B673130333 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\74F4543584 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\A43405C4D2055726C69636 : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\A4563757373486279637474496564645F67496675695F657C4966656 : DHCPNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{C52D1AA5-64C2-48F4-8C53-29683BEBBCFC}\D4951444F4E49435 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{CE16D7BF-7522-4382-A62A-3A5EF3F62529} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-19 73856] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-19 28800] R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-19 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys [2012-4-3 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys [2012-4-3 912504] R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2012-12-22 18768] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-8-8 1161376] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120809.001\IDSviA64.sys [2012-8-9 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\ironx64.sys [2012-4-3 171128] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\symnets.sys [2012-4-3 386168] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-19 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-19 202752] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600] R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2012-12-22 23376] R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592] R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2012-12-22 17232] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-22 398184] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-19 689472] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-3-19 20984] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-22 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-19 38456] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/03/19 15:12:14;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-22 682344] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-19 172704] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-19 250984] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-8 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-14 06:49:45 -------- d-----w- C:\Users\Connected User\AppData\Local\Programs 2013-01-14 06:47:31 -------- d-----w- C:\Users\Connected User\AppData\Local\Updater21804 2013-01-14 06:47:28 -------- d-----w- C:\Users\Connected User\AppData\Local\Coupon Companion Plugin 2013-01-14 06:47:27 -------- d-----w- C:\Users\Connected User\AppData\Local\Google 2013-01-14 06:47:24 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin 2013-01-09 21:09:44 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-12-22 11:07:55 -------- d-----w- C:\MGtools 2012-12-22 10:58:56 -------- d-----w- C:\ProgramData\HitmanPro 2012-12-22 10:22:44 -------- d-----w- C:\Program Files\CCleaner 2012-12-22 10:06:23 -------- d-----w- C:\Users\Connected User\AppData\Roaming\Malwarebytes 2012-12-22 10:06:11 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-22 10:06:10 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-22 10:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-22 09:36:35 -------- d-----w- C:\Users\Connected User\AppData\Roaming\Anvisoft 2012-12-22 09:36:23 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys 2012-12-22 09:36:22 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys 2012-12-22 09:36:22 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys 2012-12-22 09:36:16 -------- d-----w- C:\ProgramData\Anvisoft 2012-12-22 09:36:13 -------- d-----w- C:\Program Files (x86)\Anvisoft 2012-12-21 10:01:12 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 10:01:12 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 10:01:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 10:01:12 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-21 10:00:39 -------- d-----w- C:\Users\Connected User\.swt 2012-12-18 00:49:19 -------- d-----w- C:\Program Files (x86)\YTD Toolbar 2012-12-18 00:49:19 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2012-12-18 00:49:19 -------- d-----w- C:\Program Files (x86)\Application Updater . ==================== Find3M ==================== . 2013-01-09 08:58:38 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 08:58:38 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-09 01:30:44 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-11-08 18:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll . ============= FINISH: 3:55:44.19 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/8/2011 4:21:38 PM System Uptime: 1/14/2013 1:54:37 AM (2 hours ago) . Motherboard: Dell Inc. | | 0WTVYR Processor: AMD Phenom II N870 Triple-Core Processor | CPU 1 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 502.577 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_0C45&PID_641D&MI_00\6&24225C4E&0&0000 Manufacturer: Microsoft Name: Integrated Webcam PNP Device ID: USB\VID_0C45&PID_641D&MI_00\6&24225C4E&0&0000 Service: usbvideo . ==== System Restore Points =================== . RP127: 1/9/2013 9:03:52 PM - Scheduled Checkpoint RP128: 1/10/2013 3:00:13 AM - Windows Update RP129: 1/13/2013 2:00:37 AM - Removed Java 7 Update 9 RP130: 1/13/2013 2:03:28 AM - Removed Java 6 Update 23 (64-bit) RP131: 1/13/2013 2:05:02 AM - Removed JavaFX 2.1.1 . ==== Installed Programs ====================== . Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Advanced Audio FX Engine Age of Empires III: Complete Collection Akamai NetSession Interface Anvi Smart Defender 1.8 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager AVG 2012 AVG Security Toolbar AviSynth 2.5 Best Buy pc app Bonjour Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Coupon Companion Plugin CyberLink PowerDVD 9.5 D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Edoc Viewer Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Product Registration Dell Stage Dell Support Center Dell VideoStage Dell Webcam Central Diablo III DirectX 9 Runtime DW WLAN Card Utility HP Officejet 6500 E710n-z Basic Device Software HP Officejet 6500 E710n-z Help HP Update I.R.I.S. OCR IDT Audio Internet Explorer iTunes Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Norton AntiVirus OpenOffice.org 3.3 PhotoShowExpress Quickset64 QuickTime RBVirtualFolder64Inst Realtek USB 2.0 Card Reader Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Sierra Wireless USB MUX Driver Package Sonic CinePlayer Decoder Pack Synaptics Pointing Device Driver System Requirements Lab CYRI Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.01 (32-bit) World of Warcraft Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar YTD Toolbar v6.6 . ==== Event Viewer Messages From Past Week ======== . 1/9/2013 5:42:25 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR20. 1/9/2013 5:32:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR19. 1/9/2013 5:07:57 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 1/8/2013 6:00:57 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17. 1/13/2013 8:28:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 1/13/2013 5:03:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 1/11/2013 3:14:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect. 1/11/2013 3:14:23 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/11/2013 2:48:27 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread . ==== End Of File ===========================

Hey guys, the annoying problem I am having is my laptop (Win7) will consistently become unresponsive. This occurs mainly during programs I launch. Once it becomes unresponsive, I cannot close the program or even pull up Task Manager with Ctrl+Alt+Delete, causing me to force shut down my laptop and power it up again. I began noticing this yesterday when I was on iTunes listening to a podcast. So, I did a quick scan with malwarebytes and it found one threat, which I removed. Next, I did a full scan just to be safe and I got the same unresponsive behavior. This happened again and again whenever I run my Anti Virus's full scan program as well. Is there anything I can do?